Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected searches

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Redirected searches

Unread postby Cypher » September 29th, 2010, 4:46 am

Hi greshick.

Back Up registry with ERUNT

  • Please use the following link and download ERUNT to your desktop. HERE
  • Click on the erunt-setup.exe
  • Follow the prompts to install ERUNT
  • Choose language
  • A set up window will pop up. It will ask: Create ERUNT entry in to the Start up folder, answer NO

    Image
  • Backup your registry to the default location

Note: To restore your registry (if needed), go to the folder and start ERDNT.exe

Next.

Download and run OTM

Download OTM.exe by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Right-click then copy the following code, Do not include the word Code.
    Code: Select all
    :Services
    a2sq61zb
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\instanteyedropper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Shortcut to sunbird.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Xfire.lnk]
    [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^ZooskMessenger.lnk]
    
    :Files
    C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
    C:\WINDOWS\system32\drivers\a2sq61zb.sys
    
    :Commands
    [emptytemp]
    [start explorer]
    [Reboot]
    

    • Return to OTM, right-click then paste the code into the blank box below Image
    • Next click on the large Image button.
    • OTM may ask to reboot the machine. Please do so if asked.
    • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next.

Re-run - RSIT (Random's System Information Tool)

You should still have this program on your desktop.
  • Double click on RSIT.exe to run it.
  • Please read the disclaimer... click on Continue.
  • RSIT will start running. When done... ONLY the "C:\RSIT\log.txt"...will be reproduced. (it will be maximized)
  • Please post ONLY the "log.txt", file contents in your next reply.
    (This log can be lengthy, so a separate post may be needed.)

Next.

Please download TDSSKiller.zip and extract (unzip) it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.
  • DO NOT TRY TO FIX ANYTHING AT THIS POINT


Logs/Information to Post in your Next Reply

  • OTM log.
  • RSIT log.txt.
  • TDSSKiller log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: Redirected searches

Unread postby greshick » September 29th, 2010, 4:09 pm

All processes killed
========== SERVICES/DRIVERS ==========
Error: No service named a2sq61zb was found to stop!
Service\Driver key a2sq61zb not found.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igndlm.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\instanteyedropper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^OfficeSAS.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Shortcut to sunbird.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^Xfire.lnk\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^andrew^Start Menu^Programs^Startup^ZooskMessenger.lnk\ deleted successfully.
========== FILES ==========
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
File/Folder C:\WINDOWS\system32\drivers\a2sq61zb.sys not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 121514 bytes
->Flash cache emptied: 56504 bytes

User: All Users

User: andrew
->Temp folder emptied: 259429294 bytes
->Temporary Internet Files folder emptied: 705082846 bytes
->Java cache emptied: 84641751 bytes
->FireFox cache emptied: 233029420 bytes
->Google Chrome cache emptied: 7621181 bytes
->Flash cache emptied: 206792 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56504 bytes

User: LocalService
->Temp folder emptied: 68896 bytes
->Temporary Internet Files folder emptied: 35471095 bytes
->Java cache emptied: 25817 bytes
->Flash cache emptied: 36659 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 37938716 bytes
->Java cache emptied: 5547058 bytes
->Flash cache emptied: 72291 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2518635 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 66749999 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 23943622 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 11733 bytes

Total Files Cleaned = 1,395.00 mb


OTM by OldTimer - Version 3.1.16.1 log created on 09292010_145906

Files moved on Reboot...
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\I12LM5OP\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\89STCDWX\size=234x60;noperf=1;alias=93302169;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;grp=96[1].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[19] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[20] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\4BYNET0B\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;cfp=1;rndc=125996456;noperf=1;alias=93302169;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_b[1] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[10].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[11].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[12].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[13].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[14].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[15].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[16].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[17].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[18].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[19].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[1].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[2].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[3].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[4].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5] not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[5].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[6].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[7].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[8].htm not found!
File C:\Documents and Settings\andrew\Local Settings\Temp\Temporary Internet Files\Content.IE5\0F8H6NGB\size=234x60;noperf=1;alias=93302169;cfp=1;noaddonpl=y;artexc=all;artinc=art_image%2Cart_img1x1%2Cart_3pimg%2Cart_text%2Cart_imgtrack;kvmn=93302169;target=_blank;aduho=360;[9].htm not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_170.dat not found!

Registry entries deleted on Reboot...
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 29th, 2010, 4:11 pm

Logfile of random's system information tool 1.08 (written by random/random)
Run by andrew at 2010-09-29 15:10:21
Microsoft Windows XP Professional Service Pack 3
System drive C: has 7 GB (9%) free of 75 GB
Total RAM: 2046 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:10:29 PM, on 9/29/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\EVEMon\EVEMon.exe
C:\Program Files\DisplayFusion\DisplayFusion.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\EVE Metrics Uploader\TrayUploader.exe
C:\program files\steam\steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Pandora\Pandora.exe
C:\Program Files\Digsby\lib\digsby-app.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 1\plugin-container.exe
Z:\Downloads\RSIT.exe
C:\Program Files\trend micro\andrew.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netflix.com/WiHome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [EVEMon] "C:\Program Files\EVEMon\EVEMon.exe" -startMinimized
O4 - HKCU\..\Run: [DisplayFusion] "C:\Program Files\DisplayFusion\DisplayFusion.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EVEMetricsUploader] "C:\Program Files\EVE Metrics Uploader\TrayUploader.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - Startup: Digsby.lnk = C:\Program Files\Digsby\digsby.exe
O4 - Startup: hamachi-2-ui.exe
O4 - Startup: Pandora.lnk = C:\Program Files\Pandora\Pandora.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{9E251492-1D11-4270-8095-A9DACB15416B}: NameServer = 4.2.2.4,4.2.2.3
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FileZilla Server FTP server (FileZilla Server) - FileZilla Project - C:\Program Files\FileZilla Server\FileZilla Server.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 8055 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-GRESHICK-andrew.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-776561741-1390067357-839522115-1003UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-03 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
AOLSearchHook Class - C:\Program Files\AIM Search\AOLSearch.dll [2009-10-01 111976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2009-11-03 556432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53}]
Google Gears Helper - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll [2010-02-23 2121728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-11-24 81000]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-09-22 14854144]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2010-03-30 1820040]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2010-06-01 2039240]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-07-09 13923432]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-07-09 110696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EVEMon"=C:\Program Files\EVEMon\EVEMon.exe [2010-08-16 1594880]
"DisplayFusion"=C:\Program Files\DisplayFusion\DisplayFusion.exe [2009-10-14 631984]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"EVEMetricsUploader"=C:\Program Files\EVE Metrics Uploader\TrayUploader.exe [2009-07-23 165376]
"Steam"=c:\program files\steam\steam.exe [2010-08-13 1242448]
"Skype"=C:\Program Files\Skype\\Phone\Skype.exe [2010-09-02 13351304]

C:\Documents and Settings\andrew\Start Menu\Programs\Startup
Digsby.lnk - C:\Program Files\Digsby\digsby.exe
hamachi-2-ui.exe
Pandora.lnk - C:\Program Files\Pandora\Pandora.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"C:\Program Files\AIM\aim.exe"="C:\Program Files\AIM\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\Program Files\CCP\EVE\bin\ExeFile.exe"="C:\Program Files\CCP\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\evetest\EVE\bin\ExeFile.exe"="C:\Program Files\evetest\EVE\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\Program Files\SecondLife\SLVoice.exe"="C:\Program Files\SecondLife\SLVoice.exe:*:Enabled:SLVoice"
"C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe"="C:\Program Files\THQ\Gas Powered Games\Supreme Commander - Forged Alliance\bin\ForgedAlliance.exe:*:Enabled:Supreme Commander - Forged Alliance"
"C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe"="C:\Program Files\THQ\Gas Powered Games\GPGNet\GPG.Multiplayer.Client.exe:*:Enabled:GPGNet - Supreme Commander - Forged Alliance"
"C:\Program Files\Synergy\synergys.exe"="C:\Program Files\Synergy\synergys.exe:*:Enabled:synergys"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\EVEMon\EVEMon.exe"="C:\Program Files\EVEMon\EVEMon.exe:*:Enabled:EVEMon"
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\xchat\xchat.exe"="C:\Program Files\xchat\xchat.exe:*:Enabled:XChat IRC Client"
"C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipsec.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipsec.exe:*:Enabled:eclipsec"
"C:\Program Files\NetBeans 6.8as\bin\netbeans.exe"="C:\Program Files\NetBeans 6.8as\bin\netbeans.exe:*:Enabled:netbeans"
"C:\Program Files\HTC\Aces High II\aceshigh.exe"="C:\Program Files\HTC\Aces High II\aceshigh.exe:*:Enabled:aceshigh"
"C:\Documents and Settings\andrew\My Documents\Downloads\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\teamspeak3-server_win32\ts3server_win32.exe"="C:\Program Files\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Documents and Settings\andrew\Local Settings\Application Data\Xenocode\Sandbox\2.2.3530.29059\2009.08.31T22.09\Native\STUBEXE\@PROGRAMFILES@\Microsoft Games\Allegiance\ALLEGIANCE.EXE"="C:\Documents and Settings\andrew\Local Settings\Application Data\Xenocode\Sandbox\2.2.3530.29059\2009.08.31T22.09\Native\STUBEXE\@PROGRAMFILES@\Microsoft Games\Allegiance\ALLEGIANCE.EXE:*:Enabled:ALLEGIANCE"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization iv\Civilization4.exe:*:Enabled:Sid Meier's Civilization IV"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization iv beyond the sword\Beyond the Sword\Civ4BeyondSword.exe:*:Enabled:Sid Meier's Civilization 4 : Beyond The Sword"
"C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe"="C:\Program Files\OPNET EDU\9.1.A\sys\pc_intel_win32\bin\itguru.exe:*:Enabled:OPNET 9.1.A"
"C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipse.exe"="C:\Documents and Settings\andrew\My Documents\Downloads\eclipse\eclipse.exe:*:Enabled:eclipse"
"C:\Program Files\Talkative IRC\Talkative IRC.exe"="C:\Program Files\Talkative IRC\Talkative IRC.exe:*:Enabled:Talkative IRC"
"C:\Program Files\Heroes of Newerth\hon.exe"="C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\StarCraft II Beta\StarCraft II.exe"="C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"Z:\StarCraft II Beta\StarCraft II.exe"="Z:\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher"
"Z:\StarCraft II Beta\Versions\Base15133\SC2.exe"="Z:\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II"
"Z:\StarCraft II Beta\Versions\Base15250\SC2.exe"="Z:\StarCraft II Beta\Versions\Base15250\SC2.exe:*:Enabled:StarCraft II"
"Z:\adobe\Adobe Flash Builder 4\FlashBuilder.exe"="Z:\adobe\Adobe Flash Builder 4\FlashBuilder.exe:*:Enabled:FlashBuilder"
"Z:\iTunes\iTunes.exe"="Z:\iTunes\iTunes.exe:*:Enabled:iTunes"
"Z:\evetest\bin\ExeFile.exe"="Z:\evetest\bin\ExeFile.exe:*:Enabled:CCP ExeFile"
"C:\WINDOWS\Temp\~os12.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os12.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\RelevantKnowledge\rlvknlg.exe"="C:\Program Files\RelevantKnowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"Z:\LiveZilla\LiveZilla Server Admin.exe"="Z:\LiveZilla\LiveZilla Server Admin.exe:*:Enabled:LiveZilla Server Admin"
"Z:\xampp\mysql\bin\mysqld.exe"="Z:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"Z:\xampp\FileZillaFTP\FileZilla Server.exe"="Z:\xampp\FileZillaFTP\FileZilla Server.exe:*:Enabled:FileZilla Server"
"C:\Riot Games\League of Legends\air\LolClient.exe"="C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby"
"C:\Riot Games\League of Legends\game\League of Legends.exe"="C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client"
"C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe"="C:\Program Files\Steam\steamapps\common\alien swarm\srcds.exe:*:Enabled:Alien Swarm Dedicated Server"
"C:\Program Files\Digsby\lib\digsby-app.exe"="C:\Program Files\Digsby\lib\digsby-app.exe:*:Enabled:Digsby"
"C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe"="C:\Program Files\Mozilla Firefox 4.0 Beta 1\firefox.exe:*:Enabled:Firefox"
"C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe"="C:\Documents and Settings\andrew\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\Program Files\Steam\steamapps\greshick\team fortress 2\hl2.exe"="C:\Program Files\Steam\steamapps\greshick\team fortress 2\hl2.exe:*:Enabled:hl2"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization v\Launcher.exe:*:Enabled:Sid Meier's Civilization V"
"C:\Program Files\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe"="C:\Program Files\Steam\steamapps\common\sid meier's civilization v\CivilizationV.exe:*:Enabled:Sid Meier's Civilization V"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2010-09-29 14:56:28 ----D---- C:\9-29-2010
2010-09-29 14:55:59 ----D---- C:\Program Files\ERUNT
2010-09-27 19:47:45 ----D---- C:\rsit
2010-09-26 00:49:56 ----A---- C:\WINDOWS\ntbtlog.txt
2010-09-26 00:35:36 ----A---- C:\WINDOWS\OEWABLog.txt
2010-09-25 09:30:22 ----D---- C:\Program Files\Trend Micro
2010-09-22 21:49:51 ----D---- C:\Python25
2010-09-22 20:56:28 ----D---- C:\Program Files\OpenRPG
2010-09-08 23:49:00 ----A---- C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010-09-08 23:48:59 ----D---- C:\Program Files\CPUID
2010-09-06 10:15:54 ----HD---- C:\WINDOWS\system32\GroupPolicy
2010-09-03 17:49:37 ----D---- C:\Documents and Settings\andrew\Application Data\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
2010-09-03 17:49:23 ----D---- C:\Program Files\ZooskMessenger

======List of files/folders modified in the last 1 months======

2010-09-29 15:10:30 ----D---- C:\WINDOWS\Prefetch
2010-09-29 15:08:19 ----D---- C:\Documents and Settings\andrew\Application Data\Skype
2010-09-29 15:07:06 ----D---- C:\Program Files\Steam
2010-09-29 15:06:30 ----D---- C:\WINDOWS\Temp
2010-09-29 15:06:04 ----D---- C:\WINDOWS\system32\Lang
2010-09-29 15:05:56 ----D---- C:\WINDOWS\system32\CatRoot2
2010-09-29 15:04:03 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-09-29 15:03:51 ----D---- C:\WINDOWS\system32
2010-09-29 15:03:51 ----D---- C:\WINDOWS
2010-09-29 14:59:13 ----SD---- C:\WINDOWS\Tasks
2010-09-29 14:55:59 ----RD---- C:\Program Files
2010-09-29 08:08:07 ----D---- C:\Documents and Settings\andrew\Application Data\skypePM
2010-09-29 07:47:50 ----SHD---- C:\WINDOWS\Installer
2010-09-29 07:47:46 ----SHD---- C:\Config.Msi
2010-09-28 06:44:32 ----D---- C:\WINDOWS\system32\drivers
2010-09-27 23:07:57 ----D---- C:\Program Files\EFT
2010-09-27 23:07:57 ----D---- C:\Documents and Settings\andrew\Application Data\TeraCopy
2010-09-27 20:03:46 ----D---- C:\WINDOWS\network diagnostic
2010-09-27 19:31:06 ----D---- C:\Program Files\Java
2010-09-27 19:28:25 ----D---- C:\Program Files\Common Files
2010-09-27 19:26:03 ----D---- C:\Documents and Settings\All Users\Application Data\Sun
2010-09-27 17:39:50 ----D---- C:\WINDOWS\system32\NtmsData
2010-09-27 16:17:49 ----D---- C:\WINDOWS\repair
2010-09-27 16:17:33 ----D---- C:\WINDOWS\Registration
2010-09-26 01:20:45 ----D---- C:\WINDOWS\security
2010-09-26 00:35:15 ----D---- C:\Documents and Settings
2010-09-25 17:29:32 ----D---- C:\Documents and Settings\All Users\Application Data\CCP
2010-09-25 15:55:23 ----D---- C:\Documents and Settings\andrew\Application Data\DisplayFusion
2010-09-23 17:17:19 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 1
2010-09-21 18:26:06 ----D---- C:\WINDOWS\system32\DirectX
2010-09-21 18:26:04 ----HD---- C:\WINDOWS\inf
2010-09-21 18:24:49 ----RSD---- C:\WINDOWS\assembly
2010-09-21 18:23:31 ----D---- C:\WINDOWS\WinSxS
2010-09-12 22:44:05 ----D---- C:\Documents and Settings\andrew\Application Data\Mozilla
2010-09-12 07:34:27 ----HDC---- C:\WINDOWS\$NtUninstallKB971557_0$
2010-09-11 16:58:24 ----D---- C:\Program Files\Mozilla Firefox
2010-09-10 20:33:54 ----D---- C:\Documents and Settings\andrew\Application Data\Mumble
2010-09-04 08:52:02 ----D---- C:\WINDOWS\pss
2010-09-02 08:45:17 ----D---- C:\Program Files\Digsby
2010-09-01 07:42:10 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-08-31 15:49:41 ----D---- C:\Program Files\Full Tilt Poker
2010-08-30 22:18:42 ----D---- C:\Documents and Settings\andrew\Application Data\.purple

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 Inspect;COMODO Internet Security Firewall Driver; C:\WINDOWS\System32\DRIVERS\inspect.sys [2010-06-01 87824]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-11-30 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2009-11-24 27408]
R1 aswSP;avast! Self Protection; C:\WINDOWS\system32\drivers\aswSP.sys [2009-09-15 114768]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2009-11-24 48560]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2010-06-04 229312]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2010-06-01 25240]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2009-09-15 20560]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2009-09-15 94160]
R2 cpuz134;cpuz134; \??\C:\WINDOWS\system32\drivers\cpuz134_x32.sys []
R3 AmdLLD;AMD Low Level Device Driver; C:\WINDOWS\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2009-11-24 23120]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM; C:\WINDOWS\system32\drivers\Envy24HF.sys [2007-11-30 651712]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-09-23 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-09-23 3966976]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2010-07-09 10604128]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2009-07-28 143360]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;USB Video Device (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-13 121984]
S2 adfs;adfs; C:\WINDOWS\system32\drivers\adfs.sys []
S3 a25kqzk3;a25kqzk3; C:\WINDOWS\system32\drivers\a25kqzk3.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-16 41472]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys [2010-03-25 99728]
S3 VBoxNetFlt;VBoxNetFlt Service; C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys []
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]
S4 RsFx0102;RsFx0102 Driver; C:\WINDOWS\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-04-16 144672]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2009-11-24 18752]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2009-11-24 138680]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2010-06-01 1778480]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2010-03-30 1107336]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2008-08-15 40999448]
R2 nvsvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2010-07-09 155752]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2009-11-24 254040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2009-11-24 352920]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-06-16 136176]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FileZilla Server;FileZilla Server FTP server; C:\Program Files\FileZilla Server\FileZilla Server.exe [2010-07-18 740864]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-04-28 545576]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2009-09-26 149336]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-09-26 4639136]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-08-15 47128]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-08-15 369688]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2008-07-10 258072]

-----------------EOF-----------------
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 29th, 2010, 4:14 pm

2010/09/29 15:12:39.0656 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/29 15:12:39.0656 ================================================================================
2010/09/29 15:12:39.0656 SystemInfo:
2010/09/29 15:12:39.0656
2010/09/29 15:12:39.0656 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/29 15:12:39.0656 Product type: Workstation
2010/09/29 15:12:39.0656 ComputerName: GRESHICK
2010/09/29 15:12:39.0656 UserName: andrew
2010/09/29 15:12:39.0656 Windows directory: C:\WINDOWS
2010/09/29 15:12:39.0656 System windows directory: C:\WINDOWS
2010/09/29 15:12:39.0656 Processor architecture: Intel x86
2010/09/29 15:12:39.0656 Number of processors: 4
2010/09/29 15:12:39.0656 Page size: 0x1000
2010/09/29 15:12:39.0656 Boot type: Normal boot
2010/09/29 15:12:39.0656 ================================================================================
2010/09/29 15:12:40.0703 Initialize success
2010/09/29 15:12:56.0109 ================================================================================
2010/09/29 15:12:56.0109 Scan started
2010/09/29 15:12:56.0109 Mode: Manual;
2010/09/29 15:12:56.0109 ================================================================================
2010/09/29 15:12:56.0687 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/29 15:12:56.0750 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/29 15:12:56.0781 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/29 15:12:56.0875 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/29 15:12:56.0890 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/29 15:12:56.0968 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2010/09/29 15:12:57.0046 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2010/09/29 15:12:57.0062 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/29 15:12:57.0093 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/29 15:12:57.0109 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/29 15:12:57.0125 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/29 15:12:57.0171 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/29 15:12:57.0187 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/29 15:12:57.0218 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/29 15:12:57.0265 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/29 15:12:57.0312 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/29 15:12:57.0375 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/29 15:12:57.0406 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/29 15:12:57.0437 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/29 15:12:57.0468 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/29 15:12:57.0484 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/29 15:12:57.0531 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/09/29 15:12:57.0546 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/09/29 15:12:57.0609 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010/09/29 15:12:57.0656 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/29 15:12:57.0703 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/29 15:12:57.0765 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/29 15:12:57.0781 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/29 15:12:57.0812 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/29 15:12:57.0843 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/29 15:12:57.0890 Envy24HFS (ac913b7ab3a8c69a7b341d9f69fe1d04) C:\WINDOWS\system32\drivers\Envy24HF.sys
2010/09/29 15:12:57.0953 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/29 15:12:57.0984 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/29 15:12:58.0000 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/29 15:12:58.0015 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/29 15:12:58.0046 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/29 15:12:58.0093 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/29 15:12:58.0125 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/29 15:12:58.0156 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/29 15:12:58.0187 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/29 15:12:58.0234 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/09/29 15:12:58.0281 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/29 15:12:58.0359 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/29 15:12:58.0421 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/29 15:12:58.0437 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/29 15:12:58.0484 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/09/29 15:12:58.0609 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/29 15:12:58.0656 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/29 15:12:58.0687 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/29 15:12:58.0718 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/29 15:12:58.0734 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/29 15:12:58.0750 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/29 15:12:58.0765 IPSec (e14ad0bd98176d39bce7991489f8e685) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/29 15:12:58.0781 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: e14ad0bd98176d39bce7991489f8e685, Fake md5: 23c74d75e36e7158768dd63d92789a91
2010/09/29 15:12:58.0781 IPSec - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/29 15:12:58.0796 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/29 15:12:58.0812 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/29 15:12:58.0843 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/29 15:12:58.0859 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/29 15:12:58.0890 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/29 15:12:58.0953 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/29 15:12:58.0984 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/29 15:12:58.0984 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/29 15:12:59.0000 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/29 15:12:59.0015 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/29 15:12:59.0078 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/29 15:12:59.0093 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/29 15:12:59.0125 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/29 15:12:59.0125 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/29 15:12:59.0171 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/29 15:12:59.0203 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/29 15:12:59.0250 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/29 15:12:59.0265 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/29 15:12:59.0296 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/29 15:12:59.0328 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/29 15:12:59.0343 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/29 15:12:59.0359 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/29 15:12:59.0406 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/29 15:12:59.0421 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/29 15:12:59.0421 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/29 15:12:59.0453 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/29 15:12:59.0500 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/29 15:12:59.0515 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/29 15:12:59.0562 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/29 15:12:59.0609 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/29 15:12:59.0890 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/29 15:13:00.0156 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/29 15:13:00.0171 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/29 15:13:00.0234 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/29 15:13:00.0265 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/29 15:13:00.0281 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/29 15:13:00.0296 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/29 15:13:00.0328 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/29 15:13:00.0343 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/29 15:13:00.0468 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/29 15:13:00.0484 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/29 15:13:00.0515 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/29 15:13:00.0578 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/29 15:13:00.0593 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/29 15:13:00.0609 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/29 15:13:00.0609 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/29 15:13:00.0656 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/29 15:13:00.0671 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/29 15:13:00.0687 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/29 15:13:00.0718 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/29 15:13:00.0734 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/29 15:13:00.0781 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
2010/09/29 15:13:00.0812 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/29 15:13:00.0859 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/29 15:13:00.0875 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/29 15:13:00.0890 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/29 15:13:00.0921 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/29 15:13:00.0953 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/29 15:13:00.0984 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/29 15:13:01.0046 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/29 15:13:01.0046 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/09/29 15:13:01.0046 sptd - detected Locked file (1)
2010/09/29 15:13:01.0078 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/29 15:13:01.0109 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/29 15:13:01.0140 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/29 15:13:01.0156 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/29 15:13:01.0171 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/29 15:13:01.0250 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/29 15:13:01.0312 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/29 15:13:01.0343 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/29 15:13:01.0359 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/29 15:13:01.0375 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/29 15:13:01.0421 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/29 15:13:01.0468 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/29 15:13:01.0531 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/29 15:13:01.0562 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/29 15:13:01.0593 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/29 15:13:01.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/29 15:13:01.0640 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/29 15:13:01.0671 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/29 15:13:01.0703 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/29 15:13:01.0718 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/29 15:13:01.0750 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/29 15:13:01.0781 VBoxNetAdp (b9d3c274e937a15fd2cef8aa1e4c3477) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2010/09/29 15:13:01.0859 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/29 15:13:01.0906 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/29 15:13:01.0921 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/29 15:13:01.0953 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/29 15:13:02.0031 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/29 15:13:02.0062 ================================================================================
2010/09/29 15:13:02.0062 Scan finished
2010/09/29 15:13:02.0062 ================================================================================
2010/09/29 15:13:02.0078 Detected object count: 2
2010/09/29 15:13:23.0015 Rootkit.Win32.TDSS.tdl3(IPSec) - User select action: Skip
2010/09/29 15:13:23.0015 Locked file(sptd) - User select action: Skip
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 29th, 2010, 4:16 pm

Update: Not sure yet, it does not always do it so I will reply if problem comes up.

Thanks for the help so far Cypher.
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 29th, 2010, 4:53 pm

Yeah problem still persists
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby Cypher » September 30th, 2010, 5:47 am

Hi greshick.
Thanks for the help so far Cypher.

You're welcome.
Ok Complete the following then let me know if you're searches are still redirected.

  • First go to Start > Computer > C: and delete the TDSSKiller log that was created there.
  • Next double click on TDSSKiller.exe to launch it.
  • Click on Start Scan, the scan will run.
  • When the scan has finished Ensure Cure ( the default) is selected... then click Continue > Reboot now.
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt.
  • To find the log go to Start > Computer > C:
  • Post the contents of that log in your next reply please.

Next.

Please download MBR Rootkit Detector by GMER
Be sure to download it to the root of your drive, e.g. C:\MBR.exe

  • Once the download has finished, click Start > Run.
  • Copy and paste the contents of the codebox below into the run box (Do Not include Code:
    Code: Select all
    CMD /C \mbr -t >Log.txt&Log.txt&del Log.txt
  • then click OK.
  • A log will be generated, Post the contents in your next reply.

Next.

Please post a new Uninstall list.

  • Open HijackThis.
  • Click on the Open the Misc Tools section button.
  • Look under System tools.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please post this log in your next reply.


Logs/Information to Post in your Next Reply

  • TDSSKiller log.
  • MBR Rootkit Detector log.
  • Uninstall list.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby greshick » September 30th, 2010, 4:47 pm

2010/09/30 15:36:22.0875 TDSS rootkit removing tool 2.4.3.0 Sep 27 2010 15:28:54
2010/09/30 15:36:22.0875 ================================================================================
2010/09/30 15:36:22.0875 SystemInfo:
2010/09/30 15:36:22.0875
2010/09/30 15:36:22.0875 OS Version: 5.1.2600 ServicePack: 3.0
2010/09/30 15:36:22.0875 Product type: Workstation
2010/09/30 15:36:22.0875 ComputerName: GRESHICK
2010/09/30 15:36:22.0875 UserName: andrew
2010/09/30 15:36:22.0875 Windows directory: C:\WINDOWS
2010/09/30 15:36:22.0875 System windows directory: C:\WINDOWS
2010/09/30 15:36:22.0875 Processor architecture: Intel x86
2010/09/30 15:36:22.0875 Number of processors: 4
2010/09/30 15:36:22.0875 Page size: 0x1000
2010/09/30 15:36:22.0875 Boot type: Normal boot
2010/09/30 15:36:22.0875 ================================================================================
2010/09/30 15:36:23.0562 Initialize success
2010/09/30 15:36:25.0390 ================================================================================
2010/09/30 15:36:25.0390 Scan started
2010/09/30 15:36:25.0390 Mode: Manual;
2010/09/30 15:36:25.0390 ================================================================================
2010/09/30 15:36:27.0828 Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/09/30 15:36:27.0890 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/09/30 15:36:27.0937 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/09/30 15:36:28.0031 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2010/09/30 15:36:28.0062 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2010/09/30 15:36:28.0140 AmdLLD (ad8fa28d8ed0d0a689a0559085ce0f18) C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
2010/09/30 15:36:28.0234 aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2010/09/30 15:36:28.0250 aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/09/30 15:36:28.0312 aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/09/30 15:36:28.0328 aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2010/09/30 15:36:28.0343 aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/09/30 15:36:28.0375 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/09/30 15:36:28.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/09/30 15:36:28.0421 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/09/30 15:36:28.0468 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/09/30 15:36:28.0531 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/09/30 15:36:28.0562 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/09/30 15:36:28.0593 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2010/09/30 15:36:28.0625 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/09/30 15:36:28.0671 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/09/30 15:36:28.0687 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/09/30 15:36:28.0734 cmdGuard (d7c17cc5038773aa717864a5555465de) C:\WINDOWS\system32\DRIVERS\cmdguard.sys
2010/09/30 15:36:28.0750 cmdHlp (81ceedf3501cd5ccae3dceb204af1634) C:\WINDOWS\system32\DRIVERS\cmdhlp.sys
2010/09/30 15:36:28.0828 cpuz134 (75fa19142531cbf490770c2988a7db64) C:\WINDOWS\system32\drivers\cpuz134_x32.sys
2010/09/30 15:36:28.0890 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/09/30 15:36:28.0921 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2010/09/30 15:36:28.0984 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2010/09/30 15:36:29.0015 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/09/30 15:36:29.0062 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2010/09/30 15:36:29.0093 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/09/30 15:36:29.0140 Envy24HFS (ac913b7ab3a8c69a7b341d9f69fe1d04) C:\WINDOWS\system32\drivers\Envy24HF.sys
2010/09/30 15:36:29.0203 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/09/30 15:36:29.0234 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/09/30 15:36:29.0250 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2010/09/30 15:36:29.0296 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/09/30 15:36:29.0328 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2010/09/30 15:36:29.0375 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/09/30 15:36:29.0593 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/09/30 15:36:29.0734 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2010/09/30 15:36:29.0781 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/09/30 15:36:29.0812 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2010/09/30 15:36:29.0843 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2010/09/30 15:36:29.0890 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/09/30 15:36:29.0953 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/09/30 15:36:29.0953 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/09/30 15:36:30.0015 Inspect (bf141304f251563b63e64cb3c036de74) C:\WINDOWS\system32\DRIVERS\inspect.sys
2010/09/30 15:36:30.0140 IntcAzAudAddService (a30685283f90ae02f1cd50972c6065e3) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2010/09/30 15:36:30.0296 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/09/30 15:36:30.0312 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2010/09/30 15:36:30.0343 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/09/30 15:36:30.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/09/30 15:36:30.0390 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/09/30 15:36:30.0437 IPSec (e14ad0bd98176d39bce7991489f8e685) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/30 15:36:30.0437 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: e14ad0bd98176d39bce7991489f8e685, Fake md5: 23c74d75e36e7158768dd63d92789a91
2010/09/30 15:36:30.0437 IPSec - detected Rootkit.Win32.TDSS.tdl3 (0)
2010/09/30 15:36:30.0453 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/09/30 15:36:30.0484 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/09/30 15:36:30.0500 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/09/30 15:36:30.0515 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2010/09/30 15:36:30.0546 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/09/30 15:36:30.0625 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/09/30 15:36:30.0671 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2010/09/30 15:36:30.0687 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/09/30 15:36:30.0703 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/09/30 15:36:30.0734 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/09/30 15:36:30.0781 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/09/30 15:36:30.0812 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2010/09/30 15:36:30.0828 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/09/30 15:36:30.0843 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/09/30 15:36:30.0890 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/09/30 15:36:30.0921 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/09/30 15:36:30.0953 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2010/09/30 15:36:30.0968 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2010/09/30 15:36:31.0000 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2010/09/30 15:36:31.0031 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2010/09/30 15:36:31.0046 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2010/09/30 15:36:31.0062 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/09/30 15:36:31.0109 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/09/30 15:36:31.0125 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/09/30 15:36:31.0140 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/09/30 15:36:31.0156 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/09/30 15:36:31.0218 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/09/30 15:36:31.0250 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2010/09/30 15:36:31.0296 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/09/30 15:36:31.0343 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/09/30 15:36:31.0609 nv (ed9816dbaf6689542ea7d022631906a1) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/09/30 15:36:31.0906 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/09/30 15:36:31.0921 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/09/30 15:36:31.0968 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/09/30 15:36:32.0015 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/09/30 15:36:32.0062 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/09/30 15:36:32.0062 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/09/30 15:36:32.0109 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/09/30 15:36:32.0125 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/09/30 15:36:32.0250 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/09/30 15:36:32.0265 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2010/09/30 15:36:32.0281 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/09/30 15:36:32.0375 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/09/30 15:36:32.0375 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/09/30 15:36:32.0406 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/09/30 15:36:32.0406 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/09/30 15:36:32.0437 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/09/30 15:36:32.0453 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/09/30 15:36:32.0468 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2010/09/30 15:36:32.0515 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/09/30 15:36:32.0531 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/09/30 15:36:32.0578 RsFx0102 (fedd2710b75be3ecf078adace790c423) C:\WINDOWS\system32\DRIVERS\RsFx0102.sys
2010/09/30 15:36:32.0609 RTLE8023xp (cb9310a5a910648d359c99a857e22a54) C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
2010/09/30 15:36:32.0671 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/09/30 15:36:32.0703 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/09/30 15:36:32.0750 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/09/30 15:36:32.0781 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/09/30 15:36:32.0843 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2010/09/30 15:36:32.0875 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2010/09/30 15:36:32.0921 sptd (cdddec541bc3c96f91ecb48759673505) C:\WINDOWS\system32\Drivers\sptd.sys
2010/09/30 15:36:32.0937 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
2010/09/30 15:36:32.0937 sptd - detected Locked file (1)
2010/09/30 15:36:32.0984 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/09/30 15:36:33.0015 Srv (89220b427890aa1dffd1a02648ae51c3) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/09/30 15:36:33.0062 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2010/09/30 15:36:33.0093 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/09/30 15:36:33.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2010/09/30 15:36:33.0187 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/09/30 15:36:33.0250 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/09/30 15:36:33.0281 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/09/30 15:36:33.0312 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/09/30 15:36:33.0343 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/09/30 15:36:33.0390 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2010/09/30 15:36:33.0453 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2010/09/30 15:36:33.0515 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\WINDOWS\system32\Drivers\usbaapl.sys
2010/09/30 15:36:33.0546 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/09/30 15:36:33.0562 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/09/30 15:36:33.0593 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/09/30 15:36:33.0625 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/09/30 15:36:33.0640 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/09/30 15:36:33.0671 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/09/30 15:36:33.0703 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/09/30 15:36:33.0718 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2010/09/30 15:36:33.0765 VBoxNetAdp (b9d3c274e937a15fd2cef8aa1e4c3477) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2010/09/30 15:36:33.0812 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2010/09/30 15:36:33.0828 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/09/30 15:36:33.0859 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/09/30 15:36:33.0890 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/09/30 15:36:33.0968 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2010/09/30 15:36:34.0000 ================================================================================
2010/09/30 15:36:34.0000 Scan finished
2010/09/30 15:36:34.0000 ================================================================================
2010/09/30 15:36:34.0015 Detected object count: 2
2010/09/30 15:36:38.0718 IPSec (e14ad0bd98176d39bce7991489f8e685) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/09/30 15:36:38.0718 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\ipsec.sys. Real md5: e14ad0bd98176d39bce7991489f8e685, Fake md5: 23c74d75e36e7158768dd63d92789a91
2010/09/30 15:36:39.0703 Backup copy found, using it..
2010/09/30 15:36:39.0734 C:\WINDOWS\system32\DRIVERS\ipsec.sys - will be cured after reboot
2010/09/30 15:36:39.0734 Rootkit.Win32.TDSS.tdl3(IPSec) - User select action: Cure
2010/09/30 15:36:39.0734 Locked file(sptd) - User select action: Skip
2010/09/30 15:36:45.0859 Deinitialize success
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 30th, 2010, 4:54 pm

not sure if it takes awhile, but MBR has not produced a log after 20 mins or so.
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 30th, 2010, 5:08 pm

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Professional CS5
Adobe Media Player
Adobe Media Player
Adobe Reader 9.3.2
AIM 7
AIM Search
Apple Application Support
Apple Mobile Device Support
Apple Software Update
avast! Antivirus
Blender (remove only)
Catan Online World
CCleaner
COMODO Internet Security
CPUID CPU-Z 1.55
Digsby
DisplayFusion 3.1.5
Dual-Core Optimizer
ERUNT 1.1j
EVE Metrics Uploader
EVEMon
FileZilla Client 3.3.4.1
FileZilla Server (remove only)
Fraps
Full Tilt Poker
Game Maker 8.0
GIMP 2.6.8
Google Gears
Google Talk Plugin
Google Update Helper
GPGNet
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Instant Eyedropper 1.75
IrfanView (remove only)
iTunes
League of Legends
LiveZilla
LogMeIn Hamachi
LogMeIn Hamachi
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2010 (Beta)
Microsoft Office Access Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office Excel MUI (English) 2010 (Beta)
Microsoft Office OneNote MUI (English) 2010 (Beta)
Microsoft Office Outlook MUI (English) 2010 (Beta)
Microsoft Office PowerPoint MUI (English) 2010 (Beta)
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010 (Beta)
Microsoft Office Proof (French) 2010 (Beta)
Microsoft Office Proof (Spanish) 2010 (Beta)
Microsoft Office Proofing (English) 2010 (Beta)
Microsoft Office Publisher MUI (English) 2010 (Beta)
Microsoft Office Send-a-Smile
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (English) 2010 (Beta)
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2010 (Beta)
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Single Image 2010 (Beta)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2010 (Beta)
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Management Objects
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Management Studio
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 Policies
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP1 Design Tools English
Microsoft SQL Server Compact 3.5 SP1 English
Microsoft SQL Server Compact 3.5 SP1 Query Tools English
Microsoft SQL Server Database Publishing Wizard 1.3
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Web - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.10)
Mozilla Firefox (3.6.6)
Mozilla Firefox 4.0b6 (x86 en-US)
Mozilla Sunbird (0.9)
MSXML 6.0 Parser (KB933579)
Mumble and Murmur
My POS
MySQL Workbench 5.1 OSS
NetBeans IDE 6.8
Notepad++
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
OGA Notifier 2.0.0048.0
OpenOffice.org 3.1
OpenRPG
Pandora
Pandora
PDF Settings CS5
Perpetuum
Pidgin
Portal
Python 2.5.4
Python 3.1.2
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office 2010 File Validation - Beta (KB976133)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Sid Meier's Civilization IV
Sid Meier's Civilization IV: Beyond the Sword
Sid Meier's Civilization V
Skype™ 4.2
Sorian AI Mod 2.1.1
Sql Server Customer Experience Improvement Program
SQL Server System CLR Types
Steam
Supreme Commander - Forged Alliance
Synergy
System Requirements Lab
Team Fortress 2
TeamSpeak 2 RC2
TeraCopy 2.12
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Visual Studio Web Authoring Component (KB945140)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows Internet Explorer 8 (KB980302)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Ventrilo Client
Visual C++ 8.0 ATL (x86) WinSXS MSM
Visual C++ 8.0 CRT (x86) WinSXS MSM
VLC media player 1.1.3
Windows 7 Upgrade Advisor
Windows Internet Explorer 8
Windows PowerShell(TM) 1.0
Windows XP Service Pack 3
WinRAR archiver
XChat 2 (remove only)
Xfire (remove only)
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby greshick » September 30th, 2010, 5:10 pm

redirected searches appear to be fixed, and the random pages that get opened, appear to be fixed at this time

Only problem I have with this computer is a generic host process fails upon start up and when it 'restarts", it often hogs 25% of my CPU.
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby Cypher » October 1st, 2010, 5:19 am

Hi greshick.
Only problem I have with this computer is a generic host process fails upon start up and when it 'restarts"

What exactly is the error you are getting is it Generic Host Process for Win32 Services?

  • Please navigate to Start >> All Programs >> ERUNT, then double-click ERUNT from the menu.
  • Click on OK within the pop-up menu.
  • In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
    • System registry.
    • Current user registry.
  • Next click on "OK"... at the prompt... reply "Yes".
    After a short duration the Registry backup is complete! pop-up message will appear.
  • Now click on "OK". A registry backup has now been created.

Next.

Download and Run ComboFix

  • Please download ComboFix from one of the following links.

    Link 1.

    Link 2.

    **IMPORTANT !!! Save ComboFix.exe to your Desktop**
  • Please disable any Antivirus or Firewall you have active, as shown in this topic. Please close all open application windows.
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper



Logs/Information to Post in your Next Reply

  • What exactly is the error?
  • ComboFix log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby greshick » October 3rd, 2010, 9:59 am

It appears the generic host problem is fixed, it has not surfaced for the last 2 days. It has usually happened right away. So unless you see something in the files. I think I am clean.

Thanks clearing out that annoying malware!
greshick
Regular Member
 
Posts: 22
Joined: September 25th, 2010, 10:46 am

Re: Redirected searches

Unread postby Cypher » October 3rd, 2010, 11:32 am

Hi.
I think I am clean.

I need you to run ComboFix as instructed, we can't be sure you're system is clean yet.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Redirected searches

Unread postby Wingman » October 6th, 2010, 3:26 pm

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Wingman
Admin/Teacher
Admin/Teacher
 
Posts: 14108
Joined: July 1st, 2008, 1:34 pm
Location: East Coast, USA
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: random/random and 37 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware