Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus


  • This topic is locked This topic is locked
69 replies to this topic

#1 jshams

jshams

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 01 May 2011 - 02:12 PM

I'm trying to help my mother cure a problem she's having with google redirecting her after clicking on her search results. I've run Malwarebytes. Super Anti-spyware and TDSS Killer, but none of them have located anything. I will paste the logs from her computer below. Any help you can provide would be greatly appreciated.


OTL logfile created on: 5/1/2011 2:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 452.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 24.67 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.91 Gb Free Space | 69.05% Space Free | Partition Type: NTFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/01 14:56:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/05/07 14:07:08 | 000,435,120 | ---- | M] () -- C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
PRC - [2007/04/26 11:38:38 | 000,517,040 | ---- | M] ( ) -- C:\Windows\System32\lxdicoms.exe
PRC - [2007/03/15 19:16:42 | 000,454,784 | ---- | M] (Linksys, a Division of Cisco Systems, Inc.) -- C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
PRC - [2007/03/05 08:40:25 | 000,020,480 | ---- | M] (Lexmark) -- C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
PRC - [2007/02/08 01:11:04 | 000,303,104 | ---- | M] (SigmaTel, Inc.) -- C:\Windows\sttray.exe
PRC - [2006/10/20 18:23:38 | 000,118,784 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
PRC - [2006/04/28 10:14:44 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe


========== Modules (SafeList) ==========

MOD - [2011/05/01 14:56:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (CLTNetCnService)
SRV - [2011/04/29 22:57:07 | 000,327,680 | ---- | M] (S.C. BitDefender S.R.L) [On_Demand | Stopped] -- C:\Program Files\Immunet\tetra\scan.dll -- (scan)
SRV - [2007/04/26 11:38:38 | 000,517,040 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdicoms.exe -- (lxdi_device)
SRV - [2007/04/26 11:38:21 | 000,099,248 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe -- (lxdiCATSCustConnectService)
SRV - [2007/03/19 13:44:44 | 000,070,656 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)


========== Driver Services (SafeList) ==========

DRV - [2011/04/29 22:57:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/04/29 22:57:06 | 000,047,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetProtect.sys -- (ImmunetProtectDriver)
DRV - [2011/04/29 22:57:06 | 000,031,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys -- (ImmunetSelfProtectDriver)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 14:15:58 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2007/09/15 04:00:00 | 000,395,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2007/03/22 13:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 13:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2007/03/12 00:49:54 | 000,045,568 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2007/02/25 13:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2007/02/08 01:11:04 | 000,647,680 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/25 01:46:38 | 002,085,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2006/11/20 15:13:58 | 000,043,520 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/20 15:13:58 | 000,037,376 | ---- | M] (REDC) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2006/11/20 15:13:56 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/11/11 19:10:40 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 03:30:55 | 000,200,704 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2006/10/30 11:22:26 | 000,008,192 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)
DRV - [2006/10/05 18:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\URLSearchHook: {c44f9e21-d93f-490c-b41c-b3548bdd19fc} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========


FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/27 14:11:16 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/04/27 14:11:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joan\AppData\Roaming\Mozilla\Extensions
[2011/04/27 14:11:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/09/01 23:00:58 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 13:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2006/09/18 17:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [dscactivate] c:\dell\dsca.exe ( )
O4 - HKLM..\Run: [ECenter] c:\DELL\E-Center\EULALauncher.exe ( )
O4 - HKLM..\Run: [FaxCenterServer] C:\Program Files\Lexmark Fax Solutions\fm3032.exe ()
O4 - HKLM..\Run: [lxdiamon] C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe (Lexmark)
O4 - HKLM..\Run: [lxdimon.exe] C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe ()
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000..\Run: [EasyLinkAdvisor] C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe (Linksys, a Division of Cisco Systems, Inc.)
O4 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\npjpi160.dll (Sun Microsystems, Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.87.71.230 68.87.73.246
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/05/01 14:56:28 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2011/05/01 14:41:09 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Joan\Desktop\GooredFix.exe
[2011/05/01 14:39:42 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\GooredFix Backups
[2011/05/01 13:57:05 | 000,000,000 | ---D | C] -- C:\Users\Joan\Desktop\tdsskiller
[2011/04/30 00:05:30 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
[2011/04/30 00:05:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/04/29 23:54:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Immunet
[2011/04/29 22:57:56 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Immunet
[2011/04/29 22:57:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immunet 3.0
[2011/04/29 22:57:23 | 000,031,952 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
[2011/04/29 22:57:21 | 000,047,440 | ---- | C] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetProtect.sys
[2011/04/29 22:57:13 | 000,304,712 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2011/04/29 22:57:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
[2011/04/29 22:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Immunet
[2011/04/27 14:11:21 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Roaming\Mozilla
[2011/04/27 14:11:21 | 000,000,000 | ---D | C] -- C:\Users\Joan\AppData\Local\Mozilla
[2011/04/27 14:11:15 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2007/12/25 12:06:50 | 000,356,352 | ---- | C] ( ) -- C:\Windows\System32\lxdiinpa.dll
[2007/12/25 12:06:50 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdiiesc.dll
[2007/12/25 12:06:50 | 000,311,296 | ---- | C] ( ) -- C:\Windows\System32\lxdihcp.dll
[2007/12/25 12:06:49 | 001,187,840 | ---- | C] ( ) -- C:\Windows\System32\lxdiserv.dll
[2007/12/25 12:06:49 | 000,942,080 | ---- | C] ( ) -- C:\Windows\System32\lxdiusb1.dll
[2007/12/25 12:06:48 | 000,614,400 | ---- | C] ( ) -- C:\Windows\System32\lxdipmui.dll
[2007/12/25 12:06:48 | 000,532,480 | ---- | C] ( ) -- C:\Windows\System32\lxdilmpm.dll
[2007/12/25 12:06:48 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdiprox.dll
[2007/12/25 12:06:48 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\lxdipplc.dll
[2007/12/25 12:06:47 | 000,320,432 | ---- | C] ( ) -- C:\Windows\System32\lxdiih.exe
[2007/12/25 12:06:46 | 000,671,744 | ---- | C] ( ) -- C:\Windows\System32\lxdihbn3.dll
[2007/12/25 12:06:45 | 000,517,040 | ---- | C] ( ) -- C:\Windows\System32\lxdicoms.exe
[2007/12/25 12:06:45 | 000,360,448 | ---- | C] ( ) -- C:\Windows\System32\lxdicomm.dll
[2007/12/25 12:06:44 | 000,765,952 | ---- | C] ( ) -- C:\Windows\System32\lxdicomc.dll
[2007/12/25 12:06:44 | 000,340,912 | ---- | C] ( ) -- C:\Windows\System32\lxdicfg.exe
[56 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[56 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/01 14:56:32 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Joan\Desktop\OTL.exe
[2011/05/01 14:41:10 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Joan\Desktop\GooredFix.exe
[2011/05/01 13:59:19 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joan\Desktop\TDSSKiller.exe
[2011/05/01 13:59:19 | 000,606,872 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/05/01 13:59:19 | 000,106,082 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/05/01 13:56:53 | 001,263,721 | ---- | M] () -- C:\Users\Joan\Desktop\tdsskiller.zip
[2011/05/01 13:53:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 13:53:42 | 000,003,552 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/05/01 13:53:37 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\oqbhy.job
[2011/05/01 13:53:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/05/01 13:53:29 | 937,476,096 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/30 00:05:31 | 000,001,059 | ---- | M] () -- C:\Users\Joan\Desktop\Revo Uninstaller.lnk
[2011/04/29 22:57:07 | 000,304,712 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2011/04/29 22:57:06 | 000,047,440 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetProtect.sys
[2011/04/29 22:57:06 | 000,031,952 | ---- | M] (Windows ® Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\ImmunetSelfProtect.sys
[2011/04/28 00:00:54 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/27 23:32:25 | 000,007,268 | ---- | M] () -- C:\Users\Joan\AppData\Local\d3d9caps.dat
[2011/04/27 14:11:24 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2011/04/27 14:11:17 | 000,000,872 | ---- | M] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 14:11:17 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 20:24:13 | 000,013,424 | -HS- | M] () -- C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 20:24:13 | 000,013,424 | -HS- | M] () -- C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l
[56 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[56 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/01 13:56:51 | 001,263,721 | ---- | C] () -- C:\Users\Joan\Desktop\tdsskiller.zip
[2011/04/30 00:05:31 | 000,001,059 | ---- | C] () -- C:\Users\Joan\Desktop\Revo Uninstaller.lnk
[2011/04/27 14:11:24 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/04/27 14:11:17 | 000,000,872 | ---- | C] () -- C:\Users\Joan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/27 14:11:17 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/04/27 14:11:17 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/04/19 20:21:53 | 000,013,424 | -HS- | C] () -- C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/04/19 20:21:53 | 000,013,424 | -HS- | C] () -- C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l
[2011/03/06 13:40:56 | 000,069,632 | RHS- | C] () -- C:\Windows\System32\C_20005D.dll
[2011/02/25 12:19:49 | 000,012,316 | -HS- | C] () -- C:\Users\Joan\AppData\Local\3823499586
[2011/02/25 12:19:49 | 000,012,316 | -HS- | C] () -- C:\ProgramData\3823499586
[2010/12/28 11:41:26 | 000,087,552 | ---- | C] () -- C:\Windows\System32\cpwmon2k.dll
[2009/09/27 21:58:02 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/09/27 21:58:01 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2008/12/28 11:56:27 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/04/13 10:47:47 | 000,016,624 | ---- | C] () -- C:\ProgramData\lxdi
[2007/12/25 12:12:27 | 000,344,064 | ---- | C] () -- C:\Windows\System32\lxdicoin.dll
[2007/12/25 12:09:27 | 000,045,056 | ---- | C] () -- C:\Windows\System32\LXF3PMON.DLL
[2007/12/25 12:09:27 | 000,032,768 | ---- | C] () -- C:\Windows\System32\LXF3FXPU.DLL
[2007/12/25 12:09:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\lxf3oem.dll
[2007/12/25 12:09:07 | 000,012,288 | ---- | C] () -- C:\Windows\System32\LXF3PMRC.DLL
[2007/12/25 12:07:05 | 000,000,060 | -H-- | C] () -- C:\Windows\System32\lxdirwrd.ini
[2007/12/25 12:06:50 | 000,294,912 | ---- | C] () -- C:\Windows\System32\lxdiinst.dll
[2007/12/25 12:06:46 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdigrd.dll
[2007/09/16 11:11:28 | 000,007,268 | ---- | C] () -- C:\Users\Joan\AppData\Local\d3d9caps.dat
[2007/09/15 14:51:06 | 000,013,312 | ---- | C] () -- C:\Users\Joan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/09/03 10:18:57 | 003,107,788 | ---- | C] () -- C:\Windows\System32\atiumdva.dat
[2007/09/03 10:18:57 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007/09/03 10:18:57 | 000,138,101 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/09/03 10:18:55 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/09/03 10:18:45 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2007/09/03 02:38:37 | 000,065,536 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2007/09/03 02:38:34 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2007/03/23 15:44:45 | 000,692,224 | ---- | C] () -- C:\Windows\System32\lxdidrs.dll
[2007/02/09 14:07:06 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdicnv4.dll
[2007/01/23 19:40:16 | 000,065,536 | ---- | C] () -- C:\Windows\System32\lxdicaps.dll
[2006/11/07 15:25:58 | 000,000,000 | ---- | C] () -- C:\Windows\System32\px.ini
[2006/11/02 08:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:44:53 | 000,414,368 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 06:33:01 | 000,606,872 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 06:33:01 | 000,106,082 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/17 00:36:50 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/17 00:36:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/08/01 01:53:18 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdivs.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: EXPLORER.EXE >
[2008/10/29 02:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/29 23:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 12:24:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 12:24:57 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/27 22:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 05:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 03:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: WININIT.EXE >
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 03:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 05:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe

< MD5 for: WINLOGON.EXE >
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 02:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 05:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 03:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< >

< End of report >



OTL Extras logfile created on: 5/1/2011 2:58:04 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Joan\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

893.00 Mb Total Physical Memory | 452.00 Mb Available Physical Memory | 51.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 64.45 Gb Total Space | 24.67 Gb Free Space | 38.27% Space Free | Partition Type: NTFS
Drive D: | 10.00 Gb Total Space | 6.91 Gb Free Space | 69.05% Space Free | Partition Type: NTFS

Computer Name: JOAN-PC | User Name: Joan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2383686348-4292671345-4074465936-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"UacDisableNotify" = 1
"InternetSettingsDisableNotify" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2383686348-4292671345-4074465936-1000]
"EnableNotifications" = 0
"EnableNotificationsRef" = 1

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{38728E90-33AC-4807-8F81-9A3B5738DD3A}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BA3C75-DA6D-4770-8F93-FA87832045B9}" = protocol=6 | dir=in | app=c:\windows\system32\lxdiih.exe |
"{042B2BAC-03EE-442D-B9B8-88EC96270645}" = protocol=17 | dir=in | app=c:\windows\system32\lxdiih.exe |
"{0499B0DF-3BE8-4E85-826F-91946207F6F6}" = protocol=6 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{0CC87EED-E881-4768-B1D6-7DDE7544A1EE}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{155B96FD-1BBC-4831-9519-7A4527412861}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"{34CEAE5A-67A3-41E1-BD74-ABFA4705B45B}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{38C6F614-713B-443C-A2EE-0A339347B7FD}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{3D5C1FB4-3A5D-4FF6-9FDE-1CFE3BFD4816}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\wireless\lxdiwpss.exe |
"{40418181-A1CE-47EE-BC50-D92D83032A83}" = protocol=17 | dir=in | app=c:\users\joan\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{545FDEAA-A627-44DE-B8CD-19F9E180E957}" = protocol=17 | dir=in | app=c:\program files\abbyy finereader 6.0 sprint\scan\scanman6.exe |
"{54EE92C9-6F35-4D88-913F-B715F05DAC0A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{575C0E34-DDA3-411A-9986-37508ECF6799}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"{5DED01D9-8296-4403-AA48-1ED6029C7B8A}" = protocol=17 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{5F3545ED-5086-4515-B9C4-3A4008B82AD7}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"{7CCFBAE2-D6F8-455C-AB08-110EF4D06366}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"{84D3D16A-0621-4398-9A86-3FC03AE307F1}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{9426BA22-7E8E-4A9C-887F-15F7BC962B7D}" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{94F46859-6F8E-4BCE-BE43-7B2B2046C854}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{A680AAF8-C3BC-4433-A2F4-D26E9C768998}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{A867380E-413D-48E3-994E-1F347690F8F6}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"{AE8695AC-538E-4E68-ACA4-743A370AA162}" = protocol=6 | dir=in | app=c:\windows\system32\lxdicoms.exe |
"{C5F42327-9709-45A4-BB35-60CF8CBF95F8}" = protocol=6 | dir=in | app=c:\program files\lexmark fax solutions\faxctr.exe |
"{C7DA9F56-CD56-4A81-AE9D-786325AD9ABB}" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\wireless\lxdiwpss.exe |
"{C878BE01-BD7B-440B-806C-747F9EEA6FFE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{CFD01FFA-1699-4883-B156-FA8B50CDBC31}" = protocol=17 | dir=in | app=c:\windows\system32\lxdicfg.exe |
"{D11276DE-AAC6-49AA-A8D2-69BB2EF40BE2}" = protocol=6 | dir=in | app=c:\users\joan\appdata\local\temp\lxdi\wireless\english\lxdiwpss.exe |
"{D8BF33D2-67BA-4766-9954-C69553C569F5}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{E821EDDC-CE15-4388-91AE-E9C2D2517C28}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxditime.exe |
"TCP Query User{1815C39B-8BE6-4FE5-A042-5682B5F849D1}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"TCP Query User{1A6597AD-313F-4DEA-85BB-18AE8AC9391E}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"TCP Query User{5AE858CB-5ACB-46E7-82E5-901295EF15AB}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{5B8CCC75-8044-44EE-B025-C356BDFE7050}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=6 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"TCP Query User{C4859EC9-6B5F-47AB-8374-9677675CB805}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |
"UDP Query User{12DA2F63-76CE-4992-A2B4-07979CE83E74}C:\program files\lexmark 3500-4500 series\lxdimon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdimon.exe |
"UDP Query User{7FEC8C0A-7655-4931-8E47-336228BA7794}C:\program files\lexmark 3500-4500 series\lxdiamon.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\lxdiamon.exe |
"UDP Query User{AD39E8EF-FDAB-41CD-A142-BB760646D8BB}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{B2B56EC7-C852-4C75-95B0-8FE5CCE2053B}C:\program files\lexmark 3500-4500 series\app4r.exe" = protocol=17 | dir=in | app=c:\program files\lexmark 3500-4500 series\app4r.exe |
"UDP Query User{C1E56487-DF47-4314-915D-668AF7F3096A}C:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdipswx.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{13BA7B44-B712-4DEE-A7B8-1DD564F37AE5}" = Dell System Customization Wizard
"{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD
"{2C6C74C2-042F-4D36-B7B0-0C538FCF01AB}" = Dell DataSafe Online
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E25E350-949F-4DB7-8288-2A60E018B4C1}" = Games, Music, & Photos Launcher
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{880AF49C-34F7-4285-A8AD-8F7A3D1C33DC}" = Roxio Creator BDAV Plugin
"{89CEAE14-DD0F-448E-9554-15781EC9DB24}" = Product Documentation Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6EE99EA-420C-4FA6-8A7C-FDB60D278855}" = VS10RuntimeWin32
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{D88C3E7C-1DA6-4AD7-97FC-75BC8705B266}" = runtime
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E713653C-8312-4BC6-AFC9-ADE1F2F04AB9}" = ATI PCI Express (3GIO) Filter Driver
"{EAB9C426-6626-7B76-64F3-569FDCA9852D}" = ATI Catalyst Control Center Ex
"{F63A3748-B93D-4360-9AD4-B064481A5C7B}" = Modem Diagnostic Tool
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CutePDF Writer Installation" = CutePDF Writer 2.8
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0032)
"ENTERPRISER" = Microsoft Office Enterprise 2007
"Lexmark 3500-4500 Series" = Lexmark 3500-4500 Series
"Lexmark Fax Solutions" = Lexmark Fax Solutions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Revo Uninstaller" = Revo Uninstaller 1.92
"SynTPDeinstKey" = Synaptics Pointing Device Driver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/25/2010 3:49:59 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/26/2010 9:26:43 AM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/26/2010 2:24:06 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/28/2010 3:59:25 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/29/2010 9:26:33 AM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/29/2010 7:27:17 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/30/2010 7:09:02 AM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/30/2010 9:25:44 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/30/2010 9:34:43 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

Error - 3/31/2010 9:09:54 PM | Computer Name = Joan-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =

[ Broadcom Wireless LAN Events ]
Error - 11/24/2010 12:45:56 PM | Computer Name = Joan-PC | Source = WLAN-Tray | ID = 0
Description = 11:45:56, Wed, Nov 24, 10 Error - Unable to gain access to user store


Error - 4/26/2011 2:14:47 PM | Computer Name = Joan-PC | Source = WLAN-Tray | ID = 0
Description = 14:14:46, Tue, Apr 26, 11 Error - Unable to gain access to user store


[ OSession Events ]
Error - 9/9/2008 6:28:17 PM | Computer Name = Joan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 2008
seconds with 1980 seconds of active time. This session ended with a crash.

Error - 9/9/2008 6:37:03 PM | Computer Name = Joan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 33
seconds with 0 seconds of active time. This session ended with a crash.

Error - 9/9/2008 6:42:50 PM | Computer Name = Joan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6308.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 313
seconds with 240 seconds of active time. This session ended with a crash.

Error - 6/8/2009 10:11:35 AM | Computer Name = Joan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 1463
seconds with 1020 seconds of active time. This session ended with a crash.

Error - 6/8/2009 10:50:22 AM | Computer Name = Joan-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6331.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 783
seconds with 660 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 4/29/2011 11:54:03 PM | Computer Name = Joan-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 4/29/2011 11:55:47 PM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 4/29/2011 11:55:47 PM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 4/30/2011 12:08:53 AM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 4/30/2011 12:09:22 AM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7011
Description =

Error - 5/1/2011 9:38:42 AM | Computer Name = Joan-PC | Source = DCOM | ID = 10010
Description =

Error - 5/1/2011 1:53:30 PM | Computer Name = Joan-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 5/1/2011 1:53:30 PM | Computer Name = Joan-PC | Source = R300 | ID = 43015
Description = I2c return failed

Error - 5/1/2011 1:55:11 PM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 5/1/2011 1:55:11 PM | Computer Name = Joan-PC | Source = Service Control Manager | ID = 7000
Description =


< End of report >

BC AdBot (Login to Remove)

 


#2 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 03 May 2011 - 03:47 AM

:welcome to BC!

Please post the logs from GooredFix, MBAM, Superantispyware and TDSSKiller in your reply.

Please also follow Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help, as instructed above this topic and post the logs.

Edited by heir, 03 May 2011 - 05:09 AM.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#3 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 May 2011 - 09:50 PM

I can't get SuperAnti Spyware to open anymore, so I can't get a log for that.



GooredFix by jpshortstuff (03.07.10.1)
Log created at 14:41 on 01/05/2011 (Joan)
Firefox version 4.0 (en-US)

========== GooredScan ==========


========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [18:11 27/04/2011]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:13 21/08/2009]

---------- Old Logs ----------
GooredFix[18.39.42_01-05-2011].txt

-=E.O.F=-


2011/05/03 22:45:46.0841 0776 TDSS rootkit removing tool 2.5.0.0 May 1 2011 14:20:16
2011/05/03 22:45:47.0185 0776 ================================================================================
2011/05/03 22:45:47.0185 0776 SystemInfo:
2011/05/03 22:45:47.0185 0776
2011/05/03 22:45:47.0185 0776 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/03 22:45:47.0185 0776 Product type: Workstation
2011/05/03 22:45:47.0185 0776 ComputerName: JOAN-PC
2011/05/03 22:45:47.0216 0776 UserName: Joan
2011/05/03 22:45:47.0216 0776 Windows directory: C:\Windows
2011/05/03 22:45:47.0216 0776 System windows directory: C:\Windows
2011/05/03 22:45:47.0216 0776 Processor architecture: Intel x86
2011/05/03 22:45:47.0216 0776 Number of processors: 2
2011/05/03 22:45:47.0216 0776 Page size: 0x1000
2011/05/03 22:45:47.0216 0776 Boot type: Normal boot
2011/05/03 22:45:47.0216 0776 ================================================================================
2011/05/03 22:45:47.0857 0776 Initialize success
2011/05/03 22:45:53.0591 0944 ================================================================================
2011/05/03 22:45:53.0591 0944 Scan started
2011/05/03 22:45:53.0591 0944 Mode: Manual;
2011/05/03 22:45:53.0591 0944 ================================================================================
2011/05/03 22:45:56.0419 0944 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/05/03 22:45:56.0747 0944 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/05/03 22:45:57.0075 0944 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/05/03 22:45:57.0185 0944 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/05/03 22:45:57.0247 0944 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/05/03 22:45:57.0388 0944 AFD (a201207363aa900abf1a388468688570) C:\Windows\system32\drivers\afd.sys
2011/05/03 22:45:57.0497 0944 agp440 (8b10ce1c1f9f1d47e4deb1a547a00cd4) C:\Windows\system32\drivers\agp440.sys
2011/05/03 22:45:57.0544 0944 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/05/03 22:45:57.0669 0944 aliide (dc67a153fdb8105b25d05334b5e1d8e2) C:\Windows\system32\drivers\aliide.sys
2011/05/03 22:45:57.0778 0944 amdagp (848f27e5b27c1c253f6cefdc1a5d8f21) C:\Windows\system32\drivers\amdagp.sys
2011/05/03 22:45:57.0825 0944 amdide (835c4c3355088298a5ebd818fa31430f) C:\Windows\system32\drivers\amdide.sys
2011/05/03 22:45:57.0872 0944 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/05/03 22:45:57.0919 0944 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
2011/05/03 22:45:58.0028 0944 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/05/03 22:45:58.0107 0944 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/05/03 22:45:58.0169 0944 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/03 22:45:58.0247 0944 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/05/03 22:45:58.0388 0944 AtiPcie (a356e45e8432432c06981ea63a1e0fe8) C:\Windows\system32\DRIVERS\AtiPcie.sys
2011/05/03 22:45:58.0497 0944 BCM43XX (509f672686af40f95859fde67108449b) C:\Windows\system32\DRIVERS\bcmwl6.sys
2011/05/03 22:45:58.0607 0944 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/05/03 22:45:58.0747 0944 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/05/03 22:45:59.0403 0944 bowser (74b442b2be1260b7588c136177ceac66) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/03 22:45:59.0466 0944 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/03 22:45:59.0575 0944 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/05/03 22:45:59.0653 0944 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/05/03 22:45:59.0716 0944 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/05/03 22:45:59.0763 0944 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/03 22:45:59.0810 0944 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/05/03 22:45:59.0888 0944 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/05/03 22:45:59.0997 0944 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/03 22:46:00.0122 0944 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/03 22:46:00.0200 0944 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/05/03 22:46:00.0232 0944 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/05/03 22:46:00.0372 0944 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/05/03 22:46:00.0435 0944 cmdide (e79cbb2195e965f6e3256e2c1b23fd1c) C:\Windows\system32\drivers\cmdide.sys
2011/05/03 22:46:00.0528 0944 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/05/03 22:46:00.0560 0944 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/03 22:46:00.0607 0944 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/05/03 22:46:00.0732 0944 DfsC (218d8ae46c88e82014f5d73d0236d9b2) C:\Windows\system32\Drivers\dfsc.sys
2011/05/03 22:46:00.0888 0944 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/05/03 22:46:00.0950 0944 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/05/03 22:46:01.0060 0944 DSproct (413f2d5f9d802688242c23b38f767ecb) C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
2011/05/03 22:46:01.0153 0944 dsunidrv (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\dsunidrv.sys
2011/05/03 22:46:01.0232 0944 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/03 22:46:01.0357 0944 e1express (7505290504c8e2d172fa378cc0497bcc) C:\Windows\system32\DRIVERS\e1e6032.sys
2011/05/03 22:46:01.0544 0944 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/05/03 22:46:01.0888 0944 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/05/03 22:46:02.0013 0944 eeCtrl (31c959319ef45b548d2111e338412270) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
2011/05/03 22:46:02.0138 0944 elagopro (7ec42ec12a4bac14bcca99fb06f2d125) C:\Windows\system32\DRIVERS\elagopro.sys
2011/05/03 22:46:02.0185 0944 elaunidr (dfeabb7cfffadea4a912ab95bdc3177a) C:\Windows\system32\DRIVERS\elaunidr.sys
2011/05/03 22:46:02.0263 0944 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/05/03 22:46:02.0435 0944 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/05/03 22:46:02.0497 0944 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/05/03 22:46:02.0560 0944 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/03 22:46:02.0622 0944 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/05/03 22:46:02.0716 0944 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/05/03 22:46:02.0778 0944 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/03 22:46:02.0841 0944 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/05/03 22:46:02.0966 0944 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/03 22:46:03.0013 0944 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/03 22:46:03.0107 0944 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/05/03 22:46:03.0216 0944 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/03 22:46:03.0325 0944 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/05/03 22:46:03.0388 0944 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/05/03 22:46:03.0435 0944 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/03 22:46:03.0497 0944 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/05/03 22:46:03.0591 0944 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
2011/05/03 22:46:03.0716 0944 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
2011/05/03 22:46:03.0763 0944 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
2011/05/03 22:46:03.0888 0944 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/05/03 22:46:04.0216 0944 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/03 22:46:04.0685 0944 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/05/03 22:46:04.0825 0944 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/05/03 22:46:04.0919 0944 ImmunetProtectDriver (e690d5b9fba32bc1ccd47c2a907e981e) C:\Windows\system32\DRIVERS\ImmunetProtect.sys
2011/05/03 22:46:04.0966 0944 ImmunetSelfProtectDriver (d7c401435eca9f5feaf82894a99bb85e) C:\Windows\system32\DRIVERS\ImmunetSelfProtect.sys
2011/05/03 22:46:05.0122 0944 intelide (0084046c084d68e494f8cf36bcf08186) C:\Windows\system32\drivers\intelide.sys
2011/05/03 22:46:05.0153 0944 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/03 22:46:05.0216 0944 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/03 22:46:05.0388 0944 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/03 22:46:05.0450 0944 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/03 22:46:05.0497 0944 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/05/03 22:46:05.0544 0944 isapnp (2f8ece2699e7e2070545e9b0960a8ed2) C:\Windows\system32\drivers\isapnp.sys
2011/05/03 22:46:05.0653 0944 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/03 22:46:05.0732 0944 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/05/03 22:46:05.0794 0944 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/05/03 22:46:05.0841 0944 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/03 22:46:05.0966 0944 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/03 22:46:06.0028 0944 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/03 22:46:06.0169 0944 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/03 22:46:06.0247 0944 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/03 22:46:06.0278 0944 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/03 22:46:06.0341 0944 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/03 22:46:06.0388 0944 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/05/03 22:46:06.0528 0944 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/03 22:46:06.0591 0944 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/05/03 22:46:06.0685 0944 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/05/03 22:46:06.0903 0944 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/03 22:46:07.0310 0944 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/03 22:46:07.0388 0944 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/03 22:46:07.0450 0944 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/05/03 22:46:07.0591 0944 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/05/03 22:46:07.0653 0944 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/03 22:46:07.0716 0944 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/03 22:46:07.0778 0944 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/05/03 22:46:07.0888 0944 mrxsmb (454341e652bdf5e01b0f2140232b073e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/03 22:46:07.0935 0944 mrxsmb10 (2a4901aff069944fa945ed5bbf4dcde3) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/03 22:46:07.0966 0944 mrxsmb20 (28b3f1ab44bdd4432c041581412f17d9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/03 22:46:08.0028 0944 msahci (d420bc42a637ac3cc4f411220549c0dc) C:\Windows\system32\drivers\msahci.sys
2011/05/03 22:46:08.0122 0944 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/05/03 22:46:08.0200 0944 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/05/03 22:46:08.0263 0944 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/05/03 22:46:08.0403 0944 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/03 22:46:08.0497 0944 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/03 22:46:08.0560 0944 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/05/03 22:46:08.0669 0944 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/05/03 22:46:08.0732 0944 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/03 22:46:08.0778 0944 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/05/03 22:46:08.0810 0944 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/05/03 22:46:08.0888 0944 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/03 22:46:09.0013 0944 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/05/03 22:46:09.0091 0944 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/03 22:46:09.0138 0944 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/03 22:46:09.0232 0944 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/03 22:46:09.0310 0944 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/05/03 22:46:09.0575 0944 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/03 22:46:09.0950 0944 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/03 22:46:10.0028 0944 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/05/03 22:46:10.0153 0944 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/05/03 22:46:10.0216 0944 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/03 22:46:10.0310 0944 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/05/03 22:46:10.0435 0944 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/05/03 22:46:10.0497 0944 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/05/03 22:46:10.0544 0944 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/05/03 22:46:10.0575 0944 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/05/03 22:46:10.0622 0944 nv_agp (055081fd5076401c1ee1bcab08d81911) C:\Windows\system32\drivers\nv_agp.sys
2011/05/03 22:46:10.0825 0944 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
2011/05/03 22:46:10.0903 0944 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/05/03 22:46:10.0950 0944 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/05/03 22:46:11.0060 0944 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/05/03 22:46:11.0122 0944 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/05/03 22:46:11.0169 0944 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
2011/05/03 22:46:11.0232 0944 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2011/05/03 22:46:11.0372 0944 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/05/03 22:46:11.0591 0944 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/03 22:46:11.0653 0944 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/05/03 22:46:11.0747 0944 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/03 22:46:11.0841 0944 PxHelp20 (feffcfdc528764a04c8ed63d5fa6e711) C:\Windows\system32\Drivers\PxHelp20.sys
2011/05/03 22:46:12.0278 0944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/05/03 22:46:12.0669 0944 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/05/03 22:46:12.0982 0944 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/03 22:46:13.0122 0944 R300 (554685122b4f973e21d66c2baaf29543) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/03 22:46:13.0247 0944 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/03 22:46:13.0325 0944 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/03 22:46:13.0388 0944 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/03 22:46:13.0435 0944 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/03 22:46:13.0544 0944 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/03 22:46:13.0607 0944 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/03 22:46:13.0669 0944 rdpdr (0245418224cfa77bf4b41c2fe0622258) C:\Windows\system32\drivers\rdpdr.sys
2011/05/03 22:46:13.0732 0944 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/03 22:46:13.0810 0944 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/05/03 22:46:13.0903 0944 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys
2011/05/03 22:46:13.0966 0944 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\drivers\rimsptsk.sys
2011/05/03 22:46:13.0997 0944 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\drivers\rixdptsk.sys
2011/05/03 22:46:14.0075 0944 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/03 22:46:14.0200 0944 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/05/03 22:46:14.0232 0944 SASENUM (7ce61c25c159f50f9eaf6d77fc83fa35) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
2011/05/03 22:46:14.0263 0944 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/05/03 22:46:14.0372 0944 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/05/03 22:46:14.0466 0944 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
2011/05/03 22:46:14.0513 0944 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/05/03 22:46:14.0575 0944 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/05/03 22:46:14.0685 0944 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/05/03 22:46:14.0747 0944 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/05/03 22:46:14.0825 0944 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys
2011/05/03 22:46:14.0857 0944 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/03 22:46:14.0872 0944 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/03 22:46:15.0013 0944 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/05/03 22:46:15.0200 0944 sisagp (08072b2fb92477fc813271a84b3a8698) C:\Windows\system32\drivers\sisagp.sys
2011/05/03 22:46:15.0403 0944 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/05/03 22:46:15.0450 0944 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/05/03 22:46:15.0528 0944 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/05/03 22:46:15.0622 0944 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/05/03 22:46:15.0685 0944 srv (ff3cbc13db84d81f56931bc922cc37c4) C:\Windows\system32\DRIVERS\srv.sys
2011/05/03 22:46:15.0747 0944 srv2 (d15959d9f69f0d39a0153e9c244f20dd) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/03 22:46:15.0794 0944 srvnet (faa0d553a49e85008c6bb3781987c574) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/03 22:46:15.0872 0944 STHDA (9cea131b5eb0ea653f6b3ea80b54956d) C:\Windows\system32\drivers\stwrt.sys
2011/05/03 22:46:16.0013 0944 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/03 22:46:16.0060 0944 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/05/03 22:46:16.0091 0944 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/05/03 22:46:16.0122 0944 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/05/03 22:46:16.0200 0944 SynTP (1f5192248a364d4ab68db063d18a2139) C:\Windows\system32\DRIVERS\SynTP.sys
2011/05/03 22:46:16.0357 0944 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/05/03 22:46:16.0419 0944 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/03 22:46:16.0482 0944 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/03 22:46:16.0560 0944 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/05/03 22:46:16.0638 0944 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/05/03 22:46:16.0685 0944 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/03 22:46:16.0732 0944 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/03 22:46:16.0888 0944 Trufos (d391f1171a2e3a7080df6faae7a20c0b) C:\Windows\system32\DRIVERS\Trufos.sys
2011/05/03 22:46:16.0982 0944 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/03 22:46:17.0075 0944 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/03 22:46:17.0153 0944 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/03 22:46:17.0200 0944 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/05/03 22:46:17.0263 0944 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/03 22:46:17.0560 0944 uliagpkx (6d72ef05921abdf59fc45c7ebfe7e8dd) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/03 22:46:17.0778 0944 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/05/03 22:46:17.0935 0944 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/05/03 22:46:18.0013 0944 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/05/03 22:46:18.0075 0944 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/03 22:46:18.0153 0944 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/03 22:46:18.0232 0944 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/05/03 22:46:18.0310 0944 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/03 22:46:18.0341 0944 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/03 22:46:18.0388 0944 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
2011/05/03 22:46:18.0450 0944 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/03 22:46:18.0528 0944 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/03 22:46:18.0607 0944 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/03 22:46:18.0669 0944 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/03 22:46:18.0763 0944 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/03 22:46:18.0857 0944 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/05/03 22:46:18.0903 0944 viaagp (d5929a28bdff4367a12caf06af901971) C:\Windows\system32\drivers\viaagp.sys
2011/05/03 22:46:18.0919 0944 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/05/03 22:46:18.0982 0944 viaide (f3b4762eb85a2aff4999401f14c3262b) C:\Windows\system32\drivers\viaide.sys
2011/05/03 22:46:19.0075 0944 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/05/03 22:46:19.0153 0944 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/05/03 22:46:19.0232 0944 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/05/03 22:46:19.0310 0944 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/05/03 22:46:19.0372 0944 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/05/03 22:46:19.0419 0944 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 22:46:19.0435 0944 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/03 22:46:19.0497 0944 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/05/03 22:46:19.0591 0944 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/03 22:46:19.0794 0944 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
2011/05/03 22:46:20.0341 0944 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/05/03 22:46:20.0419 0944 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/03 22:46:20.0560 0944 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/03 22:46:20.0622 0944 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
2011/05/03 22:46:20.0763 0944 ================================================================================
2011/05/03 22:46:20.0763 0944 Scan finished
2011/05/03 22:46:20.0763 0944 ================================================================================


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6460

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

4/30/2011 1:16:46 AM
mbam-log-2011-04-30 (01-16-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 259427
Time elapsed: 57 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#4 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 03 May 2011 - 11:00 PM

Got SuperAnti Spyware Running finally, here's the log

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 05/03/2011 at 11:49 PM

Application Version : 4.49.1000

Core Rules Database Version : 6983
Trace Rules Database Version: 4795

Scan type : Complete Scan
Total Scan Time : 00:50:16

Memory items scanned : 753
Memory threats detected : 0
Registry items scanned : 8696
Registry threats detected : 0
File items scanned : 32351
File threats detected : 18

Adware.Tracking Cookie
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@www.trackimizer[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@diablomedia[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@apmebf[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@adbrite[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@mediaplex[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@login.tracking101[2].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@atdmt[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@track.freezinger[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@invitemedia[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@ad.yieldmanager[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@ads.bleepingcomputer[2].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@www.trackimizer[2].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@doubleclick[1].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@solvemedia[2].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@kontera[2].txt
C:\Users\Joan\AppData\Roaming\Microsoft\Windows\Cookies\joan@collective-media[2].txt
a.ads2.msads.net [ C:\Users\Joan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9PRCYJ5W ]
media.benchmark.fr [ C:\Users\Joan\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\9PRCYJ5W ]


DDS log is here:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joan at 23:54:06.20 on Tue 05/03/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.295 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\sttray.exe
C:\Windows\system32\lxdicoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
c:\program files\common files\installshield\updateservice\isuspm.exe
C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\taskeng.exe
C:\Users\Joan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.

Thanks again for your assistance. Please let me know if there is anything else you need.

#5 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 04 May 2011 - 12:57 AM

Thanks!

A misunderstanding. Sorry badly phrased by me. :(
I did not want you to run tools to generate new logs.
I wanted you to paste in the ones generate when you ran them before. We'll take care off that below.

Also your post got cut off. Probably the forum-software, not your fault.
Please use the Preview post - button to verify your post before submitting it, making sure everything will be posted.
If not posts can be split up or you can attach long logs.

  • There should be another GooredFix-log as well: GooredFix[18.39.42_01-05-2011].txt
    Please look in the root C:\ for the logs from TDSSKiller, they should look like "TDSSKiller.[Version]_[Date]_[Time]_log.txt".
    Please zip all of them and attach the zipped file in your reply.
  • Superantispyware logs should be in this folder:
    C:\Users\Joan\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\Logs
    Zip them and attach the zipped file in your reply.
  • Your post got cut off, the logs from DDS is incomplete
    Please repost dds.txt and Attach.txt from your desktop.
  • Please also repost the log from GMER.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#6 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 May 2011 - 10:35 PM

I can't find either the TDSS or Superantispyware logs anywhere. There is no AppData folder in "Joan".

Not sure where to go with this. I will post the other logs you requested.

#7 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 May 2011 - 10:38 PM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joan at 23:35:54.88 on Thu 05/05/2011
Internet Explorer: 7.0.6002.18005
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.893.317 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\lxdicoms.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe
C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\sttray.exe
C:\Program Files\Linksys EasyLink Advisor\LinksysAgent.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Joan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
TB: {38542454-DFB6-44F5-B052-D4E071A3D073} - No File
TB: {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [EasyLinkAdvisor] "c:\program files\linksys easylink advisor\LinksysAgent.exe" /startup
uRun: [updateMgr] "c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [dscactivate] c:\dell\dsca.exe 3
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [lxdimon.exe] "c:\program files\lexmark 3500-4500 series\lxdimon.exe"
mRun: [lxdiamon] "c:\program files\lexmark 3500-4500 series\lxdiamon.exe"
mRun: [FaxCenterServer] "c:\program files\\lexmark fax solutions\fm3032.exe" /s
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0\bin\npjpi160.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joan\appdata\roaming\mozilla\firefox\profiles\4n49x9zs.default\
FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\drivers\ImmunetProtect.sys [2011-4-29 47440]
R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\drivers\ImmunetSelfProtect.sys [2011-4-29 31952]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-11 21504]
R2 lxdi_device;lxdi_device;c:\windows\system32\lxdicoms.exe -service --> c:\windows\system32\lxdicoms.exe -service [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 lxdiCATSCustConnectService;lxdiCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdiserv.exe [2007-4-26 99248]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-04-30 04:05:29 -------- d-----w- c:\program files\VS Revo Group
2011-04-30 03:54:26 -------- d-----w- c:\progra~2\Immunet
2011-04-30 02:57:56 -------- d-----w- c:\users\joan\appdata\local\Immunet
2011-04-30 02:57:23 31952 ----a-w- c:\windows\system32\drivers\ImmunetSelfProtect.sys
2011-04-30 02:57:21 47440 ----a-w- c:\windows\system32\drivers\ImmunetProtect.sys
2011-04-30 02:57:13 304712 ----a-w- c:\windows\system32\drivers\Trufos.sys
2011-04-30 02:57:05 -------- d-----w- c:\program files\Immunet
.
==================== Find3M ====================
.
2011-03-06 17:40:56 69632 --sha-r- c:\windows\system32\C_20005D.dll
.
============= FINISH: 23:36:38.82 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 9/3/2007 2:26:12 AM
System Uptime: 5/5/2011 11:23:19 PM (0 hours ago)
.
Motherboard: Dell Inc. | | 0UW744
Processor: AMD Athlon™ 64 X2 Dual-Core Processor TK-53 | Socket M2/S1G1 | 1700/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 64 GiB total, 24.558 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.905 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark 3500-4500 Series
Device ID: ROOT\IMAGE\0000
Manufacturer: Lexmark
Name: Lexmark 3500-4500 Series #2
PNP Device ID: ROOT\IMAGE\0000
Service: usbscan
.
Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Description: Lexmark 3500-4500 Series
Device ID: ROOT\IMAGE\0001
Manufacturer: Lexmark
Name: Lexmark 3500-4500 Series #3
PNP Device ID: ROOT\IMAGE\0001
Service: usbscan
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 7.0.9
ATI Catalyst Control Center Ex
ATI PCI Express (3GIO) Filter Driver
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.8
Dell DataSafe Online
Dell System Customization Wizard
Dell Wireless WLAN Card
DellSupport
Digital Line Detect
DivX Content Uploader
DivX Web Player
Drivers Install For Linksys Easylink Advisor
Games, Music, & Photos Launcher
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Java™ SE Runtime Environment 6
Lexmark 3500-4500 Series
Lexmark Fax Solutions
Linksys EasyLink Advisor 1.6 (0032)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Modem Diagnostic Tool
Mozilla Firefox 4.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
OGA Notifier 2.0.0048.0
PowerDVD
Product Documentation Launcher
Revo Uninstaller 1.92
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio MyDVD DE
Roxio Update Manager
runtime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SigmaTel Audio
Sonic Activation Module
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2492475)
VS10RuntimeWin32
.
==== End Of File ===========================

#8 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 05 May 2011 - 11:31 PM

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-06 00:29:18
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS541680J9SA00 rev.SB2OC7KP
Running: gmer.exe; Driver: C:\Users\Joan\AppData\Local\Temp\pxldypog.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Joan\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!ExtTextOutW 7705872B 5 Bytes JMP 04B2CEEB
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!GetGlyphIndicesW 7705B765 5 Bytes JMP 04B2D378
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!ExtTextOutA 770600A5 5 Bytes JMP 04B2CE07
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!TextOutA 77060BAB 5 Bytes JMP 04B2C8EB
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!TextOutW 77060D6D 5 Bytes JMP 04B2C9B7
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] GDI32.dll!GetGlyphIndicesA 77079DC0 5 Bytes JMP 04B2D2AB
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DrawTextExW 770D91CE 5 Bytes JMP 04B2CD20
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DrawTextW 770D97D3 5 Bytes JMP 04B2CB5E
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DrawTextA 770E558D 5 Bytes JMP 04B2CA83
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DrawTextExA 770E55C4 5 Bytes JMP 04B2CC39
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamW 770F10B0 5 Bytes JMP 04B2BC13
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamW 770F2EF5 5 Bytes JMP 6EE3BBB2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!SetClipboardData 77106410 5 Bytes JMP 04B2C7D4
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxParamA 77108152 5 Bytes JMP 6EE3BB77 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!DialogBoxIndirectParamA 7710847D 5 Bytes JMP 6EE3BBED C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectA 7711D4D9 5 Bytes JMP 6EE3BB33 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxIndirectW 7711D5D3 5 Bytes JMP 6EE3BAEF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExA 7711D639 5 Bytes JMP 6EE3BAB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] USER32.dll!MessageBoxExW 7711D65D 5 Bytes JMP 6EE3BA7B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ole32.dll!OleLoadFromStream 76B51E80 5 Bytes JMP 6EE3BDAF C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!closesocket 767A330C 5 Bytes JMP 04B2C72D
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!recv 767A343A 5 Bytes JMP 04B2C347
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!GetAddrInfoW 767A3D12 5 Bytes JMP 04B2B86D
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!getaddrinfo 767A418A 5 Bytes JMP 04B2B78D
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!WSASend 767A4496 5 Bytes JMP 04B2C3F5
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!send 767A659B 5 Bytes JMP 04B2C2A2
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!WSARecv 767A8400 5 Bytes JMP 04B2C4C9
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!WSAAsyncGetHostByName 767B5FB9 5 Bytes JMP 04B2BB34
.text C:\Program Files\Internet Explorer\iexplore.exe[4016] ws2_32.dll!gethostbyname 767B62D4 5 Bytes JMP 04B2B6CC

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#9 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 06 May 2011 - 02:26 AM

Let's move on.

Has Symantec/Norton products been installed on this computer and then removed?

Step 1.
OTL-fix:

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found.
    O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {38542454-DFB6-44F5-B052-D4E071A3D073} - No CLSID value found.
    O3 - HKU\S-1-5-21-2383686348-4292671345-4074465936-1000\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    [2011/05/01 13:53:37 | 000,000,302 | -HS- | M] () -- C:\Windows\tasks\oqbhy.job
    [2011/04/19 20:24:13 | 000,013,424 | -HS- | M] () -- C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 20:24:13 | 000,013,424 | -HS- | M] () -- C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 20:21:53 | 000,013,424 | -HS- | C] () -- C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/04/19 20:21:53 | 000,013,424 | -HS- | C] () -- C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l
    [2011/02/25 12:19:49 | 000,012,316 | -HS- | C] () -- C:\Users\Joan\AppData\Local\3823499586
    [2011/02/25 12:19:49 | 000,012,316 | -HS- | C] () -- C:\ProgramData\3823499586
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL fixlog


Step 2.
aswMBR:

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Posted Image

Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply


Step 3.
OTL-scan:


  • Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Standard Output.
  • Underneath the option Extra Registry change it to Use SafeList.
  • Underneath the option File Scans set the File Age to 90 Days
  • Underneath the option File Scans check the boxes beside Use Company Name WhiteList, Skip Microsoft Files, LOP Check, Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    drivers32
    %SYSTEMDRIVE%\*.exe
    %SYSTEMDRIVE%\*.txt
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32.sys
    ahcix86s.sys
    nvrd32.sys
    symmpi.sys
    adp3132.sys
    mv61xx.sys
    nvraid.sys
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open a notepad windows. OTL.Txt that's saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the content of that file and post it with your next reply.

Step 4.
Things I would like to see in your reply:

  • The answer to the question in the beginning of this post.
  • The content of the fix-log from OTL in step 1.
  • The content of the log from aswMBR in step 2.
  • The content of OTL.txt from step 3.
  • Are you still being redirected?

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#10 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 06 May 2011 - 07:55 AM

Thanks. I will give this a shot when I get home tonight.

#11 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 06 May 2011 - 08:05 AM

Sure.

I'm going away over the weekend.
I'll be back after the weekend.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#12 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 06 May 2011 - 08:57 AM

Sounds good. Thanks again for your assistance.

#13 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:43 PM

Posted 08 May 2011 - 04:26 PM

I'm back
Have you managed to do the steps in post #9

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#14 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 May 2011 - 09:08 PM

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-2383686348-4292671345-4074465936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
Registry value HKEY_USERS\S-1-5-21-2383686348-4292671345-4074465936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{38542454-DFB6-44F5-B052-D4E071A3D073} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{38542454-DFB6-44F5-B052-D4E071A3D073}\ not found.
Registry value HKEY_USERS\S-1-5-21-2383686348-4292671345-4074465936-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C44F9E21-D93F-490C-B41C-B3548BDD19FC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
C:\Windows\Tasks\oqbhy.job moved successfully.
C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l moved successfully.
C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l moved successfully.
File C:\Users\Joan\AppData\Local\74naa86484b4h4547ab5g2x7g1n374va28l not found.
File C:\ProgramData\74naa86484b4h4547ab5g2x7g1n374va28l not found.
C:\Users\Joan\AppData\Local\3823499586 moved successfully.
C:\ProgramData\3823499586 moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joan
->Temp folder emptied: 92348642 bytes
->Temporary Internet Files folder emptied: 398524485 bytes
->Java cache emptied: 1127827 bytes
->FireFox cache emptied: 43626123 bytes
->Flash cache emptied: 3239960 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 514.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Joan
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05082011_220357

Files\Folders moved on Reboot...
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7FPYCPG\adloader[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7FPYCPG\AdServeMsg[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7FPYCPG\Messenger[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X7FPYCPG\WebIMPop[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF110R1X\01[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF110R1X\B5022453[2].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF110R1X\page__pid__2239196[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF110R1X\resourcespreload[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VF110R1X\tt[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX4DA1ZJ\InboxLight[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX4DA1ZJ\LocalStorage[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OX4DA1ZJ\xmlProxy[1].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ2OZ5HC\default[2].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LZ2OZ5HC\xmlProxy[4].htm moved successfully.
C:\Users\Joan\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

#15 jshams

jshams
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Local time:09:43 AM

Posted 08 May 2011 - 09:10 PM

The only anti-virus program I know was Immunet, which I attempted to remove.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users