Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirects


  • This topic is locked This topic is locked
25 replies to this topic

#1 f6e9a25

f6e9a25

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 17 February 2012 - 10:07 PM

Hello,

Google has been redirecting me every time i search the internet. I do not know what causes it, but i have tried to use lavasoft, mbam, and spywarebot to remove it , but have had no luck so far.
I cannot upload attach.txt the attach files says it is too large to upload but it is only 8kb.

Thanks,
Wolf

Attached Files


So many ideas in mah brain !!!!!

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 19 February 2012 - 02:51 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 19 February 2012 - 03:44 PM

Hi Gringo,

Thanks for helping me here are the logs. Also when i am redirected from google it takes me to vipsearches. net and then to another site.

DDS LOG

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_27
Run by Administrator at 14:43:41 on 2012-02-19
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1916.404 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Hotspot Shield\bin\openvpnas.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\TOSHIBA\IVP\ISM\pinger.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\Program Files\Sophos\Remote Management System\RouterNT.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\WINDOWS\system32\TODDSrv.exe
C:\Program Files\Lightspeed Systems\User Agent\UAService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\ddwmon.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\TPSMain.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Hotspot Shield\bin\openvpntray.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Administrator\Desktop\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Sophos Web Content Scanner: {39ea7695-b3f2-4c44-a4bc-297ada8fd235} - c:\program files\sophos\sophos anti-virus\SophosBHO.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [LtMoh] c:\program files\ltmoh\Ltmoh.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [1Y5U7AYUZGXZWU0VUYMVRNFBGL] c:\fonts\6DFBBA779BF.exe /q
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [THotkey] c:\program files\toshiba\toshiba applet\thotkey.exe
mRun: [DDWMon] c:\program files\toshiba\toshiba direct disc writer\\ddwmon.exe
mRun: [SmoothView] c:\program files\toshiba\toshiba zooming utility\SmoothView.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Camera Assistant Software] "c:\program files\camera assistant software for toshiba\traybar.exe" /start
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [TPSMain] TPSMain.exe
mRun: [CFSServ.exe] CFSServ.exe -NoClient
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AdobeCS5.5ServiceManager] "c:\program files\common files\adobe\cs5.5servicemanager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{433E494E-0636-4DA9-BA42-D18FCC602B31} : DhcpNameServer = 192.168.1.254
Notify: igfxcui - igfxdev.dll
Hosts: 94.63.147.16 www.google.com
Hosts: 94.63.147.17 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\59hmow3s.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\administrator\application data\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\documents and settings\administrator\local settings\application data\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\common files\mpdrm\NPMPDRM.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2012-2-17 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-10-6 232512]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [2009-10-15 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [2009-10-15 24064]
R2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2011-11-15 330072]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-12-23 2152152]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-17 652360]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\sophos\sophos anti-virus\SAVAdminService.exe [2011-10-13 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\sophos\sophos anti-virus\SavService.exe [2011-10-13 97520]
R2 Sophos Agent;Sophos Agent;c:\program files\sophos\remote management system\ManagementAgentNT.exe [2009-10-20 266240]
R2 Sophos AutoUpdate Service;Sophos AutoUpdate Service;c:\program files\sophos\autoupdate\ALsvc.exe [2009-9-4 175144]
R2 Sophos Message Router;Sophos Message Router;c:\program files\sophos\remote management system\RouterNT.exe [2009-10-20 794624]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\sophos\sophos anti-virus\web intelligence\swi_service.exe [2011-10-13 1541360]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [2007-3-26 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2007-2-19 134016]
R2 UAService;User Agent Service;c:\program files\lightspeed systems\user agent\UAService.exe [2007-5-29 262144]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-11 5888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-17 20464]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [2008-9-11 154624]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2009-12-1 34384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [2007-10-17 39424]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-12 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-2 135664]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\drivers\ioport.sys --> c:\sysprep\drivers\ioport.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-12-23 15232]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\up_date\pedrv.sys --> c:\sysprep\up_date\PEDrv.sys [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [2009-10-20 14976]
.
=============== Created Last 30 ================
.
2012-02-19 03:04:58 -------- d-sh--w- C:\found.000
2012-02-19 01:57:24 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 00:51:44 -------- d-----w- c:\program files\CCleaner
2012-02-18 03:28:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-18 02:07:10 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-18 02:02:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-18 02:02:27 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-02-18 02:00:51 -------- d-----w- c:\documents and settings\administrator\application data\Malwarebytes
2012-02-18 02:00:37 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-02-18 02:00:36 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 02:00:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 01:45:07 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-18 01:44:37 -------- d-----w- c:\program files\Lavasoft
2012-02-13 06:12:36 -------- d-----w- c:\documents and settings\administrator\local settings\application data\iTunesCommonUsb
2012-02-06 02:05:48 -------- d-----w- C:\Twig
2012-02-06 02:03:18 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Sophos
2012-02-06 02:02:56 -------- d--h--w- c:\windows\PIF
2012-02-05 22:17:44 -------- d-----w- c:\documents and settings\administrator\application data\Kiweiq
2012-02-05 22:17:44 -------- d-----w- c:\documents and settings\administrator\application data\Jaohyc
2012-02-04 22:11:49 -------- d-----w- c:\documents and settings\administrator\application data\.minecraft
2012-02-03 05:35:06 -------- d-----w- c:\program files\VideoLAN
2012-02-03 02:56:44 -------- d-----w- c:\documents and settings\administrator\application data\Screaming Bee
2012-02-03 02:43:10 -------- d-----w- c:\program files\Screaming Bee
2012-02-03 02:22:33 -------- d-----w- c:\documents and settings\administrator\application data\Avnex
2012-02-03 02:22:09 -------- d-----w- c:\program files\AV Vcs 7.0 DIAMOND
2012-01-31 04:20:40 -------- d-----w- c:\documents and settings\all users\application data\Sophos Web Intelligence
2012-01-31 04:19:54 -------- d-----w- c:\program files\common files\Cisco Systems
2012-01-31 04:19:50 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-01-28 19:05:57 -------- d-----w- c:\documents and settings\administrator\application data\Stellarium
2012-01-28 19:05:39 -------- d-----w- c:\program files\Stellarium
2012-01-25 02:31:46 -------- d-----w- c:\program files\TI Education
2012-01-25 02:31:46 -------- d-----w- c:\program files\common files\TI Shared
.
==================== Find3M ====================
.
2012-02-04 03:22:59 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:44:18.29 ===============



ATTACH LOG

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2009 6:50:43 AM
System Uptime: 2/19/2012 2:39:07 PM (0 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Intel® Core™2 Duo CPU T5870 @ 2.00GHz | CPU | 1994/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 224 GiB total, 190.699 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ROOT\MEDIA\0000
Manufacturer:
Name:
PNP Device ID: ROOT\MEDIA\0000
Service:
.
==== System Restore Points ===================
.
RP53: 11/18/2011 7:03:27 PM - System Checkpoint
RP54: 11/19/2011 8:09:02 PM - System Checkpoint
RP55: 11/23/2011 12:40:30 PM - System Checkpoint
RP56: 11/25/2011 9:34:04 PM - System Checkpoint
RP57: 11/27/2011 1:57:02 PM - System Checkpoint
RP58: 11/28/2011 8:27:05 PM - System Checkpoint
RP59: 11/30/2011 7:57:01 PM - System Checkpoint
RP60: 12/3/2011 1:01:26 PM - System Checkpoint
RP61: 12/5/2011 8:51:25 PM - System Checkpoint
RP62: 12/8/2011 8:29:05 PM - System Checkpoint
RP63: 12/9/2011 9:31:11 PM - System Checkpoint
RP64: 12/11/2011 2:54:48 PM - System Checkpoint
RP65: 12/22/2011 12:22:42 PM - System Checkpoint
RP66: 12/25/2011 10:40:29 AM - System Checkpoint
RP67: 12/26/2011 8:41:44 PM - System Checkpoint
RP68: 12/27/2011 8:47:28 PM - System Checkpoint
RP69: 12/29/2011 8:16:18 PM - System Checkpoint
RP70: 1/8/2012 2:54:20 PM - System Checkpoint
RP71: 1/11/2012 8:30:15 PM - System Checkpoint
RP72: 1/14/2012 11:08:17 AM - System Checkpoint
RP73: 1/15/2012 12:44:43 PM - System Checkpoint
RP74: 1/17/2012 10:03:35 PM - System Checkpoint
RP75: 1/19/2012 5:23:38 PM - System Checkpoint
RP76: 1/22/2012 7:25:17 PM - System Checkpoint
RP77: 1/25/2012 7:57:24 PM - System Checkpoint
RP78: 1/28/2012 3:49:31 PM - System Checkpoint
RP79: 1/29/2012 4:18:38 PM - System Checkpoint
RP80: 1/30/2012 9:15:06 PM - System Checkpoint
RP81: 2/2/2012 6:43:09 PM - Installed MorphVOX Junior
RP82: 2/4/2012 4:02:01 PM - System Checkpoint
RP83: 2/7/2012 8:37:18 PM - System Checkpoint
RP84: 2/8/2012 8:48:58 PM - System Checkpoint
RP85: 2/10/2012 5:46:53 PM - System Checkpoint
RP86: 2/14/2012 9:28:31 PM - System Checkpoint
RP87: 2/17/2012 5:42:46 PM - Installed Ad-Aware
RP88: 2/17/2012 5:44:21 PM - Installed Ad-Aware
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 9.20
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Illustrator CS5.1
Adobe Reader 9
Adobe Shockwave Player 11.6
AiO_Scan_CDA
Air Conflicts Secret Wars
AV Voice Changer Software DIAMOND 7.0
Camera Assistant Software for Toshiba
CamStudio
CamStudio OSS Desktop Recorder
CCleaner
CD/DVD Drive Acoustic Silencer
Charles 3.6.3
Cheat Engine 6.1
DAEMON Tools Lite
ESET Online Scanner v3
Google Desktop
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Halo Combat Evolved
Hotspot Shield 2.16
HP Color LaserJet CP2020 Series 1.0
HP PSC & OfficeJet 6.1.A
hppQFolderCP2020
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver
Intel® PROSet/Wireless WiFi Software
Intel® Matrix Storage Manager
InterVideo WinDVD for TOSHIBA
Java Auto Updater
Java™ 6 Update 27
Java™ 6 Update 3
Java™ 6 Update 6
LEGO MINDSTORMS Edu NXT - English Language Pack
LEGO MINDSTORMS Edu NXT Software v1.1
LEGO MINDSTORMS NXT Driver
LEGO MINDSTORMS NXT Edu Migration Package
Lightspeed Systems User Agent
Malwarebytes Anti-Malware version 1.60.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MorphVOX Junior
Mozilla Firefox 9.0.1 (x86 en-US)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Norton Security Scan
PDF Settings CS5
Picasa 2
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.93
Scan
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Shockwave
Skype™ 5.5
Sophos Anti-Virus
Sophos AutoUpdate
Sophos Remote Management System
Spybot - Search & Destroy
Stellarium 0.11.1
swMSM
Synaptics Pointing Device Driver
System Requirements Lab CYRI
TI-83 Plus Flash Debugger
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Direct Disc Writer
TOSHIBA Disc Creator
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Power Saver
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Zooming Utility
Unlocker 1.9.1
USB 2.0 Card Reader
VLC media player 1.1.11
WebFldrs XP
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Player 10
WinRAR 4.10 beta 3 (32-bit)
.
==== Event Viewer Messages From Past Week ========
.
2/18/2012 5:51:48 PM, error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
2/18/2012 5:45:48 PM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
2/17/2012 7:32:15 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
2/17/2012 10:21:21 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Schedule service.
2/13/2012 6:24:43 PM, error: DCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206} to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission can be modified using the Component Services administrative tool.
2/13/2012 6:24:29 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde
2/13/2012 6:23:54 PM, error: NETLOGON [5719] - No Domain Controller is available for domain NATALIA_INET due to the following: There are currently no logon servers available to service the logon request. . Make sure that the computer is connected to the network and try again. If the problem persists, please contact your domain administrator.
.
==== End Of File ===========================

Edited by f6e9a25, 19 February 2012 - 03:47 PM.

So many ideas in mah brain !!!!!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 19 February 2012 - 05:12 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 19 February 2012 - 05:53 PM

ok,
combofix log

ComboFix 12-02-19.02 - Administrator 02/19/2012 16:30:27.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1916.627 [GMT -8:00]
Running from: c:\documents and settings\Administrator\Desktop\Gringo.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\TEMP\sophos_autoupdate1.dir\ALUpdate.exe
c:\windows\TEMP\sophos_autoupdate1.dir\ChannelUpdater.dll
c:\windows\TEMP\sophos_autoupdate1.dir\CidSync.dll
c:\windows\TEMP\sophos_autoupdate1.dir\crypto.dll
c:\windows\TEMP\sophos_autoupdate1.dir\libcurl.dll
c:\windows\TEMP\sophos_autoupdate1.dir\libeay32.dll
c:\windows\TEMP\sophos_autoupdate1.dir\MSVCP71.DLL
c:\windows\TEMP\sophos_autoupdate1.dir\MSVCR71.DLL
c:\windows\TEMP\sophos_autoupdate1.dir\retailer.dll
c:\windows\TEMP\sophos_autoupdate1.dir\SharedRes.dll
c:\windows\TEMP\sophos_autoupdate1.dir\xmlcpp.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-01-20 to 2012-02-20 )))))))))))))))))))))))))))))))
.
.
2012-02-19 22:54 . 2012-02-19 22:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-02-19 03:04 . 2012-02-19 03:04 -------- d-----w- C:\found.000
2012-02-19 01:57 . 2012-02-19 01:57 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-19 00:51 . 2012-02-19 00:51 -------- d-----w- c:\program files\CCleaner
2012-02-18 03:28 . 2012-02-18 02:07 16432 ----a-w- c:\windows\system32\lsdelete.exe
2012-02-18 02:07 . 2012-02-18 02:07 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-18 02:02 . 2012-02-19 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-02-18 02:02 . 2012-02-18 03:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-18 02:00 . 2012-02-18 02:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2012-02-18 02:00 . 2012-02-18 02:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2012-02-18 02:00 . 2012-02-18 02:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-18 02:00 . 2011-12-10 23:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-18 01:45 . 2012-02-18 01:45 -------- d-----w- c:\windows\system32\config\systemprofile\Local Settings\Application Data\Sunbelt Software
2012-02-18 01:45 . 2011-12-23 15:12 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2012-02-18 01:44 . 2012-02-18 01:44 -------- d-----w- c:\program files\Lavasoft
2012-02-18 01:44 . 2012-02-18 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2012-02-17 05:40 . 2012-02-17 05:40 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2012-02-13 06:12 . 2012-02-18 03:31 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\iTunesCommonUsb
2012-02-06 02:05 . 2012-02-06 02:05 -------- d-----w- C:\Twig
2012-02-06 02:03 . 2012-02-06 02:03 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sophos
2012-02-06 02:02 . 2012-02-06 02:02 -------- d--h--w- c:\windows\PIF
2012-02-05 22:17 . 2012-02-06 02:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Kiweiq
2012-02-05 22:17 . 2012-02-06 00:42 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jaohyc
2012-02-04 22:11 . 2012-02-04 22:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\.minecraft
2012-02-03 05:35 . 2012-02-03 05:47 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2012-02-03 05:35 . 2012-02-03 05:35 -------- d-----w- c:\program files\VideoLAN
2012-02-03 02:56 . 2012-02-03 02:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\Screaming Bee
2012-02-03 02:43 . 2012-02-03 02:43 -------- d-----w- c:\program files\Screaming Bee
2012-02-03 02:22 . 2012-02-03 02:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Avnex
2012-02-03 02:22 . 2012-02-03 02:38 -------- d-----w- c:\program files\AV Vcs 7.0 DIAMOND
2012-01-31 04:20 . 2012-01-31 04:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Sophos Web Intelligence
2012-01-31 04:19 . 2012-01-31 04:19 -------- d-----w- c:\program files\Common Files\Cisco Systems
2012-01-31 04:19 . 2011-10-13 17:18 28912 ----a-w- c:\windows\system32\SophosBootTasks.exe
2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\Stellarium
2012-01-28 19:05 . 2012-01-28 19:05 -------- d-----w- c:\program files\Stellarium
2012-01-25 02:31 . 2012-01-25 02:31 -------- d-----w- c:\program files\TI Education
2012-01-25 02:31 . 2012-01-25 02:31 -------- d-----w- c:\program files\Common Files\TI Shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-04 03:22 . 2011-09-14 23:43 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-11 06:13 . 2011-09-14 23:46 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2012-02-06_02.40.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-02-19 22:40 . 2012-02-19 22:40 16384 c:\windows\Temp\Perflib_Perfdata_978.dat
+ 2012-02-19 22:40 . 2012-02-19 22:40 16384 c:\windows\Temp\Perflib_Perfdata_5b0.dat
+ 2008-09-11 20:42 . 2012-02-19 22:44 56868 c:\windows\system32\perfc009.dat
- 2008-09-11 20:42 . 2012-02-06 02:26 56868 c:\windows\system32\perfc009.dat
+ 2012-02-18 01:45 . 2011-12-23 15:12 64512 c:\windows\system32\DRVSTORE\lbd_69523D0F7F903BDB477CD80CFD35086362532B23\Lbd.sys
+ 2008-09-11 20:42 . 2008-04-14 12:00 57856 c:\windows\system32\dllcache\spoolsv.exe
- 2009-10-07 13:49 . 2012-01-11 02:28 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-10-07 13:49 . 2012-02-19 03:08 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-10-07 13:49 . 2012-01-11 02:28 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-07 13:49 . 2012-02-19 03:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2012-02-19 03:08 . 2012-02-19 03:08 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2012-01-11 02:32 . 2012-01-11 02:28 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-07-12 08:02 . 2009-07-12 08:02 653120 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 569664 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcp90.dll
+ 2009-07-12 08:05 . 2009-07-12 08:05 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcm90.dll
+ 2009-07-12 08:02 . 2009-07-12 08:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 624448 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcr90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 853312 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcp90.dll
+ 2009-07-12 06:14 . 2009-07-12 06:14 245760 c:\windows\WinSxS\amd64_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_069f922e\msvcm90.dll
+ 2009-07-12 06:11 . 2009-07-12 06:11 176456 c:\windows\WinSxS\amd64_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_673f7fa2\atl90.dll
+ 2008-09-11 20:42 . 2012-02-19 22:44 350058 c:\windows\system32\perfh009.dat
- 2008-09-11 20:42 . 2012-02-06 02:26 350058 c:\windows\system32\perfh009.dat
+ 2012-02-19 01:51 . 2012-02-19 01:51 3566168 c:\windows\system32\FNTCACHE.DAT
- 2008-09-11 13:30 . 2011-12-04 02:41 3566168 c:\windows\system32\FNTCACHE.DAT
+ 2012-02-18 01:45 . 2012-02-18 01:45 7270400 c:\windows\Installer\fad25.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LtMoh"="c:\program files\ltmoh\Ltmoh.exe" [2007-01-09 191552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CFSServ.exe"="CFSServ.exe -NoClient" [X]
"NDSTray.exe"="NDSTray.exe" [BU]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2008-08-30 360448]
"DDWMon"="c:\program files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe" [2007-04-14 311296]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"RTHDCPL"="RTHDCPL.EXE" [2008-04-07 16860672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-03 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-03 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-03 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-07 1024000]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"TPSMain"="TPSMain.exe" [2007-10-08 262144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-16 499608]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4941\Scripts\Logon\0\0]
"Script"=\\nhsds\scripts\WebMastering.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-4948\Scripts\Logon\0\0]
"Script"=\\nhsds\scripts\WebMastering.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6618\Scripts\Logon\0\0]
"Script"=\\nhsds\scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6618\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6618\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6618\Scripts\Logon\3\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-6654\Scripts\Logon\0\0]
"Script"=\\nhsds\scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7069\Scripts\Logon\0\0]
"Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7070\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7070\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7070\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7081\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7081\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7081\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7082\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7087\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7102\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7118\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7118\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7118\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7120\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7120\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-7120\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8231\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8231\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8231\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8235\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8235\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8235\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8241\Scripts\Logon\0\0]
"Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8274\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8274\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8274\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8643\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8643\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8643\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8659\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8659\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8659\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8668\Scripts\Logon\0\0]
"Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8684\Scripts\Logon\0\0]
"Script"=\\nisdds\TechTools\Scripts\NHSYB.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8688\Scripts\Logon\0\0]
"Script"=\\nisdds\TechDocs\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8693\Scripts\Logon\0\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8693\Scripts\Logon\1\0]
"Script"=\\Nisdds\TechTools\Scripts\200hallptrs.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8693\Scripts\Logon\2\0]
"Script"=\\Nisdds\TechTools\Scripts\firewall.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-1182400998-278146499-1233284464-8695\Scripts\Logon\0\0]
"Script"=\\nisdds\TechDocs\firewall.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"21354:UDP"= 21354:UDP:UDP 21354
"16379:TCP"= 16379:TCP:TCP 16379
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2/17/2012 5:45 PM 64512]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [10/6/2011 4:23 PM 232512]
R1 SAVOnAccessControl;SAVOnAccessControl;c:\windows\system32\drivers\savonaccesscontrol.sys [10/15/2009 6:26 AM 153344]
R1 SAVOnAccessFilter;SAVOnAccessFilter;c:\windows\system32\drivers\savonaccessfilter.sys [10/15/2009 6:26 AM 24064]
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [11/15/2011 4:43 PM 330072]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2/17/2012 6:00 PM 652360]
R2 SAVAdminService;Sophos Anti-Virus status reporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [10/13/2011 9:18 AM 163056]
R2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [10/13/2011 9:18 AM 97520]
R2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [10/13/2011 9:18 AM 1541360]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 11:22 AM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 11:15 AM 134016]
R2 UAService;User Agent Service;c:\program files\Lightspeed Systems\User Agent\UAService.exe [5/29/2007 12:50 PM 262144]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [9/11/2008 1:10 PM 5888]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2/17/2012 6:00 PM 20464]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2/19/2012 2:54 PM 40776]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\drivers\RTS5121.sys [9/11/2008 1:06 PM 154624]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [12/1/2009 3:49 PM 34384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 10:00 AM 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [12/23/2011 7:12 AM 2152152]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;c:\windows\system32\drivers\fantom.sys [10/17/2007 4:49 PM 39424]
S3 GoogleDesktopManager-022208-143751;Google Desktop Manager 5.7.802.22438;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [9/12/2008 1:40 PM 29744]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/2/2010 10:00 AM 135664]
S3 IO_Memory;IO_Memory;\??\c:\sysprep\Drivers\ioport.sys --> c:\sysprep\Drivers\ioport.sys [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [12/23/2011 7:12 AM 15232]
S3 SVRPEDRV;SVRPEDRV;\??\c:\sysprep\UP_date\PEDrv.sys --> c:\sysprep\UP_date\PEDrv.sys [?]
S4 SophosBootDriver;SophosBootDriver;c:\windows\system32\drivers\SophosBootDriver.sys [10/20/2009 9:07 AM 14976]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-19 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-12-23 02:05]
.
2012-01-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-NHSSCI06-Administrator.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-12-03 01:42]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:00]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-02 18:00]
.
2012-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 02:30]
.
2012-02-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 02:30]
.
2012-01-15 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\352~1.10\Nss.exe [2011-09-22 15:16]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.toshibadirect.com/dpdstart
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\59hmow3s.default\
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-1Y5U7AYUZGXZWU0VUYMVRNFBGL - c:\fonts\6DFBBA779BF.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-19 16:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sophos Message Router]
"ImagePath"="\"c:\program files\Sophos\Remote Management System\RouterNT.exe\" -service -name Router -ORBListenEndpoints iiop://:8193/ssl_port=8194"
.
Completion time: 2012-02-19 16:50:02
ComboFix-quarantined-files.txt 2012-02-20 00:49
ComboFix2.txt 2012-02-19 02:54
ComboFix3.txt 2012-02-06 02:43
ComboFix4.txt 2011-12-28 06:41
.
Pre-Run: 204,743,139,328 bytes free
Post-Run: 204,695,687,168 bytes free
.
- - End Of File - - DBAC850D0FBB4EE5822042C50101B08E
So many ideas in mah brain !!!!!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 19 February 2012 - 06:03 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 19 February 2012 - 06:36 PM

TDSS KILLER

17:22:25.0453 5992 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
17:22:25.0859 5992 ============================================================
17:22:25.0859 5992 Current date / time: 2012/02/19 17:22:25.0859
17:22:25.0859 5992 SystemInfo:
17:22:25.0859 5992
17:22:25.0859 5992 OS Version: 5.1.2600 ServicePack: 3.0
17:22:25.0859 5992 Product type: Workstation
17:22:25.0859 5992 ComputerName: NHSSCI06
17:22:25.0859 5992 UserName: Administrator
17:22:25.0859 5992 Windows directory: C:\WINDOWS
17:22:25.0859 5992 System windows directory: C:\WINDOWS
17:22:25.0859 5992 Processor architecture: Intel x86
17:22:25.0859 5992 Number of processors: 2
17:22:25.0859 5992 Page size: 0x1000
17:22:25.0859 5992 Boot type: Normal boot
17:22:25.0859 5992 ============================================================
17:22:26.0281 5992 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:22:26.0281 5992 \Device\Harddisk0\DR0:
17:22:26.0281 5992 MBR used
17:22:26.0281 5992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BF36A47
17:22:26.0328 5992 Initialize success
17:22:26.0328 5992 ============================================================
17:22:27.0156 0268 ============================================================
17:22:27.0156 0268 Scan started
17:22:27.0156 0268 Mode: Manual;
17:22:27.0156 0268 ============================================================
17:22:27.0796 0268 Abiosdsk - ok
17:22:27.0812 0268 abp480n5 - ok
17:22:27.0843 0268 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
17:22:27.0859 0268 ACPI - ok
17:22:27.0859 0268 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
17:22:27.0859 0268 ACPIEC - ok
17:22:27.0875 0268 adpu160m - ok
17:22:27.0921 0268 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
17:22:27.0921 0268 aec - ok
17:22:28.0015 0268 AFD (322d0e36693d6e24a2398bee62a268cd) C:\WINDOWS\System32\drivers\afd.sys
17:22:28.0015 0268 AFD - ok
17:22:28.0078 0268 AgereSoftModem (ce91b158fa490cf4c4d487a4130f4660) C:\WINDOWS\system32\DRIVERS\AGRSM.sys
17:22:28.0093 0268 AgereSoftModem - ok
17:22:28.0171 0268 Aha154x - ok
17:22:28.0171 0268 aic78u2 - ok
17:22:28.0187 0268 aic78xx - ok
17:22:28.0203 0268 AliIde - ok
17:22:28.0218 0268 amsint - ok
17:22:28.0234 0268 asc - ok
17:22:28.0234 0268 asc3350p - ok
17:22:28.0250 0268 asc3550 - ok
17:22:28.0312 0268 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
17:22:28.0312 0268 AsyncMac - ok
17:22:28.0421 0268 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
17:22:28.0421 0268 atapi - ok
17:22:28.0500 0268 Atdisk - ok
17:22:28.0546 0268 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
17:22:28.0546 0268 Atmarpc - ok
17:22:28.0671 0268 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
17:22:28.0671 0268 audstub - ok
17:22:28.0796 0268 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
17:22:28.0796 0268 Beep - ok
17:22:28.0859 0268 catchme - ok
17:22:28.0953 0268 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
17:22:28.0953 0268 cbidf2k - ok
17:22:28.0968 0268 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
17:22:28.0968 0268 CCDECODE - ok
17:22:28.0968 0268 cd20xrnt - ok
17:22:29.0000 0268 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
17:22:29.0000 0268 Cdaudio - ok
17:22:29.0125 0268 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
17:22:29.0125 0268 Cdfs - ok
17:22:29.0250 0268 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
17:22:29.0250 0268 Cdrom - ok
17:22:29.0265 0268 Changer - ok
17:22:29.0296 0268 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
17:22:29.0296 0268 CmBatt - ok
17:22:29.0375 0268 CmdIde - ok
17:22:29.0421 0268 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
17:22:29.0421 0268 Compbatt - ok
17:22:29.0515 0268 Cpqarray - ok
17:22:29.0546 0268 dac2w2k - ok
17:22:29.0562 0268 dac960nt - ok
17:22:29.0625 0268 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
17:22:29.0625 0268 Disk - ok
17:22:29.0765 0268 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
17:22:29.0781 0268 dmboot - ok
17:22:29.0906 0268 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
17:22:29.0906 0268 dmio - ok
17:22:30.0015 0268 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
17:22:30.0015 0268 dmload - ok
17:22:30.0078 0268 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
17:22:30.0078 0268 DMusic - ok
17:22:30.0171 0268 dpti2o - ok
17:22:30.0218 0268 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
17:22:30.0218 0268 drmkaud - ok
17:22:30.0328 0268 dtsoftbus01 (c0c7ceccb6c85994c2bc92d58e52d3f2) C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
17:22:30.0328 0268 dtsoftbus01 - ok
17:22:30.0468 0268 FANTOM (e3b0cd18146f9d51a34969e9bc2458d2) C:\WINDOWS\system32\DRIVERS\fantom.sys
17:22:30.0468 0268 FANTOM - ok
17:22:30.0578 0268 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
17:22:30.0578 0268 Fastfat - ok
17:22:30.0703 0268 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
17:22:30.0703 0268 Fdc - ok
17:22:30.0828 0268 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
17:22:30.0828 0268 Fips - ok
17:22:30.0953 0268 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
17:22:30.0953 0268 Flpydisk - ok
17:22:30.0984 0268 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
17:22:30.0984 0268 FltMgr - ok
17:22:31.0093 0268 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
17:22:31.0093 0268 Fs_Rec - ok
17:22:31.0218 0268 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
17:22:31.0218 0268 Ftdisk - ok
17:22:31.0328 0268 FwLnk (4d52c52101492c450518124c592d8925) C:\WINDOWS\system32\DRIVERS\FwLnk.sys
17:22:31.0328 0268 FwLnk - ok
17:22:31.0453 0268 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
17:22:31.0468 0268 Gpc - ok
17:22:31.0593 0268 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
17:22:31.0593 0268 HDAudBus - ok
17:22:31.0718 0268 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
17:22:31.0718 0268 HidUsb - ok
17:22:31.0796 0268 hpn - ok
17:22:31.0843 0268 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
17:22:31.0843 0268 HssDrv - ok
17:22:31.0984 0268 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
17:22:31.0984 0268 HTTP - ok
17:22:32.0078 0268 i2omgmt - ok
17:22:32.0093 0268 i2omp - ok
17:22:32.0140 0268 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
17:22:32.0140 0268 i8042prt - ok
17:22:32.0437 0268 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
17:22:32.0484 0268 ialm - ok
17:22:32.0593 0268 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
17:22:32.0593 0268 iaStor - ok
17:22:32.0718 0268 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
17:22:32.0718 0268 Imapi - ok
17:22:32.0796 0268 ini910u - ok
17:22:32.0953 0268 IntcAzAudAddService (febb470bf0de4dbebbf72b79df993c5f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
17:22:33.0000 0268 IntcAzAudAddService - ok
17:22:33.0078 0268 IntelIde - ok
17:22:33.0125 0268 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
17:22:33.0125 0268 intelppm - ok
17:22:33.0125 0268 IO_Memory - ok
17:22:33.0156 0268 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
17:22:33.0156 0268 Ip6Fw - ok
17:22:33.0265 0268 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
17:22:33.0265 0268 IpFilterDriver - ok
17:22:33.0375 0268 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
17:22:33.0375 0268 IpInIp - ok
17:22:33.0500 0268 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
17:22:33.0500 0268 IpNat - ok
17:22:33.0625 0268 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
17:22:33.0625 0268 IPSec - ok
17:22:33.0734 0268 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
17:22:33.0734 0268 IRENUM - ok
17:22:33.0859 0268 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
17:22:33.0859 0268 isapnp - ok
17:22:34.0000 0268 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
17:22:34.0000 0268 Kbdclass - ok
17:22:34.0109 0268 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
17:22:34.0109 0268 kbdhid - ok
17:22:34.0171 0268 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
17:22:34.0171 0268 kmixer - ok
17:22:34.0281 0268 KSecDD (1705745d900dabf2d89f90ebaddc7517) C:\WINDOWS\system32\drivers\KSecDD.sys
17:22:34.0281 0268 KSecDD - ok
17:22:34.0406 0268 Lavasoft Kernexplorer (6c4a3804510ad8e0f0c07b5be3d44ddb) C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
17:22:34.0421 0268 Lavasoft Kernexplorer - ok
17:22:34.0500 0268 Lbd (336abe8721cbc3110f1c6426da633417) C:\WINDOWS\system32\DRIVERS\Lbd.sys
17:22:34.0515 0268 Lbd - ok
17:22:34.0593 0268 lbrtfdc - ok
17:22:34.0656 0268 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\WINDOWS\system32\drivers\mbam.sys
17:22:34.0656 0268 MBAMProtector - ok
17:22:34.0765 0268 MBAMSwissArmy (0db7527db188c7d967a37bb51bbf3963) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
17:22:34.0765 0268 MBAMSwissArmy - ok
17:22:34.0812 0268 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
17:22:34.0812 0268 mnmdd - ok
17:22:34.0937 0268 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
17:22:34.0937 0268 Modem - ok
17:22:34.0953 0268 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
17:22:34.0953 0268 Mouclass - ok
17:22:35.0062 0268 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
17:22:35.0062 0268 mouhid - ok
17:22:35.0109 0268 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
17:22:35.0109 0268 MountMgr - ok
17:22:35.0187 0268 mraid35x - ok
17:22:35.0250 0268 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
17:22:35.0250 0268 MRxDAV - ok
17:22:35.0375 0268 MRxSmb (68755f0ff16070178b54674fe5b847b0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
17:22:35.0390 0268 MRxSmb - ok
17:22:35.0515 0268 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
17:22:35.0515 0268 Msfs - ok
17:22:35.0640 0268 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
17:22:35.0640 0268 MSKSSRV - ok
17:22:35.0765 0268 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
17:22:35.0765 0268 MSPCLOCK - ok
17:22:35.0890 0268 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
17:22:35.0890 0268 MSPQM - ok
17:22:36.0000 0268 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
17:22:36.0000 0268 mssmbios - ok
17:22:36.0125 0268 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
17:22:36.0125 0268 MSTEE - ok
17:22:36.0250 0268 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
17:22:36.0250 0268 Mup - ok
17:22:36.0281 0268 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
17:22:36.0281 0268 NABTSFEC - ok
17:22:36.0406 0268 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
17:22:36.0406 0268 NDIS - ok
17:22:36.0515 0268 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
17:22:36.0515 0268 NdisIP - ok
17:22:36.0546 0268 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
17:22:36.0546 0268 NdisTapi - ok
17:22:36.0656 0268 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
17:22:36.0656 0268 Ndisuio - ok
17:22:36.0703 0268 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
17:22:36.0703 0268 NdisWan - ok
17:22:36.0796 0268 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
17:22:36.0796 0268 NDProxy - ok
17:22:36.0921 0268 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
17:22:36.0921 0268 NetBIOS - ok
17:22:36.0953 0268 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
17:22:36.0953 0268 NetBT - ok
17:22:37.0078 0268 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
17:22:37.0078 0268 Netdevio - ok
17:22:37.0312 0268 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
17:22:37.0375 0268 NETw5x32 - ok
17:22:37.0484 0268 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
17:22:37.0500 0268 Npfs - ok
17:22:37.0531 0268 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
17:22:37.0546 0268 Ntfs - ok
17:22:37.0640 0268 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
17:22:37.0640 0268 Null - ok
17:22:37.0750 0268 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
17:22:37.0750 0268 NwlnkFlt - ok
17:22:37.0781 0268 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
17:22:37.0781 0268 NwlnkFwd - ok
17:22:37.0812 0268 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
17:22:37.0812 0268 Parport - ok
17:22:37.0906 0268 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
17:22:37.0906 0268 PartMgr - ok
17:22:37.0968 0268 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
17:22:37.0984 0268 ParVdm - ok
17:22:38.0062 0268 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
17:22:38.0078 0268 PCI - ok
17:22:38.0093 0268 PCIDump - ok
17:22:38.0109 0268 PCIIde - ok
17:22:38.0140 0268 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
17:22:38.0140 0268 Pcmcia - ok
17:22:38.0203 0268 PDCOMP - ok
17:22:38.0218 0268 PDFRAME - ok
17:22:38.0234 0268 PDRELI - ok
17:22:38.0250 0268 PDRFRAME - ok
17:22:38.0265 0268 perc2 - ok
17:22:38.0281 0268 perc2hib - ok
17:22:38.0359 0268 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
17:22:38.0359 0268 PptpMiniport - ok
17:22:38.0468 0268 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
17:22:38.0468 0268 PSched - ok
17:22:38.0578 0268 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
17:22:38.0578 0268 Ptilink - ok
17:22:38.0703 0268 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
17:22:38.0703 0268 PxHelp20 - ok
17:22:38.0718 0268 ql1080 - ok
17:22:38.0734 0268 Ql10wnt - ok
17:22:38.0750 0268 ql12160 - ok
17:22:38.0765 0268 ql1240 - ok
17:22:38.0781 0268 ql1280 - ok
17:22:38.0812 0268 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
17:22:38.0812 0268 RasAcd - ok
17:22:38.0906 0268 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
17:22:38.0906 0268 Rasl2tp - ok
17:22:39.0031 0268 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
17:22:39.0031 0268 RasPppoe - ok
17:22:39.0046 0268 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
17:22:39.0046 0268 Raspti - ok
17:22:39.0078 0268 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
17:22:39.0078 0268 Rdbss - ok
17:22:39.0203 0268 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
17:22:39.0203 0268 RDPCDD - ok
17:22:39.0328 0268 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
17:22:39.0343 0268 rdpdr - ok
17:22:39.0453 0268 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
17:22:39.0468 0268 RDPWD - ok
17:22:39.0593 0268 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
17:22:39.0593 0268 redbook - ok
17:22:39.0734 0268 RSUSBSTOR (9145d2b7d0e45329a30af97e6764e184) C:\WINDOWS\system32\Drivers\RTS5121.sys
17:22:39.0734 0268 RSUSBSTOR - ok
17:22:39.0781 0268 RTLE8023xp (89619ef503f949fae09252a8b883ee11) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
17:22:39.0781 0268 RTLE8023xp - ok
17:22:39.0890 0268 s24trans (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
17:22:39.0890 0268 s24trans - ok
17:22:39.0968 0268 SAVOnAccessControl (d9df915972694b5274facc8d00492acd) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
17:22:39.0968 0268 SAVOnAccessControl - ok
17:22:40.0078 0268 SAVOnAccessFilter (31b35cca652a3553fa4fb99ea79c35bf) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
17:22:40.0078 0268 SAVOnAccessFilter - ok
17:22:40.0203 0268 SCREAMINGBDRIVER (a643d6df1b7546256b11fb5d6b5d1375) C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
17:22:40.0218 0268 SCREAMINGBDRIVER - ok
17:22:40.0250 0268 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
17:22:40.0250 0268 Secdrv - ok
17:22:40.0375 0268 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
17:22:40.0375 0268 Serial - ok
17:22:40.0421 0268 sfdrv01 (adeb7db47a6f3412283259176f408be5) C:\WINDOWS\system32\drivers\sfdrv01.sys
17:22:40.0421 0268 sfdrv01 - ok
17:22:40.0515 0268 sfhlp02 (c1376a954899d98488a19396ea3aae2b) C:\WINDOWS\system32\drivers\sfhlp02.sys
17:22:40.0515 0268 sfhlp02 - ok
17:22:40.0640 0268 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
17:22:40.0640 0268 Sfloppy - ok
17:22:40.0765 0268 sfvfs02 (d5a7e09d2c6a702809e49190d52adc9f) C:\WINDOWS\system32\drivers\sfvfs02.sys
17:22:40.0781 0268 sfvfs02 - ok
17:22:40.0859 0268 Simbad - ok
17:22:40.0906 0268 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
17:22:40.0906 0268 SLIP - ok
17:22:41.0062 0268 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
17:22:41.0062 0268 SophosBootDriver - ok
17:22:41.0078 0268 Sparrow - ok
17:22:41.0109 0268 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
17:22:41.0125 0268 splitter - ok
17:22:41.0218 0268 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
17:22:41.0218 0268 sr - ok
17:22:41.0359 0268 Srv (5252605079810904e31c332e241cd59b) C:\WINDOWS\system32\DRIVERS\srv.sys
17:22:41.0375 0268 Srv - ok
17:22:41.0468 0268 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
17:22:41.0468 0268 streamip - ok
17:22:41.0468 0268 SVRPEDRV - ok
17:22:41.0562 0268 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
17:22:41.0562 0268 swenum - ok
17:22:41.0703 0268 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
17:22:41.0703 0268 swmidi - ok
17:22:41.0796 0268 symc810 - ok
17:22:41.0796 0268 symc8xx - ok
17:22:41.0812 0268 SymIM - ok
17:22:41.0828 0268 SymIMMP - ok
17:22:41.0843 0268 sym_hi - ok
17:22:41.0859 0268 sym_u3 - ok
17:22:41.0921 0268 SynTP (d7b9ad3abd0f7f9f694d71f38b5c7b72) C:\WINDOWS\system32\DRIVERS\SynTP.sys
17:22:41.0937 0268 SynTP - ok
17:22:42.0062 0268 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
17:22:42.0062 0268 sysaudio - ok
17:22:42.0171 0268 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
17:22:42.0171 0268 taphss - ok
17:22:42.0234 0268 Tcpip (93ea8d04ec73a85db02eb8805988f733) C:\WINDOWS\system32\DRIVERS\tcpip.sys
17:22:42.0250 0268 Tcpip - ok
17:22:42.0359 0268 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
17:22:42.0359 0268 tdcmdpst - ok
17:22:42.0421 0268 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
17:22:42.0421 0268 TDPIPE - ok
17:22:42.0546 0268 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
17:22:42.0546 0268 TDTCP - ok
17:22:42.0656 0268 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
17:22:42.0656 0268 tdudf - ok
17:22:42.0781 0268 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
17:22:42.0796 0268 TermDD - ok
17:22:42.0890 0268 TosIde - ok
17:22:42.0953 0268 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
17:22:42.0953 0268 trudf - ok
17:22:43.0062 0268 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
17:22:43.0062 0268 Udfs - ok
17:22:43.0125 0268 ultra - ok
17:22:43.0281 0268 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
17:22:43.0281 0268 Update - ok
17:22:43.0406 0268 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
17:22:43.0421 0268 usbccgp - ok
17:22:43.0437 0268 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
17:22:43.0437 0268 usbehci - ok
17:22:43.0562 0268 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
17:22:43.0562 0268 usbhub - ok
17:22:43.0687 0268 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
17:22:43.0687 0268 usbprint - ok
17:22:43.0812 0268 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
17:22:43.0812 0268 usbstor - ok
17:22:43.0921 0268 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
17:22:43.0921 0268 usbuhci - ok
17:22:43.0984 0268 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
17:22:43.0984 0268 usbvideo - ok
17:22:44.0109 0268 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
17:22:44.0109 0268 UVCFTR - ok
17:22:44.0125 0268 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
17:22:44.0125 0268 VgaSave - ok
17:22:44.0218 0268 ViaIde - ok
17:22:44.0281 0268 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
17:22:44.0281 0268 VolSnap - ok
17:22:44.0421 0268 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
17:22:44.0421 0268 Wanarp - ok
17:22:44.0515 0268 WDICA - ok
17:22:44.0562 0268 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
17:22:44.0562 0268 wdmaud - ok
17:22:44.0734 0268 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
17:22:44.0734 0268 WS2IFSL - ok
17:22:44.0843 0268 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
17:22:44.0859 0268 WSTCODEC - ok
17:22:44.0906 0268 MBR (0x1B8) (09ce7397af23d4c0b331b89d0297cc7e) \Device\Harddisk0\DR0
17:22:45.0156 0268 \Device\Harddisk0\DR0 - ok
17:22:45.0187 0268 Boot (0x1200) (91fa2c0ec96ad771e3fb8f9df886fb85) \Device\Harddisk0\DR0\Partition0
17:22:45.0187 0268 \Device\Harddisk0\DR0\Partition0 - ok
17:22:45.0187 0268 ============================================================
17:22:45.0187 0268 Scan finished
17:22:45.0187 0268 ============================================================
17:22:45.0203 3816 Detected object count: 0
17:22:45.0203 3816 Actual detected object count: 0

aswMBR version 0.9.9.1618 Copyright© 2011 AVAST Software
Run date: 2012-02-19 17:23:42
-----------------------------
17:23:42.953 OS Version: Windows 5.1.2600 Service Pack 3
17:23:42.953 Number of processors: 2 586 0xF0D
17:23:42.953 ComputerName: NHSSCI06 UserName:
17:23:44.187 Initialize success
17:29:11.015 AVAST engine defs: 12021901
17:29:17.156 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:29:17.171 Disk 0 Vendor: TOSHIBA_ FG00 Size: 238475MB BusType: 3
17:29:17.203 Disk 0 MBR read successfully
17:29:17.203 Disk 0 MBR scan
17:29:17.250 Disk 0 Windows XP default MBR code
17:29:17.265 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 228973 MB offset 63
17:29:17.296 Disk 0 Partition 2 00 1C Hidd FAT32 LBA MSDOS5.0 9499 MB offset 468937350
17:29:17.328 Disk 0 scanning sectors +488392065
17:29:17.406 Disk 0 scanning C:\WINDOWS\system32\drivers
17:29:24.484 Service scanning
17:29:50.187 Modules scanning
17:30:03.812 Disk 0 trace - called modules:
17:30:03.828 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys iaStor.sys hal.dll
17:30:04.187 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a4ff6c8]
17:30:04.187 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8a4fd030]
17:30:04.921 AVAST engine scan C:\WINDOWS
17:30:09.125 AVAST engine scan C:\WINDOWS\system32
17:31:39.906 AVAST engine scan C:\WINDOWS\system32\drivers
17:31:53.765 AVAST engine scan C:\Documents and Settings\Administrator
17:33:15.406 File: C:\Documents and Settings\Administrator\Local Settings\Application Data\DRMnetmm\odbcMapInterval.dll **INFECTED** Win32:MalOb-GX [Cryp]
17:34:40.015 AVAST engine scan C:\Documents and Settings\All Users
17:36:10.046 Scan finished successfully
17:38:29.046 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
17:38:29.046 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"
So many ideas in mah brain !!!!!

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 19 February 2012 - 08:57 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

KillAll::

Folder::
c:\documents and settings\Administrator\Application Data\Kiweiq
c:\documents and settings\Administrator\Application Data\Jaohyc


Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 20 February 2012 - 07:12 PM

i cannot combofix will lagg and freeze. the first time i waited 2 hours then when i tried to move the mouse it was frozen so i waited some more and then restarted and tried again the same thing happened
So many ideas in mah brain !!!!!

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 20 February 2012 - 08:59 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 20 February 2012 - 09:17 PM

As of right now i am not experiencing redirects. IDK why though.
So many ideas in mah brain !!!!!

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 20 February 2012 - 09:37 PM

Hello


that is good but still run OTL for me as there are things I still need to delete


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 20 February 2012 - 09:38 PM

OTL logfile created on: 2/20/2012 8:17:30 PM - Run 1
OTL by OldTimer - Version 3.2.33.1 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.34 Gb Available Physical Memory | 18.31% Memory free
3.72 Gb Paging File | 2.40 Gb Available in Paging File | 64.54% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 223.61 Gb Total Space | 190.25 Gb Free Space | 85.08% Space Free | Partition Type: NTFS

Computer Name: NHSSCI06 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Administrator\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft Limited)
PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
PRC - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
PRC - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
PRC - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
PRC - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
PRC - C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
PRC - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
PRC - C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSMain.exe (TOSHIBA Corporation)
PRC - C:\WINDOWS\system32\TPSBattM.exe (TOSHIBA Corporation)
PRC - C:\Program Files\Lightspeed Systems\User Agent\UAService.exe (Lightspeed Systems)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\DDWMon.exe (TOSHIBA Corporation)
PRC - C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
PRC - C:\TOSHIBA\IVP\ISM\pinger.exe ()
PRC - C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
PRC - C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe (TOSHIBA CORPORATION)
PRC - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Lavasoft\Ad-Aware\VipreBridge.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\thorax.aaw ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libMachoUniv.dll ()
MOD - C:\Documents and Settings\All Users\Application Data\Lavasoft\Ad-Aware\Defs\Extended\libBase64.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Lavasoft\Ad-Aware\Vipre.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\lang\gui-eng.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpntray.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
MOD - C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Valuetype.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_PortableServer.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_SSLIOP.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_Security.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\libeay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ACE_SSL.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ssleay32.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\TAO_DynamicAny.dll ()
MOD - C:\Program Files\Sophos\Remote Management System\ace.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libidn-11.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libssl32.dll ()
MOD - C:\Program Files\Hotspot Shield\bin\libeay32.dll ()
MOD - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
MOD - C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe ()
MOD - C:\Program Files\Intel\WiFi\bin\iWMSProv.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\WINDOWS\system32\qcap.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\system32\tsd32.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Program Files\Lightspeed Systems\User Agent\NvClient.dll ()
MOD - C:\Program Files\TOSHIBA\TOSHIBA Applet\TouchPad_ONOFF.dll ()
MOD - C:\TOSHIBA\IVP\ISM\pinger.exe ()


========== Win32 Services (SafeList) ==========

SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (HssTrayService) -- C:\Program Files\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (hshld) -- C:\Program Files\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssWd) -- C:\Program Files\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssSrv) -- C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (swi_service) -- C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Plc)
SRV - (SAVService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Plc)
SRV - (SAVAdminService) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Plc)
SRV - (Sophos Agent) -- C:\Program Files\Sophos\Remote Management System\ManagementAgentNT.exe (Sophos Plc)
SRV - (Sophos Message Router) -- C:\Program Files\Sophos\Remote Management System\RouterNT.exe (Sophos Plc)
SRV - (Sophos AutoUpdate Service) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe (Sophos Plc)
SRV - (Swupdtmr) -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe ()
SRV - (EvtEng) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Intel® Corporation)
SRV - (S24EventMonitor) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Intel® Corporation)
SRV - (RegSrvc) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel® Corporation)
SRV - (TAPPSRV) -- C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe (TOSHIBA Corp.)
SRV - (TODDSrv) -- C:\WINDOWS\system32\TODDSrv.exe (TOSHIBA Corporation)
SRV - (UAService) -- C:\Program Files\Lightspeed Systems\User Agent\UAService.exe (Lightspeed Systems)
SRV - (pinger) -- C:\TOSHIBA\IVP\ISM\pinger.exe ()
SRV - (AgereModemAudio) -- C:\WINDOWS\system32\agrsmsvc.exe (Agere Systems)
SRV - (CFSvcs) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe (TOSHIBA CORPORATION)


========== Driver Services (SafeList) ==========

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys ()
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (SAVOnAccessControl) -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys (Sophos Plc)
DRV - (SAVOnAccessFilter) -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys (Sophos Plc)
DRV - (SophosBootDriver) -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (dtsoftbus01) -- C:\WINDOWS\system32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (HssDrv) -- C:\WINDOWS\system32\drivers\HssDrv.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\WINDOWS\system32\drivers\taphss.sys (AnchorFree Inc)
DRV - (SCREAMINGBDRIVER) -- C:\WINDOWS\system32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)
DRV - (NETw5x32) Intel® -- C:\WINDOWS\system32\drivers\NETw5x32.sys (Intel Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (UVCFTR) -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS (Chicony Electronics Co., Ltd.)
DRV - (FANTOM) -- C:\WINDOWS\system32\drivers\fantom.sys (National Instruments Corporation)
DRV - (FwLnk) -- C:\WINDOWS\system32\drivers\FwLnk.sys (TOSHIBA Corporation)
DRV - (tdudf) -- C:\WINDOWS\system32\drivers\tdudf.sys (TOSHIBA Corporation)
DRV - (tdcmdpst) -- C:\WINDOWS\system32\drivers\tdcmdpst.sys (TOSHIBA Corporation.)
DRV - (trudf) -- C:\WINDOWS\system32\drivers\trudf.sys (TOSHIBA Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\system32\drivers\AGRSM.sys (Agere Systems)
DRV - (sfdrv01) StarForce Protection Environment Driver (version 1.x) -- C:\WINDOWS\System32\drivers\sfdrv01.sys (Protection Technology (StarForce))
DRV - (sfhlp02) StarForce Protection Helper Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfhlp02.sys (Protection Technology (StarForce))
DRV - (sfvfs02) StarForce Protection VFS Driver (version 2.x) -- C:\WINDOWS\System32\drivers\sfvfs02.sys (Protection Technology)
DRV - (Netdevio) -- C:\WINDOWS\system32\drivers\Netdevio.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2613391608-432973890-1740122293-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2613391608-432973890-1740122293-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
IE - HKU\S-1-5-21-2613391608-432973890-1740122293-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.http_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.no_proxies_on: "localhost, 127.0.0.1"
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl: ""
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.ssl_port: 0
FF - prefs.js..extensions.charles.settings.disabled.network.proxy.type: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.http_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.no_proxies_on: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.share_proxy_settings: false
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks: ""
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.socks_port: 0
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl: "127.0.0.1"
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.ssl_port: 8888
FF - prefs.js..extensions.charles.settings.enabled.network.proxy.type: 1
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ( )
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/10 22:13:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/25 13:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/09/14 15:47:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions-BackupByFirefoxPortable
[2012/02/13 18:28:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\59hmow3s.default\extensions
[2012/01/10 22:13:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/10/12 19:58:53 | 000,000,000 | ---D | M] (afurladvisor) -- C:\Program Files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\59HMOW3S.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/10/14 21:00:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2012/01/10 22:13:23 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/09/02 15:25:59 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/10 18:16:29 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/19 16:47:36 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7227.1100\swg.dll (Google Inc.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin File not found
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [CFSServ.exe] CFSServ.exe -NoClient File not found
O4 - HKLM..\Run: [DDWMon] C:\Program Files\TOSHIBA\TOSHIBA Direct Disc Writer\\ddwmon.exe ()
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel® Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel® Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NDSTray.exe] NDSTray.exe File not found
O4 - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [THotkey] C:\Program Files\TOSHIBA\TOSHIBA Applet\THotkey.exe (TOSHIBA)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-21-2613391608-432973890-1740122293-500..\Run: [LtMoh] C:\Program Files\ltmoh\ltmoh.exe (Agere Systems)
O4 - HKU\S-1-5-21-2613391608-432973890-1740122293-500..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2613391608-432973890-1740122293-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2613391608-432973890-1740122293-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2613391608-432973890-1740122293-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2613391608-432973890-1740122293-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = natalia.k12.tx.us
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{433E494E-0636-4DA9-BA42-D18FCC602B31}: DhcpNameServer = 192.168.1.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/24 18:31:48 | 000,000,047 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/20 20:16:01 | 000,583,168 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/19 20:44:34 | 000,000,000 | --SD | C] -- C:\Gringo
[2012/02/19 20:06:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/02/19 17:22:13 | 004,729,344 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/19 17:21:49 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller final.exe
[2012/02/19 16:23:50 | 004,414,512 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Gringo.exe
[2012/02/19 14:54:55 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/19 14:43:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/18 19:04:58 | 000,000,000 | ---D | C] -- C:\found.000
[2012/02/18 18:12:19 | 004,406,994 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\1242.com.exe
[2012/02/18 17:57:24 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/18 17:53:09 | 002,060,336 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\twin.123.com.exe
[2012/02/18 16:54:06 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2012/02/18 16:51:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/18 16:51:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2012/02/17 20:41:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\DDS and GMER
[2012/02/17 18:07:10 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/17 18:02:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/17 18:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/17 18:02:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2012/02/17 18:00:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2012/02/17 18:00:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/17 18:00:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/02/17 18:00:36 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/02/17 18:00:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/17 17:45:07 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\WINDOWS\System32\drivers\Lbd.sys
[2012/02/17 17:44:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2012/02/17 17:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft
[2012/02/17 17:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Lavasoft
[2012/02/16 21:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2012/02/16 21:37:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/02/16 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2012/02/16 21:37:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/02/12 22:12:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\iTunesCommonUsb
[2012/02/12 20:48:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\SIX WEEKS TEST
[2012/02/05 18:05:48 | 000,000,000 | ---D | C] -- C:\Twig
[2012/02/05 18:03:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Sophos
[2012/02/05 18:02:56 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2012/02/05 14:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Kiweiq
[2012/02/05 14:17:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Jaohyc
[2012/02/04 14:11:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2012/02/02 21:38:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Removable disk mama flash drive first day of school
[2012/02/02 21:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2012/02/02 21:35:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2012/02/02 21:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2012/02/02 18:56:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Screaming Bee
[2012/02/02 18:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Screaming Bee
[2012/02/02 18:43:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Screaming Bee
[2012/02/02 18:22:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Voice Changer Software DIAMOND
[2012/02/02 18:22:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avnex
[2012/02/02 18:22:09 | 000,000,000 | ---D | C] -- C:\Program Files\AV Vcs 7.0 DIAMOND
[2012/01/30 20:20:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sophos Web Intelligence
[2012/01/30 20:19:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Cisco Systems
[2012/01/30 20:19:50 | 000,028,912 | ---- | C] (Sophos Plc) -- C:\WINDOWS\System32\SophosBootTasks.exe
[2012/01/28 11:05:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Stellarium
[2012/01/28 11:05:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Stellarium
[2012/01/28 11:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Stellarium
[2012/01/24 22:07:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Science360 - The Knowledge Network - Chemistry_files
[2012/01/24 18:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TI-83 Plus Flash Debugger
[2012/01/24 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\TI Shared
[2012/01/24 18:31:46 | 000,000,000 | ---D | C] -- C:\Program Files\TI Education
[2008/09/11 12:39:31 | 004,812,400 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/20 20:18:38 | 000,350,058 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/02/20 20:18:38 | 000,056,868 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/02/20 20:16:02 | 000,583,168 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/02/20 20:14:42 | 000,000,486 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/20 20:13:43 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/02/20 20:13:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/02/20 20:13:13 | 2009,063,424 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/20 18:35:01 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500UA.job
[2012/02/20 18:35:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500Core.job
[2012/02/20 18:32:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/02/20 17:46:32 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/20 17:46:32 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/19 17:38:29 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/19 17:23:12 | 004,729,344 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2012/02/19 17:22:04 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\tdsskiller final.exe
[2012/02/19 16:47:36 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/02/19 16:24:10 | 004,414,512 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\Gringo.exe
[2012/02/19 15:05:03 | 000,005,933 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\image.jpeg
[2012/02/19 14:54:55 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012/02/19 14:43:38 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2012/02/19 14:43:05 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/18 18:12:24 | 004,406,994 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\1242.com.exe
[2012/02/18 17:53:35 | 002,060,336 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\twin.123.com.exe
[2012/02/18 17:51:52 | 003,566,168 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/18 17:19:20 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/17 20:38:53 | 000,000,156 | ---- | M] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/17 18:07:07 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/02/17 18:07:01 | 000,016,432 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 18:02:38 | 000,000,959 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/17 18:02:38 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/02/17 18:00:39 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 17:45:22 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/07 20:38:34 | 000,000,183 | ---- | M] () -- C:\WINDOWS\hpbafd.ini
[2012/02/03 19:22:59 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/02/03 19:20:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/02/02 21:35:37 | 000,000,727 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/02 18:43:11 | 000,001,859 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\MorphVOX Junior.lnk
[2012/02/02 18:23:08 | 000,000,895 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Voice Changer 7.0 Diamond.lnk
[2012/01/28 11:05:50 | 000,001,598 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2012/01/25 17:34:12 | 000,097,931 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\acidsBasesSaltsWkst.pdf
[2012/01/24 22:07:40 | 000,024,729 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Science360 - The Knowledge Network - Chemistry.htm
[2012/01/24 18:31:48 | 000,001,948 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TI-83 Plus Flash Debugger.lnk
[2012/01/24 18:31:48 | 000,000,047 | ---- | M] () -- C:\AUTOEXEC.BAT
[2012/01/24 17:19:18 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/19 17:38:29 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2012/02/19 15:05:02 | 000,005,933 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\image.jpeg
[2012/02/19 14:43:04 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Defogger.exe
[2012/02/18 17:51:12 | 003,566,168 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/02/17 20:38:51 | 000,000,156 | ---- | C] () -- C:\Documents and Settings\Administrator\defogger_reenable
[2012/02/17 19:28:12 | 000,016,432 | ---- | C] () -- C:\WINDOWS\System32\lsdelete.exe
[2012/02/17 18:02:38 | 000,000,959 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/02/17 18:02:37 | 000,000,941 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Spybot - Search & Destroy.lnk
[2012/02/17 18:00:39 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/17 17:46:25 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2012/02/17 17:46:25 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2012/02/17 17:46:19 | 000,000,486 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/02/17 17:45:22 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware.lnk
[2012/02/02 21:35:37 | 000,000,727 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2012/02/02 18:43:11 | 000,001,859 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\MorphVOX Junior.lnk
[2012/02/02 18:30:28 | 000,001,010 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500UA.job
[2012/02/02 18:30:28 | 000,000,958 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2613391608-432973890-1740122293-500Core.job
[2012/02/02 18:23:08 | 000,000,895 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Voice Changer 7.0 Diamond.lnk
[2012/01/28 11:05:50 | 000,001,598 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Stellarium.lnk
[2012/01/25 17:34:11 | 000,097,931 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\acidsBasesSaltsWkst.pdf
[2012/01/24 22:07:39 | 000,024,729 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Science360 - The Knowledge Network - Chemistry.htm
[2012/01/24 18:31:48 | 000,001,948 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\TI-83 Plus Flash Debugger.lnk
[2012/01/02 20:32:23 | 000,103,190 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2012/01/02 20:32:23 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2012/01/02 20:32:15 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2011/12/27 22:13:17 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/27 22:13:17 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/27 22:13:17 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/27 22:13:17 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/27 22:13:17 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/10 18:17:52 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/08 16:14:41 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

< End of report >
So many ideas in mah brain !!!!!

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:48 PM

Posted 20 February 2012 - 10:06 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :Files
    C:\Documents and Settings\Administrator\Application Data\Kiweiq
    C:\Documents and Settings\Administrator\Application Data\Jaohyc
    C:\Documents and Settings\Administrator\Local Settings\Application Data\DRMnetmm
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 f6e9a25

f6e9a25
  • Topic Starter

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Sun
  • Local time:09:48 PM

Posted 21 February 2012 - 07:46 PM

I did that and it froze my computer, so i let my computer be for about 50 min then restarted it. Just wondering is empty java in caps or no in the script
do you want me to try again?
i am not experiancing redirects anymore, but i don't recall removing the malware
So many ideas in mah brain !!!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users