Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirections... Trojan.Win32.Patched.kl

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 4th, 2010, 6:44 am

Hi.

Please help me. I have a malware driving me crazy. Google keeps redirecting me to "co.cc" websites (mainly click2mix-info.co.cc or something like this)... I was looking for help in another forum but they were not able to help me. From what a read the problem can be somehow similar to this thread: viewtopic.php?f=12&t=53326. After diagnosis I attempted to heal infected files but there are two files "explorer.exe" and "wininit.exe" that when healed, avoid windows to boot... Kaspersky Virus Removal Tool identified them as being infected with "Trojan.Win32.Patched.kl"

I hope you can help me.

Here is the HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:44, on 04-11-2010
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Software\Mozila Firefox\firefox.exe
C:\Software\Mozila Firefox\plugin-container.exe
C:\Users\Pedro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Pedro\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ipatimup.pt:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\PCHEAL~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Software\Video tools\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.lnk = C:\Software\PC Health\Virus Removal Tool\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Software\PCHEAL~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Software\PCHEAL~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - C:\Software\Video tools\Codecs\Storm Codec\stormliv.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Software\Cisco Systems VPN\cvpnd.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Software\CDBurnerXP\NMSAccessU.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)



Thank you!!

Here is the Uninstall list:

2007 Microsoft Office system
ABC Amber vCard Converter
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8 - Português
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
ASUS Data Security Manager
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Auto Gordian Knot 1.60
AVIMerIn Setup
AviSynth 2.5
BioEdit
CalcuSyn
ccc-Branding
CCleaner
CDBurnerXP
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Chinese Simplified Fonts Support For Adobe Reader 8
Cisco Systems VPN Client 5.0.04.0300
ClustalX2
Compressor WinRAR
ConvertXtoDVD 3.2.0.52
Direct Show Ogg Vorbis Filter (remove only)
DirectShow .SHN FIlter
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EndNote X2
ffdshow [rev 2202] [2008-10-10]
FIFA 09
FlowJo 7.5
Free CD to MP3 Converter
FreeKapture 2.00 - Freeware
GLOBOCAN 2002
Google Talk Plugin
HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP
HijackThis 1.99.1
HP Image Zone Express
hp print screen utility
ImageJ 1.41o
Indeo® Software
InfraRecorder
Intel® Turbo Memory and Intel® Matrix Storage Manager
InterVideo AVControlSDK
InterVideo DeviceService
ISI ResearchSoft - Export Helper
iSilo
Jalview
Java(TM) 6 Update 21
JMB36X Raid Configurer
K-Lite Codec Pack 4.1.7 (Full)
LifeFrame2
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
MEGA 4
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Windows Media Video 9 VCM
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NB Probe
Need for Speed Underground 2
neroxml
Open Video Capture version 1.1
PDF Settings
PENTAX Optio 50 Driver
Power4Gear eXtreme
PowerForPhone
PrimoPDF
Quantity One
Quick AVI MPEG Joiner v2.0
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SecureW2 EAP Suite 1.1.1 for Windows
Sequence_Analysis_Tools_Installer 0.3
SolveigMM AVI Trimmer
SPSS 13.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StatView
Subtitle Workshop 2.51
SubtitleCreator
SUPERAntiSpyware
Synaptics Pointing Device Driver
TuneUp Utilities 2008
Unlocker 1.8.5
USB 2.0 1.3M UVC WebCam
UTAX TA Product Library
Vista Codec Package
VistaFeaturePack
Vuze
WaveCat 1.00
Winamp
WinFlash
WinMDI2.9
Wireless Console 2
WMV Converter 2.5
Xvid 1.1.3 final uninstall


Thank you again.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am
Advertisement
Register to Remove

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 7th, 2010, 10:53 am

Hi senshi,
Sorry for the delay.
If you still need help and are not receiving it elsewhere, please proceed as follows:
-----------------------------------------------
Please Note Our Policy on the Use of P2P (Person to Person / Peer to Peer) file sharing programs
It is posted here: http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394
As a condition of receiving our help, I have included the P2P program Vuze in the removal instructions below, so we are not wasting our time.
If you have used this, you can be fairly confident this is a principal reason your computer is infected

It's really important, if you value your PC at all, to stay away from P2P file sharing programs, like utorrent, Bittorrent, Azureus, Frostwire, Limewire, Vuze, Shareaza, Bitlord.
(Limewire has just been shut down by the courts).
Criminals have "planted" thousands upon thousands of infections in the "free" shared files. Some of the recent infections can turn your machine into a doorstop.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Vuze
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4


Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstallers ask whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------
Please delete the present version of HiJackThis from your Desktop.
It is an older version and does not produce proper results with your present system.

Download and Install HiJackThis
The Downloads for HiJackThis 2.0.4 are here: http://free.antivirus.com/hijackthis/
  • Choose the Installer version and save to your Desktop. It will be named HiJackThis.msi.
  • For Vista/Win7, Right click and choose "Run as administrator" to install it.
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed, it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and a text log file will open in notepad.
  • Make sure Notepad's Format Menu has Word Wrap Unchecked.
  • Copy/Paste the entire log to your next reply please.
  • No matter what it says in the QuickStart Guide or elsewhere...
    DON'T USE the "ANALYZE THIS" button. Its Findings can be Dangerous for your machine.
  • Please Do Not have HiJackThis "fix" anything yet.
    Most of the log lines are legitimate entries, necessary for the operation of your computer.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 7th, 2010, 3:15 pm

Hi askey127.

Thank you for your availability. I will uninstall Vuze and Spybot.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 7th, 2010, 3:24 pm

Here it is:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:23:55, on 07-11-2010
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16711)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ASUS\ATK Media\DMedia.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ASScrPro.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Software\Mozila Firefox\firefox.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Software\Mozila Firefox\plugin-container.exe
C:\Users\Pedro\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.ipatimup.pt:8000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Software\Video tools\Quicktime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe
O4 - HKLM\..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\Pedro\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - Startup: setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.lnk = C:\Software\PC Health\Virus Removal Tool\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal\startup.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ADSM Service (ADSMService) - Unknown owner - C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Contrl Center of Storm Media (ccosm) - Unknown owner - C:\Software\Video tools\Codecs\Storm Codec\stormliv.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Software\Cisco Systems VPN\cvpnd.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NMIndexingService - Unknown owner - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Software\CDBurnerXP\NMSAccessU.exe
O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe

--
End of file - 7149 bytes



Thanks again.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 7th, 2010, 8:17 pm

senshi,
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista - W7 users: Right-click and select "Run As Administrator".
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory. (usually Local Disk C:).
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
-----------------------------------------------
Download Antivir Free
This program is free for personal, non-business use.
Download AntiVir Free from here : http://www.softpedia.com/get/Antivirus/AntiVir-Personal-Edition.shtml
-----------------------------------------------
Install, Update, Scan with Antivir
Double Click the Avira Antivir Installer on your desktop (Right click and choose "Run as administrator" in Vista/Win7), Install the program, Have it update itself, and run a full scan.
Have it fix anything it finds.
-----------------------------------------------
Get Last Avira Report
Right click the red umbrella icon in the system tray and click Start Antivir
In the left pane, click Overview, then click Reports
There wil be reports titled Update and reports titled Scan. Find the most recent report in the list titled Scan
Click on the Report File button, or Right click the report and choose Display Report.
The report contents will come up in Notepad. Highlight the entire report (Ctrl+A) and copy to the clipboard (Ctrl+C).
Paste the contents (Ctrl+V) into your next reply.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 9th, 2010, 4:13 pm

Thanks again askey127.

I am downloading AntiVir Free. Here is the log for TDSSKiller:

2010/11/09 20:05:19.0066 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
2010/11/09 20:05:19.0066 ================================================================================
2010/11/09 20:05:19.0066 SystemInfo:
2010/11/09 20:05:19.0066
2010/11/09 20:05:19.0066 OS Version: 6.0.6000 ServicePack: 0.0
2010/11/09 20:05:19.0066 Product type: Workstation
2010/11/09 20:05:19.0066 ComputerName: ASUSX53SA-AP138
2010/11/09 20:05:19.0066 UserName: Pedro
2010/11/09 20:05:19.0066 Windows directory: C:\Windows
2010/11/09 20:05:19.0066 System windows directory: C:\Windows
2010/11/09 20:05:19.0066 Processor architecture: Intel x86
2010/11/09 20:05:19.0066 Number of processors: 2
2010/11/09 20:05:19.0066 Page size: 0x1000
2010/11/09 20:05:19.0066 Boot type: Normal boot
2010/11/09 20:05:19.0066 ================================================================================
2010/11/09 20:05:19.0628 Initialize success
2010/11/09 20:05:23.0403 ================================================================================
2010/11/09 20:05:23.0403 Scan started
2010/11/09 20:05:23.0403 Mode: Manual;
2010/11/09 20:05:23.0403 ================================================================================
2010/11/09 20:05:25.0337 65050171 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\Windows\system32\DRIVERS\65050171.sys
2010/11/09 20:05:25.0415 65050172 (a305fad3719c5db0c13d1c2bfd08a04d) C:\Windows\system32\DRIVERS\65050172.sys
2010/11/09 20:05:25.0447 ACPI (84fc6df81212d16be5c4f441682feccc) C:\Windows\system32\drivers\acpi.sys
2010/11/09 20:05:25.0649 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2010/11/09 20:05:25.0743 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2010/11/09 20:05:25.0977 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2010/11/09 20:05:26.0180 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2010/11/09 20:05:26.0242 AFD (5d24caf8efd924a875698ff28384db8b) C:\Windows\system32\drivers\afd.sys
2010/11/09 20:05:26.0305 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2010/11/09 20:05:26.0383 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2010/11/09 20:05:26.0492 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2010/11/09 20:05:26.0570 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2010/11/09 20:05:26.0617 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2010/11/09 20:05:26.0663 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2010/11/09 20:05:26.0835 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2010/11/09 20:05:27.0209 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2010/11/09 20:05:27.0459 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2010/11/09 20:05:27.0521 AsDsm (4385e371c25c94c804e9d3152bd9e1f7) C:\Windows\system32\drivers\AsDsm.sys
2010/11/09 20:05:27.0553 ASMMAP (7b4d08d2017ac06689d422e06c43f0aa) C:\Program Files\ATKGFNEX\ASMMAP.sys
2010/11/09 20:05:27.0615 AsyncMac (e86cf7ce67d5de898f27ef884dc357d8) C:\Windows\system32\DRIVERS\asyncmac.sys
2010/11/09 20:05:27.0662 atapi (b35cfcef838382ab6490b321c87edf17) C:\Windows\system32\drivers\atapi.sys
2010/11/09 20:05:27.0709 AtcL001 (6f2b5af92d0a61ef3f51b6c2ae6189a2) C:\Windows\system32\DRIVERS\l160x86.sys
2010/11/09 20:05:28.0255 atikmdag (641449667853591a5a12cd9d0621fba5) C:\Windows\system32\DRIVERS\atikmdag.sys
2010/11/09 20:05:28.0317 Beep (ac3dd1708b22761ebd7cbe14dcc3b5d7) C:\Windows\system32\drivers\Beep.sys
2010/11/09 20:05:28.0395 bowser (913cd06fbe9105ce6077e90fd4418561) C:\Windows\system32\DRIVERS\bowser.sys
2010/11/09 20:05:28.0442 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2010/11/09 20:05:28.0473 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2010/11/09 20:05:28.0535 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2010/11/09 20:05:28.0567 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2010/11/09 20:05:28.0613 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2010/11/09 20:05:28.0676 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2010/11/09 20:05:28.0738 BthEnum (cf97c2d6a011ee9403b42191b5f95ba8) C:\Windows\system32\DRIVERS\BthEnum.sys
2010/11/09 20:05:28.0785 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\DRIVERS\bthmodem.sys
2010/11/09 20:05:28.0832 BthPan (b8c3d9ddf85fd197c3e5f849fef71144) C:\Windows\system32\DRIVERS\bthpan.sys
2010/11/09 20:05:28.0925 BTHPORT (b4ce8000aab30a9ab16cd0fb3db4d7cf) C:\Windows\system32\Drivers\BTHport.sys
2010/11/09 20:05:28.0988 BTHUSB (9a4ddc8544c1459aa2a118a8858dade3) C:\Windows\system32\Drivers\BTHUSB.sys
2010/11/09 20:05:29.0050 cdfs (6c3a437fc873c6f6a4fc620b6888cb86) C:\Windows\system32\DRIVERS\cdfs.sys
2010/11/09 20:05:29.0097 cdrom (8d1866e61af096ae8b582454f5e4d303) C:\Windows\system32\DRIVERS\cdrom.sys
2010/11/09 20:05:29.0144 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2010/11/09 20:05:29.0191 CLFS (1b84fd0937d3b99af9ba38ddff3daf54) C:\Windows\system32\CLFS.sys
2010/11/09 20:05:29.0253 CmBatt (ed97ad3df1b9005989eaf149bf06c821) C:\Windows\system32\DRIVERS\CmBatt.sys
2010/11/09 20:05:29.0300 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2010/11/09 20:05:29.0347 Compbatt (722936afb75a7f509662b69b5632f48a) C:\Windows\system32\DRIVERS\compbatt.sys
2010/11/09 20:05:29.0393 CP_OMDRV (7f1706911862276f5144984d07ba9e3b) C:\Windows\system32\drivers\omdrv.sys
2010/11/09 20:05:29.0440 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2010/11/09 20:05:29.0487 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2010/11/09 20:05:29.0549 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
2010/11/09 20:05:29.0612 CVPNDRVA (720482888c3778f26eeb83d286a6cdc3) C:\Windows\system32\Drivers\CVPNDRVA.sys
2010/11/09 20:05:29.0659 DfsC (a7179de59ae269ab70345527894ccd7c) C:\Windows\system32\Drivers\dfsc.sys
2010/11/09 20:05:29.0705 disk (841af4c4d41d3e3b2f244e976b0f7963) C:\Windows\system32\drivers\disk.sys
2010/11/09 20:05:29.0752 DNE (86d52c32a308f84bbc626bff7c1fb710) C:\Windows\system32\DRIVERS\dne2000.sys
2010/11/09 20:05:29.0799 drmkaud (ee472cd2c01f6f8e8aa1fa06ffef61b6) C:\Windows\system32\drivers\drmkaud.sys
2010/11/09 20:05:29.0893 DXGKrnl (b95202efd0464d226e7542c1e319c028) C:\Windows\System32\drivers\dxgkrnl.sys
2010/11/09 20:05:29.0955 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2010/11/09 20:05:30.0017 Ecache (38573398f734b71b06cd2411494f234a) C:\Windows\system32\drivers\ecache.sys
2010/11/09 20:05:30.0095 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2010/11/09 20:05:30.0173 fastfat (84a317cb0b3954d3768cdcd018dbf670) C:\Windows\system32\drivers\fastfat.sys
2010/11/09 20:05:30.0251 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2010/11/09 20:05:30.0298 FileInfo (65773d6115c037ffd7ef8280ae85eb9d) C:\Windows\system32\drivers\fileinfo.sys
2010/11/09 20:05:30.0345 Filetrace (c226dd0de060745f3e042f58dcf78402) C:\Windows\system32\drivers\filetrace.sys
2010/11/09 20:05:30.0392 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2010/11/09 20:05:30.0439 FltMgr (a6a8da7ae4d53394ab22ac3ab6d3f5d3) C:\Windows\system32\drivers\fltmgr.sys
2010/11/09 20:05:30.0485 Fs_Rec (66a078591208baa210c7634b11eb392c) C:\Windows\system32\drivers\Fs_Rec.sys
2010/11/09 20:05:30.0657 FW1 (e03a6d546c2cccfcf07ae8a1a0a9347d) C:\Windows\system32\DRIVERS\fw.sys
2010/11/09 20:05:30.0751 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2010/11/09 20:05:30.0797 ghaio (31b40f40e09513addc460f6a297ad474) C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys
2010/11/09 20:05:30.0860 hamachi (833051c6c6c42117191935f734cfbd97) C:\Windows\system32\DRIVERS\hamachi.sys
2010/11/09 20:05:30.0907 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2010/11/09 20:05:30.0953 HDAudBus (0db613a7e427b5663563677796fd5258) C:\Windows\system32\DRIVERS\HDAudBus.sys
2010/11/09 20:05:31.0016 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\DRIVERS\hidbth.sys
2010/11/09 20:05:31.0063 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2010/11/09 20:05:31.0125 HidUsb (01e7971e9f4bd6ac6a08db52d0ea0418) C:\Windows\system32\DRIVERS\hidusb.sys
2010/11/09 20:05:31.0172 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2010/11/09 20:05:31.0250 HTTP (f31d27ccf514549a17e79bebe01b40b6) C:\Windows\system32\drivers\HTTP.sys
2010/11/09 20:05:31.0297 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2010/11/09 20:05:31.0375 i8042prt (1c9ee072baa3abb460b91d7ee9152660) C:\Windows\system32\DRIVERS\i8042prt.sys
2010/11/09 20:05:31.0453 ialm (496db78e6a0c4c44023d9a92b4a7ac31) C:\Windows\system32\DRIVERS\igdkmd32.sys
2010/11/09 20:05:31.0515 iaNvStor (23c172d6d817d0791361f7693c8ec7cf) C:\Windows\system32\DRIVERS\iaNvStor.sys
2010/11/09 20:05:31.0577 iaStor (e5a0034847537eaee3c00349d5c34c5f) C:\Windows\system32\DRIVERS\iaStor.sys
2010/11/09 20:05:31.0655 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2010/11/09 20:05:31.0733 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2010/11/09 20:05:31.0827 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
2010/11/09 20:05:31.0889 intelide (988981c840084f480ba9e3319cebde1b) C:\Windows\system32\drivers\intelide.sys
2010/11/09 20:05:31.0967 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys
2010/11/09 20:05:32.0014 IpFilterDriver (880c6f86cc3f551b8fea2c11141268c0) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2010/11/09 20:05:32.0123 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2010/11/09 20:05:32.0186 IPNAT (10077c35845101548037df04fd1a420b) C:\Windows\system32\DRIVERS\ipnat.sys
2010/11/09 20:05:32.0248 IRENUM (a82f328f4792304184642d6d397bb1e3) C:\Windows\system32\drivers\irenum.sys
2010/11/09 20:05:32.0295 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2010/11/09 20:05:32.0342 iScsiPrt (4dca456d4d5723f8fa9c6760d240b0df) C:\Windows\system32\DRIVERS\msiscsi.sys
2010/11/09 20:05:32.0404 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2010/11/09 20:05:32.0482 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2010/11/09 20:05:32.0513 JGOGO (c995c0e8b4503fac38793bb0236ad246) C:\Windows\system32\DRIVERS\JGOGO.sys
2010/11/09 20:05:32.0560 JRAID (f5bf72eabc7e160bb6624168aad52dfe) C:\Windows\system32\DRIVERS\jraid.sys
2010/11/09 20:05:32.0638 kbdclass (b076b2ab806b3f696dab21375389101c) C:\Windows\system32\DRIVERS\kbdclass.sys
2010/11/09 20:05:32.0685 kbdhid (ed61dbc6603f612b7338283edbacbc4b) C:\Windows\system32\DRIVERS\kbdhid.sys
2010/11/09 20:05:32.0716 kbfiltr (cc2a86d7bbf14977340dca61bbcba771) C:\Windows\system32\DRIVERS\kbfiltr.sys
2010/11/09 20:05:32.0763 KSecDD (11d0bc1f2afd8abbb5a3dc47a042de54) C:\Windows\system32\Drivers\ksecdd.sys
2010/11/09 20:05:32.0857 lltdio (fd015b4f95daa2b712f0e372a116fbad) C:\Windows\system32\DRIVERS\lltdio.sys
2010/11/09 20:05:32.0935 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2010/11/09 20:05:32.0997 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2010/11/09 20:05:33.0059 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2010/11/09 20:05:33.0091 luafv (42885bb44b6e065b8575a8dd6c430c52) C:\Windows\system32\drivers\luafv.sys
2010/11/09 20:05:33.0137 MarvinBus (d51e16339213898bc20c58670274ec3e) C:\Windows\system32\DRIVERS\MarvinBus.sys
2010/11/09 20:05:33.0184 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2010/11/09 20:05:33.0247 Modem (21755967298a46fb6adfec9db6012211) C:\Windows\system32\drivers\modem.sys
2010/11/09 20:05:33.0293 MODEMCSA (7e222a1baaa42c8559db2ce8a12ad828) C:\Windows\system32\drivers\MODEMCSA.sys
2010/11/09 20:05:33.0340 monitor (7446e104a5fe5987ca9e4983fbac4f97) C:\Windows\system32\DRIVERS\monitor.sys
2010/11/09 20:05:33.0387 mouclass (5fba13c1a1841b0885d316ed3589489d) C:\Windows\system32\DRIVERS\mouclass.sys
2010/11/09 20:05:33.0449 mouhid (b569b5c5d3bde545df3a6af512cccdba) C:\Windows\system32\DRIVERS\mouhid.sys
2010/11/09 20:05:33.0481 MountMgr (01f1e5a3e4877c931cbb31613fec16a6) C:\Windows\system32\drivers\mountmgr.sys
2010/11/09 20:05:33.0527 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2010/11/09 20:05:33.0574 mpsdrv (6e7a7f0c1193ee5648443fe2d4b789ec) C:\Windows\system32\drivers\mpsdrv.sys
2010/11/09 20:05:33.0652 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2010/11/09 20:05:33.0699 MRxDAV (1d8828b98ee309d65e006f0829e280e5) C:\Windows\system32\drivers\mrxdav.sys
2010/11/09 20:05:33.0730 mrxsmb (529b64f9735d27fef1b8ea1678f8c79e) C:\Windows\system32\DRIVERS\mrxsmb.sys
2010/11/09 20:05:33.0777 mrxsmb10 (58a9ab5754fa4cabede7401283b5a771) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2010/11/09 20:05:33.0824 mrxsmb20 (30a67c7d8b80281028916ded6a64aec9) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2010/11/09 20:05:33.0855 msahci (b2efb263600314babcf9dadb1cbba994) C:\Windows\system32\drivers\msahci.sys
2010/11/09 20:05:33.0902 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2010/11/09 20:05:33.0949 Msfs (729eafefd4e7417165f353a18dbe947d) C:\Windows\system32\drivers\Msfs.sys
2010/11/09 20:05:33.0980 msisadrv (5f454a16a5146cd91a176d70f0cfa3ec) C:\Windows\system32\drivers\msisadrv.sys
2010/11/09 20:05:34.0058 MSKSSRV (892cedefa7e0ffe7be8da651b651d047) C:\Windows\system32\drivers\MSKSSRV.sys
2010/11/09 20:05:34.0136 MSPCLOCK (ae2cb1da69b2676b4cee2a501af5871c) C:\Windows\system32\drivers\MSPCLOCK.sys
2010/11/09 20:05:34.0214 MSPQM (f910da84fa90c44a3addb7cd874463fd) C:\Windows\system32\drivers\MSPQM.sys
2010/11/09 20:05:34.0276 MsRPC (84571c0ae07647ba38d493f5f0015df7) C:\Windows\system32\drivers\MsRPC.sys
2010/11/09 20:05:34.0339 mssmbios (4385c80ede885e25492d408cad91bd6f) C:\Windows\system32\DRIVERS\mssmbios.sys
2010/11/09 20:05:34.0385 MSTEE (c826dd1373f38afd9ca46ec3c436a14e) C:\Windows\system32\drivers\MSTEE.sys
2010/11/09 20:05:34.0417 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
2010/11/09 20:05:34.0448 Mup (fa7aa70050cf5e2d15de00941e5665e5) C:\Windows\system32\Drivers\mup.sys
2010/11/09 20:05:34.0510 NativeWifiP (6da4a0fc7c0e83df0cb3cfd0a514c3bc) C:\Windows\system32\DRIVERS\nwifi.sys
2010/11/09 20:05:34.0557 NDIS (227c11e1e7cf6ef8afb2a238d209760c) C:\Windows\system32\drivers\ndis.sys
2010/11/09 20:05:34.0619 NdisTapi (81659cdcbd0f9a9e07e6878ad8c78d3f) C:\Windows\system32\DRIVERS\ndistapi.sys
2010/11/09 20:05:34.0666 Ndisuio (5de5ee546bf40838ebe0e01cb629df64) C:\Windows\system32\DRIVERS\ndisuio.sys
2010/11/09 20:05:34.0713 NdisWan (397402adcbb8946223a1950101f6cd94) C:\Windows\system32\DRIVERS\ndiswan.sys
2010/11/09 20:05:34.0760 NDProxy (1b24fa907af283199a81b3bb37e5e526) C:\Windows\system32\drivers\NDProxy.sys
2010/11/09 20:05:34.0807 NetBIOS (356dbb9f98e8dc1028dd3092fceeb877) C:\Windows\system32\DRIVERS\netbios.sys
2010/11/09 20:05:34.0869 netbt (e3a168912e7eefc3bd3b814720d68b41) C:\Windows\system32\DRIVERS\netbt.sys
2010/11/09 20:05:35.0041 NETw3v32 (a15f219208843a5a210c8cb391384453) C:\Windows\system32\DRIVERS\NETw3v32.sys
2010/11/09 20:05:35.0321 NETw4v32 (25acccfc33dd448b9d3037c5e439e830) C:\Windows\system32\DRIVERS\NETw4v32.sys
2010/11/09 20:05:35.0431 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2010/11/09 20:05:35.0493 Npfs (4f9832beb9fafd8ceb0e541f1323b26e) C:\Windows\system32\drivers\Npfs.sys
2010/11/09 20:05:35.0524 nsiproxy (b488dfec274de1fc9d653870ef2587be) C:\Windows\system32\drivers\nsiproxy.sys
2010/11/09 20:05:35.0618 Ntfs (37430aa7a66d7a63407adc2c0d05e9f6) C:\Windows\system32\drivers\Ntfs.sys
2010/11/09 20:05:35.0696 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2010/11/09 20:05:35.0758 Null (ec5efb3c60f1b624648344a328bce596) C:\Windows\system32\drivers\Null.sys
2010/11/09 20:05:35.0821 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2010/11/09 20:05:35.0899 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2010/11/09 20:05:35.0961 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2010/11/09 20:05:36.0086 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2010/11/09 20:05:36.0148 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2010/11/09 20:05:36.0195 partmgr (555a5b2c8022983bc7467bc925b222ee) C:\Windows\system32\drivers\partmgr.sys
2010/11/09 20:05:36.0242 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2010/11/09 20:05:36.0289 pci (1085d75657807e0e8b32f9e19a1647c3) C:\Windows\system32\drivers\pci.sys
2010/11/09 20:05:36.0335 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2010/11/09 20:05:36.0398 PCLEPCI (1bebe7de8508a02650cdce45c664c2a2) C:\Windows\system32\drivers\pclepci.sys
2010/11/09 20:05:36.0491 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
2010/11/09 20:05:36.0554 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
2010/11/09 20:05:36.0616 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2010/11/09 20:05:36.0710 PptpMiniport (c04dec5ace67c5247b150c4223970bb7) C:\Windows\system32\DRIVERS\raspptp.sys
2010/11/09 20:05:36.0757 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2010/11/09 20:05:36.0835 PSched (2c8bae55247c4e09352e870292e4d1ab) C:\Windows\system32\DRIVERS\pacer.sys
2010/11/09 20:05:36.0944 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2010/11/09 20:05:37.0053 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2010/11/09 20:05:37.0115 QWAVEdrv (d2b3e2b7426dc23e185fbc73c8936c12) C:\Windows\system32\drivers\qwavedrv.sys
2010/11/09 20:05:37.0178 RasAcd (bd7b30f55b3649506dd8b3d38f571d2a) C:\Windows\system32\DRIVERS\rasacd.sys
2010/11/09 20:05:37.0240 Rasl2tp (68b0019fee429ec49d29017af937e482) C:\Windows\system32\DRIVERS\rasl2tp.sys
2010/11/09 20:05:37.0303 RasPppoe (ccf4e9c6cbbac81437f88cb2ae0b6c96) C:\Windows\system32\DRIVERS\raspppoe.sys
2010/11/09 20:05:37.0349 rdbss (54129c5d9581bbec8bd1ebd3ba813f47) C:\Windows\system32\DRIVERS\rdbss.sys
2010/11/09 20:05:37.0427 RDPCDD (794585276b5d7fca9f3fc15543f9f0b9) C:\Windows\system32\DRIVERS\RDPCDD.sys
2010/11/09 20:05:37.0490 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2010/11/09 20:05:37.0552 RDPENCDD (980b56e2e273e19d3a9d72d5c420f008) C:\Windows\system32\drivers\rdpencdd.sys
2010/11/09 20:05:37.0630 RDPWD (8830e790a74a96605faba74f9665bb3c) C:\Windows\system32\drivers\RDPWD.sys
2010/11/09 20:05:37.0708 RFCOMM (7ec90c316177ba3f1bce92005264b447) C:\Windows\system32\DRIVERS\rfcomm.sys
2010/11/09 20:05:37.0755 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
2010/11/09 20:05:37.0802 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
2010/11/09 20:05:37.0833 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
2010/11/09 20:05:37.0895 rspndr (97e939d2128fec5d5a3e6e79b290a2f4) C:\Windows\system32\DRIVERS\rspndr.sys
2010/11/09 20:05:37.0958 RTL8169 (283392af1860ecdb5e0f8ebd7f3d72df) C:\Windows\system32\DRIVERS\Rtlh86.sys
2010/11/09 20:05:38.0005 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Software\PC Health\SUPERAntiSpyware Free Edition\SASDIFSV.SYS
2010/11/09 20:05:38.0036 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Software\PC Health\SUPERAntiSpyware Free Edition\SASKUTIL.SYS
2010/11/09 20:05:38.0083 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2010/11/09 20:05:38.0145 sdbus (7b3973cc28b8aa3e9e2e5d53e720e2c9) C:\Windows\system32\DRIVERS\sdbus.sys
2010/11/09 20:05:38.0223 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2010/11/09 20:05:38.0285 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2010/11/09 20:05:38.0363 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2010/11/09 20:05:38.0410 sermouse (450accd77ec5cea720c1cdb9e26b953b) C:\Windows\system32\drivers\sermouse.sys
2010/11/09 20:05:38.0504 setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removaldrv (64d93ec1218765498c40619427a85a91) C:\Windows\system32\DRIVERS\6505017.sys
2010/11/09 20:05:38.0566 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\DRIVERS\sffdisk.sys
2010/11/09 20:05:38.0644 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2010/11/09 20:05:38.0722 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\DRIVERS\sffp_sd.sys
2010/11/09 20:05:38.0753 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\DRIVERS\sfloppy.sys
2010/11/09 20:05:38.0847 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2010/11/09 20:05:38.0909 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2010/11/09 20:05:38.0972 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2010/11/09 20:05:39.0050 Smb (ac0d90738adb51a6fd12ff00874a2162) C:\Windows\system32\DRIVERS\smb.sys
2010/11/09 20:05:39.0284 smserial (d9bfd2298f5cf116d8eaae3b02dcee2e) C:\Windows\system32\DRIVERS\smserial.sys
2010/11/09 20:05:39.0440 SNP2UVC (0302bc619d4a723317e7f8eb0c362bd3) C:\Windows\system32\DRIVERS\snp2uvc.sys
2010/11/09 20:05:39.0533 spldr (426f9b029aa9162ceccf65369457d046) C:\Windows\system32\drivers\spldr.sys
2010/11/09 20:05:39.0627 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\Windows\system32\Drivers\sptd.sys
2010/11/09 20:05:39.0721 srv (2c677528b24d64d22886ecbe5cd97f20) C:\Windows\system32\DRIVERS\srv.sys
2010/11/09 20:05:39.0767 srv2 (e8c4d5bca3c7b5c2a040052aa467b5bf) C:\Windows\system32\DRIVERS\srv2.sys
2010/11/09 20:05:39.0814 srvnet (cd11a0767e82dd8b1a3a26d305dbec0f) C:\Windows\system32\DRIVERS\srvnet.sys
2010/11/09 20:05:39.0877 StarOpen (f92254b0bcfcd10caac7bccc7cb7f467) C:\Windows\system32\drivers\StarOpen.sys
2010/11/09 20:05:39.0939 swenum (1379bdb336f8158c176a465e30759f57) C:\Windows\system32\DRIVERS\swenum.sys
2010/11/09 20:05:40.0017 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2010/11/09 20:05:40.0095 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2010/11/09 20:05:40.0173 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2010/11/09 20:05:40.0235 SynTP (760e4f5a1e754bbe4a1bd2a0b54f6aa6) C:\Windows\system32\DRIVERS\SynTP.sys
2010/11/09 20:05:40.0391 Tcpip (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\drivers\tcpip.sys
2010/11/09 20:05:40.0516 Tcpip6 (5df77458aa92fdb36fce79c60f74ab5d) C:\Windows\system32\DRIVERS\tcpip.sys
2010/11/09 20:05:40.0579 tcpipreg (5ce0c4a7b12d0067dad527d72b68c726) C:\Windows\system32\drivers\tcpipreg.sys
2010/11/09 20:05:40.0625 TDPIPE (964248aef49c31fa6a93201a73ffaf50) C:\Windows\system32\drivers\tdpipe.sys
2010/11/09 20:05:40.0703 TDTCP (7d2c1ae1648a60fce4aa0f7982e419d3) C:\Windows\system32\drivers\tdtcp.sys
2010/11/09 20:05:40.0750 tdx (ab4fde8af4a0270a46a001c08cbce1c2) C:\Windows\system32\DRIVERS\tdx.sys
2010/11/09 20:05:40.0797 TermDD (2c549bd9dd091fbfaa0a2a48e82ec2fb) C:\Windows\system32\DRIVERS\termdd.sys
2010/11/09 20:05:40.0875 TPM (6d9ad3534a9cf7e4b86c6eae8bc335f6) C:\Windows\system32\drivers\tpm.sys
2010/11/09 20:05:40.0953 tssecsrv (29f0eca726f0d51f7e048bdb0b372f29) C:\Windows\system32\DRIVERS\tssecsrv.sys
2010/11/09 20:05:41.0031 tunmp (a858917785681743c512950fdfa14db7) C:\Windows\system32\DRIVERS\tunmp.sys
2010/11/09 20:05:41.0078 tunnel (29f1d1d888ee61d20d5662e72aa34129) C:\Windows\system32\DRIVERS\tunnel.sys
2010/11/09 20:05:41.0156 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2010/11/09 20:05:41.0234 udfs (6348da98707ceda8a0dfb05820e17732) C:\Windows\system32\DRIVERS\udfs.sys
2010/11/09 20:05:41.0327 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2010/11/09 20:05:41.0374 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2010/11/09 20:05:41.0468 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2010/11/09 20:05:41.0546 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2010/11/09 20:05:41.0608 umbus (3fb78f1d1dd86d87bececd9dffa24dd9) C:\Windows\system32\DRIVERS\umbus.sys
2010/11/09 20:05:41.0639 UnlockerDriver5 (b2af2ba8a3205a8458b61f638fb431dd) C:\Software\PC Health\Unlocker\UnlockerDriver5.sys
2010/11/09 20:05:41.0686 usbccgp (9881b6c8651d715c791ab06a505b17a6) C:\Windows\system32\DRIVERS\usbccgp.sys
2010/11/09 20:05:41.0764 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2010/11/09 20:05:41.0827 usbehci (8f04157bd36e7884be0c20b845b4e1d9) C:\Windows\system32\DRIVERS\usbehci.sys
2010/11/09 20:05:41.0905 usbhub (4450746076d49ce8a374a916d3595b62) C:\Windows\system32\DRIVERS\usbhub.sys
2010/11/09 20:05:41.0967 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2010/11/09 20:05:42.0029 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\DRIVERS\usbprint.sys
2010/11/09 20:05:42.0076 usbscan (b1f95285c08ddfe00c0b955462637ec7) C:\Windows\system32\DRIVERS\usbscan.sys
2010/11/09 20:05:42.0123 USBSTOR (7887ce56934e7f104e98c975f47353c5) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2010/11/09 20:05:42.0185 usbuhci (e59040e7d24007c68eb6ce9f5666be16) C:\Windows\system32\DRIVERS\usbuhci.sys
2010/11/09 20:05:42.0248 usbvideo (0a6b81f01bc86399482e27e6fda7b33b) C:\Windows\system32\Drivers\usbvideo.sys
2010/11/09 20:05:42.0388 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2010/11/09 20:05:42.0451 VgaSave (17a8f877314e4067f8c8172cc6d9101c) C:\Windows\System32\drivers\vga.sys
2010/11/09 20:05:42.0529 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2010/11/09 20:05:42.0685 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2010/11/09 20:05:42.0747 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2010/11/09 20:05:42.0809 VNASC (5fb77241b22bfbdc2fdef011696701b2) C:\Windows\system32\DRIVERS\vnasc.sys
2010/11/09 20:05:42.0841 volmgr (103e84c95832d0ed93507997cc7b54e8) C:\Windows\system32\drivers\volmgr.sys
2010/11/09 20:05:42.0903 volmgrx (294da8d3f965f6a8db934a83c7b461ff) C:\Windows\system32\drivers\volmgrx.sys
2010/11/09 20:05:42.0965 volsnap (80dc0c9bcb579ed9815001a4d37cbfd5) C:\Windows\system32\drivers\volsnap.sys
2010/11/09 20:05:43.0028 VPN-1 (f93742fa61f8b204d9a70d2d4b333782) C:\Windows\System32\drivers\vpn.sys
2010/11/09 20:05:43.0106 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2010/11/09 20:05:43.0184 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2010/11/09 20:05:43.0262 Wanarp (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/09 20:05:43.0277 Wanarpv6 (6798c1209a53b5a0ded8d437c45145ff) C:\Windows\system32\DRIVERS\wanarp.sys
2010/11/09 20:05:43.0340 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2010/11/09 20:05:43.0418 Wdf01000 (7b5f66e4a2219c7d9daf9e738480e534) C:\Windows\system32\drivers\Wdf01000.sys
2010/11/09 20:05:43.0558 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
2010/11/09 20:05:43.0652 WpdUsb (2d27171b16a577ef14c1273668753485) C:\Windows\system32\DRIVERS\wpdusb.sys
2010/11/09 20:05:43.0714 ws2ifsl (84620aecdcfd2a7a14e6263927d8c0ed) C:\Windows\system32\drivers\ws2ifsl.sys
2010/11/09 20:05:43.0777 WUDFRd (a2aafcc8a204736296d937c7c545b53f) C:\Windows\system32\DRIVERS\WUDFRd.sys
2010/11/09 20:05:43.0839 ================================================================================
2010/11/09 20:05:43.0839 Scan finished
2010/11/09 20:05:43.0839 ================================================================================
2010/11/09 20:06:24.0877 Deinitialize success



Meanwhile, a thing happened. This morning I had two blue screens of death when windows started and had to reboot two times. Because the problem was repeating I had to do a system restore to a point before the Vuze and Spybot uninstall. So now the two softwares are listed in the Control Panel and I cannot eliminate them.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 9th, 2010, 4:23 pm

Hi again.

I can't install Avira... it keeps giving the same error saying that an update of Windows is running... (attach)
You do not have the required permissions to view the files attached to this post.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 9th, 2010, 4:55 pm

senshi,
When you do a System restore, it also may return your Windows to a condition BEFORE the last set(s) of Windows Updates.
If you have Automatic Updates ON, it will try to download all intervening updates.
Give it time. Then try again to load and install Antivir.
You can hurry it up by using Google for Microsoft Windows Updates, going to the site, and downloading all critical updates.

I cannot yet tell how much damage has been done to your system due to running a P2P program with with no antivirus.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 10th, 2010, 6:21 am

I have the updates turned OFF, so the error during the installation of Avira is strange.

I had AVG installed previously. As I said in the first post I was receiving help in another forum and I uninstalled the antivirus during the "help process". But still, the infections may have come from Azureus anyway.

I tried to install Avira again, but no luck. What should I do?


Thanks again for the help.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 10th, 2010, 6:58 am

senshi,
I am not a bit sure this machine can be fixed using online methods.
Any time a machine is allowed to run with no antivirus, Windows Updates turned OFF, and P2P programs in use, the infections will quickly overwhelm the integrity of the system.

What model is the machine, and do you have the Windows Vista Installation CD?
---------------------------------------------
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it. For Vista or Win7, right click the icon and choose "Run as administrator".
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text in the code box below and paste it into the Custom Scans/Fixes box.
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg 
    %systemroot%\*.jpg 
    %systemroot%\*.png 
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.* 
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav 
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x 
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %PROGRAMFILES%\Internet Explorer\*.dat
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

So we are looking for the two logs from the OTL scanner, and the answers to my questions about the machine model and Vista disk.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 11th, 2010, 12:44 pm

Hi askey127.

OTL only shows one log. Here it is:

OTL logfile created on: 11-11-2010 16:35:28 - Run 3
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Pedro\Desktop
Windows Vista Home Premium Edition (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6000.16711)
Locale: 00000816 | Country: Portugal | Language: PTG | Date Format: dd-MM-yyyy

3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 63,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 81,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 116,44 Gb Total Space | 4,19 Gb Free Space | 3,60% Space Free | Partition Type: NTFS
Drive D: | 108,63 Gb Total Space | 9,92 Gb Free Space | 9,13% Space Free | Partition Type: NTFS

Computer Name: ASUSX53SA-AP138 | User Name: Pedro | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010-11-11 16:34:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Desktop\OTL.exe
PRC - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () -- C:\Software\CDBurnerXP\NMSAccessU.exe
PRC - [2008-09-23 02:26:02 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008-08-29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) -- C:\Software\Cisco Systems VPN\cvpnd.exe
PRC - [2008-02-03 12:43:11 | 000,033,136 | ---- | M] () -- C:\Windows\ASScrPro.exe
PRC - [2008-02-03 11:07:43 | 001,006,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007-11-30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files\ASUS\ASUS Live Update\ALU.exe
PRC - [2007-10-24 02:02:15 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2007-10-24 02:02:13 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANOTIF.EXE
PRC - [2007-09-03 10:39:21 | 004,702,208 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007-09-01 01:38:12 | 000,180,224 | ---- | M] (ATK) -- C:\Program Files\P4G\BatteryLife.exe
PRC - [2007-08-08 08:08:40 | 000,094,208 | ---- | M] () -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe
PRC - [2007-08-03 20:24:54 | 000,125,496 | ---- | M] () -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
PRC - [2007-07-10 18:59:56 | 000,851,968 | ---- | M] (ATK) -- C:\Program Files\ASUS\Splendid\ACMON.exe
PRC - [2007-05-18 10:31:16 | 000,073,728 | ---- | M] () -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007-04-19 19:32:08 | 000,225,280 | ---- | M] (ATK0100) -- C:\Program Files\ATK Hotkey\Hcontrol.exe
PRC - [2007-04-17 21:39:42 | 000,077,824 | ---- | M] () -- C:\Program Files\ATK Hotkey\KBFiltr.exe
PRC - [2007-02-06 02:13:14 | 000,094,208 | ---- | M] () -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe
PRC - [2007-01-18 03:26:36 | 007,708,672 | ---- | M] () -- C:\Program Files\ATKOSD2\ATKOSD2.exe
PRC - [2006-12-21 07:03:38 | 001,036,288 | ---- | M] () -- C:\Program Files\Wireless Console 2\wcourier.exe
PRC - [2006-12-19 01:26:26 | 002,420,736 | ---- | M] () -- C:\Program Files\ATK Hotkey\ATKOSD.exe
PRC - [2006-11-02 16:27:32 | 000,061,440 | ---- | M] (ASUSTeK Computer INC.) -- C:\Program Files\ASUS\ATK Media\DMedia.exe
PRC - [2006-08-11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
PRC - [2005-07-06 23:43:42 | 000,155,648 | ---- | M] (ASUSTeK) -- C:\Windows\System32\ACEngSvr.exe


========== Modules (SafeList) ==========

MOD - [2010-11-11 16:34:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Desktop\OTL.exe
MOD - [2006-11-02 09:38:57 | 001,648,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6000.16386_none_5d07289e07e1d100\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Software\VIDEOT~1\Codecs\STORMC~1\Stormser.exe -- (Stormser)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - File not found [Auto | Stopped] -- C:\Software\Video tools\Codecs\Storm Codec\stormliv.exe -- (ccosm)
SRV - [2010-05-08 16:04:02 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010-03-04 22:38:00 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Software\CDBurnerXP\NMSAccessU.exe -- (NMSAccess)
SRV - [2008-08-29 13:58:16 | 001,528,608 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Software\Cisco Systems VPN\cvpnd.exe -- (CVPND)
SRV - [2008-05-24 20:43:11 | 000,306,432 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\Windows\System32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2008-02-03 11:07:43 | 000,265,912 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007-12-20 09:41:56 | 000,029,440 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2007-10-24 02:02:15 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2007-08-08 08:08:40 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2007-08-03 20:24:54 | 000,125,496 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe -- (spmgr)
SRV - [2007-05-24 10:13:50 | 000,036,955 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Watchdog.exe -- (SR_Watchdog)
SRV - [2007-05-24 10:13:48 | 000,106,586 | ---- | M] (Check Point Software Technologies) [Disabled | Stopped] -- C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe -- (SR_Service)
SRV - [2007-05-18 10:31:16 | 000,073,728 | ---- | M] () [Auto | Running] -- C:\Program Files\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
SRV - [2007-02-06 02:13:14 | 000,094,208 | ---- | M] () [Auto | Running] -- C:\Program Files\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2006-08-11 10:15:36 | 000,200,704 | ---- | M] (InterVideo Inc.) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe -- (Capture Device Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | System | Stopped] -- C:\Windows\System32\DRIVERS\VClone.sys -- (VClone)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\drivers\dwprot.sys -- (DwProt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pedro\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010-05-10 18:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Software\PC Health\SUPERAntiSpyware Free Edition\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010-02-17 18:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Software\PC Health\SUPERAntiSpyware Free Edition\sasdifsv.sys -- (SASDIFSV)
DRV - [2010-02-03 14:56:56 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2009-11-12 13:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009-10-22 12:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\65050172.sys -- (65050172)
DRV - [2009-10-09 22:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6505017.sys -- (setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removaldrv)
DRV - [2009-09-25 16:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\65050171.sys -- (65050171)
DRV - [2009-05-28 11:28:56 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008-08-29 13:57:18 | 000,306,299 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008-03-29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007-10-02 11:53:01 | 000,220,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaNvStor.sys -- (iaNvStor) Intel(R)
DRV - [2007-10-01 06:59:45 | 001,769,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV - [2007-09-29 15:03:11 | 000,308,248 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2007-09-05 09:36:25 | 001,953,944 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007-08-29 16:38:59 | 000,046,080 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\l160x86.sys -- (AtcL001)
DRV - [2007-08-11 04:19:26 | 000,029,752 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AsDsm.sys -- (AsDsm)
DRV - [2007-08-03 04:26:21 | 000,020,936 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ASUS\NB Probe\SPM\ghaio.sys -- (ghaio)
DRV - [2007-07-24 19:09:04 | 000,013,880 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\ATKGFNEX\ASMMAP.sys -- (ASMMAP)
DRV - [2007-06-20 20:51:27 | 002,222,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32) Intel(R)
DRV - [2007-06-13 07:28:11 | 002,600,448 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2007-05-24 10:13:58 | 000,036,368 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\omdrv.sys -- (CP_OMDRV)
DRV - [2007-05-24 10:13:54 | 002,234,800 | ---- | M] (Check Point Software Technologies) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\fw.sys -- (FW1)
DRV - [2007-05-24 10:13:52 | 000,110,032 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vnasc.sys -- (VNASC)
DRV - [2007-05-24 10:13:50 | 000,673,456 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vpn.sys -- (VPN-1)
DRV - [2007-04-11 16:18:33 | 000,048,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007-03-21 14:02:03 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007-03-01 13:24:29 | 000,182,456 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007-02-24 06:42:21 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007-01-24 10:08:39 | 000,005,632 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2007-01-23 08:40:19 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007-01-18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006-12-14 07:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006-11-22 09:34:59 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006-11-02 09:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006-11-02 09:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006-11-02 09:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006-11-02 09:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006-11-02 09:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006-11-02 09:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006-11-02 09:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006-11-02 09:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006-11-02 09:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006-11-02 09:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006-11-02 09:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006-11-02 09:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006-11-02 09:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006-11-02 09:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006-11-02 09:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006-11-02 09:50:17 | 000,041,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2006-11-02 09:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006-11-02 09:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006-11-02 09:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006-11-02 09:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006-11-02 09:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006-11-02 09:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006-11-02 09:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006-11-02 09:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006-11-02 09:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006-11-02 09:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006-11-02 09:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006-11-02 09:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006-11-02 09:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006-11-02 09:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006-11-02 09:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006-11-02 09:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006-11-02 09:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006-11-02 09:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006-11-02 09:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006-11-02 09:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006-11-02 08:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006-11-02 08:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006-11-02 08:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006-11-02 08:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006-11-02 08:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006-11-02 08:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006-11-02 07:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006-11-02 07:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006-11-02 07:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel(R)
DRV - [2006-11-02 07:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006-10-19 02:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006-02-07 11:52:57 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2004-06-21 15:03:22 | 000,078,976 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MarvinBus.sys -- (MarvinBus)
DRV - [2002-03-19 09:29:16 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\Pclepci.sys -- (PCLEPCI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.asus.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.ipatimup.pt:8000

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.http: "proxy.ipatimup.pt"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, www.ipatimup.pt"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Software\Mozila Firefox\components [2010-09-22 14:29:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Software\Mozila Firefox\plugins [2010-09-22 15:19:05 | 000,000,000 | ---D | M]

[2008-09-23 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\mozilla\Extensions
[2010-11-11 10:39:34 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\Profiles\e86zdmoy.default\extensions
[2010-06-11 17:07:54 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\mozilla\Firefox\Profiles\e86zdmoy.default\extensions\personas@christopher.beard

O1 HOSTS File: ([2010-09-20 21:23:39 | 000,419,366 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 14473 more lines...
O2 - BHO: (Facilitador de Leitor de Link Adobe PDF) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Software\PC Health\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [ASUS Camera ScreenSaver] C:\Windows\ASScrProlog.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\ASScrPro.exe ()
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE (ASUSTeK Computer INC.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.lnk = C:\Software\PC Health\Virus Removal Tool\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal\startup.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O9 - Extra Button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Software\PC Health\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 192.168.254.2
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows Photo Gallery\Fundo da Galeria de Fotografias do Windows.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pedro\AppData\Roaming\Microsoft\Windows Photo Gallery\Fundo da Galeria de Fotografias do Windows.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: UxTuneUp - C:\Windows\System32\uxtuneup.dll (TuneUp Software GmbH)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.ac3acm - C:\Windows\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.ac3filter - C:\Windows\System32\ac3filter.acm ()
Drivers32: msacm.avis - C:\Windows\System32\ff_acm.acm ()
Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioDFileDescription)
Drivers32: msacm.dvacm - C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm File not found
Drivers32: msacm.iac2 - C:\Windows\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\Windows\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.vorbis - C:\Windows\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\Windows\System32\vct3216.acm (Voxware, Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.FLV4 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.HFYU - C:\Windows\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\Windows\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.uldx - C:\Software\VIDEOT~1\ULEADS~1\ULEADD~1\ULEADD~1\DivX_UL.dll File not found
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP6F - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp70 - C:\Windows\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.WMV3 - C:\Windows\System32\wmv9vcm.dll (Microsoft Corporation)
Drivers32: VIDC.X264 - C:\Windows\System32\x264vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: wave1 - C:\Windows\System32\serwvdrv.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010-11-11 16:34:14 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Pedro\Desktop\OTL.exe
[2010-11-10 13:13:45 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\5 days 26º C
[2010-11-08 09:17:04 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\Asp e Cand
[2010-11-07 19:23:23 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010-11-03 16:56:12 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\Figs
[2010-11-02 10:37:42 | 000,000,000 | ---D | C] -- C:\Users\Pedro\DoctorWeb
[2010-11-01 20:58:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\SPSS.13+Patch
[2010-10-29 21:54:54 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6505017.sys
[2010-10-29 21:54:54 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65050171.sys
[2010-10-29 21:54:54 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\65050172.sys
[2010-10-29 21:51:04 | 082,090,552 | ---- | C] ( ) -- C:\Users\Pedro\Desktop\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.exe
[2010-10-29 13:32:32 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\casa
[2010-10-28 18:57:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2010-10-28 15:09:56 | 000,000,000 | ---D | C] -- C:\Users\Pedro\Desktop\Microarrays Neurospora
[2010-10-27 19:44:40 | 000,000,000 | ---D | C] -- C:\_OTL
[2010-10-25 11:18:57 | 000,000,000 | ---D | C] -- C:\usr
[2010-10-25 11:16:47 | 000,000,000 | ---D | C] -- C:\Program Files\UTAX TA
[2010-10-25 11:15:22 | 000,100,580 | ---- | C] (KYOCERA MITA Corporation) -- C:\Windows\System32\KMPJLMN.DLL
[2010-10-24 17:33:18 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010-10-24 17:33:18 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010-10-24 17:33:18 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010-10-24 17:33:18 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010-10-21 09:30:02 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010-10-21 09:19:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2009-07-09 14:36:31 | 005,079,326 | ---- | C] (MRC-Holland) -- C:\Program Files\Coffalyser v8.exe
[2008-09-22 20:56:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Pedro\AppData\Roaming\pcouffin.sys
[2007-01-24 10:08:39 | 000,005,632 | ---- | C] ( ) -- C:\Windows\System32\drivers\kbfiltr.sys
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Pedro\*.tmp files -> C:\Users\Pedro\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010-11-11 16:34:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Desktop\OTL.exe
[2010-11-11 16:19:02 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010-11-11 16:19:02 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010-11-11 16:09:00 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2553703031-1697210116-371060287-1000UA.job
[2010-11-11 14:09:04 | 000,000,980 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2553703031-1697210116-371060287-1000Core.job
[2010-11-11 09:23:49 | 000,524,088 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2010-11-11 09:23:49 | 000,087,352 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2010-11-11 09:23:48 | 000,613,046 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010-11-11 09:23:48 | 000,104,768 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010-11-11 09:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010-11-10 17:51:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010-11-09 20:12:17 | 053,123,856 | ---- | M] () -- C:\Users\Pedro\Desktop\avira_antivir_personal_en.exe
[2010-11-09 20:01:06 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2010-11-09 15:42:45 | 000,002,684 | ---- | M] () -- C:\Users\Pedro\.jalview_properties
[2010-11-09 15:41:09 | 000,017,372 | ---- | M] () -- C:\Program Files\BioEdit.ini
[2010-11-09 11:52:20 | 000,020,992 | ---- | M] () -- C:\Users\Pedro\Desktop\Contas_Apart_Porto.xls
[2010-11-09 11:41:22 | 000,006,439 | ---- | M] () -- C:\Users\Pedro\AppData\Roaming\PrimoPDFSet.xml
[2010-11-09 09:59:12 | 319,728,738 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010-11-08 09:48:16 | 000,058,524 | ---- | M] () -- C:\Users\Pedro\Desktop\Yanai_Mellor_DeLisi_TIG_2002.pdf
[2010-11-07 11:35:34 | 000,184,320 | ---- | M] () -- C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010-11-05 17:48:18 | 000,000,386 | ---- | M] () -- C:\Windows\tasks\1-Click Maintenance.job
[2010-11-04 19:49:36 | 000,039,936 | ---- | M] () -- C:\Users\Pedro\Desktop\MSchecklist.doc
[2010-11-03 13:47:14 | 000,000,680 | ---- | M] () -- C:\Users\Pedro\AppData\Local\d3d9caps.dat
[2010-11-02 12:19:29 | 000,012,126 | ---- | M] () -- C:\Users\Pedro\Desktop\revistas SOV.docx
[2010-11-01 18:13:32 | 000,027,178 | ---- | M] () -- C:\Users\Pedro\Desktop\which is a dose shown to block RET.docx
[2010-10-29 21:55:44 | 000,002,724 | ---- | M] () -- C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.lnk
[2010-10-29 21:48:28 | 000,015,813 | ---- | M] () -- C:\Users\Pedro\Desktop\Apoptosis decision.docx
[2010-10-29 14:29:31 | 000,290,727 | ---- | M] () -- C:\Users\Pedro\Desktop\bi061441j.pdf
[2010-10-29 13:29:04 | 000,365,427 | ---- | M] () -- C:\Users\Pedro\Desktop\10 J Cell Phys, Tyrosine Phosphorylation Modulates Store-operated Calcium Entry in Cultured Rat.pdf
[2010-10-28 18:47:54 | 082,090,552 | ---- | M] ( ) -- C:\Users\Pedro\Desktop\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.exe
[2010-10-25 20:48:52 | 001,852,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010-10-25 09:34:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-10-25 09:34:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[6 C:\ProgramData\*.tmp files -> C:\ProgramData\*.tmp -> ]
[3 C:\Users\Pedro\*.tmp files -> C:\Users\Pedro\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010-11-09 20:07:05 | 053,123,856 | ---- | C] () -- C:\Users\Pedro\Desktop\avira_antivir_personal_en.exe
[2010-11-08 09:48:16 | 000,058,524 | ---- | C] () -- C:\Users\Pedro\Desktop\Yanai_Mellor_DeLisi_TIG_2002.pdf
[2010-11-07 14:18:46 | 000,020,992 | ---- | C] () -- C:\Users\Pedro\Desktop\Contas_Apart_Porto.xls
[2010-11-04 19:49:35 | 000,039,936 | ---- | C] () -- C:\Users\Pedro\Desktop\MSchecklist.doc
[2010-11-02 12:19:29 | 000,012,126 | ---- | C] () -- C:\Users\Pedro\Desktop\revistas SOV.docx
[2010-11-01 18:13:31 | 000,027,178 | ---- | C] () -- C:\Users\Pedro\Desktop\which is a dose shown to block RET.docx
[2010-10-29 21:55:44 | 000,002,724 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.lnk
[2010-10-29 21:48:28 | 000,015,813 | ---- | C] () -- C:\Users\Pedro\Desktop\Apoptosis decision.docx
[2010-10-29 14:29:31 | 000,290,727 | ---- | C] () -- C:\Users\Pedro\Desktop\bi061441j.pdf
[2010-10-29 13:29:04 | 000,365,427 | ---- | C] () -- C:\Users\Pedro\Desktop\10 J Cell Phys, Tyrosine Phosphorylation Modulates Store-operated Calcium Entry in Cultured Rat.pdf
[2010-10-25 09:34:16 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2010-10-25 09:34:16 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2010-10-24 18:19:17 | 000,001,593 | ---- | C] () -- C:\Users\Pedro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010-10-24 17:33:18 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010-10-24 17:33:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010-10-24 17:33:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010-10-24 17:33:18 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010-10-24 17:33:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010-06-19 01:06:20 | 000,000,678 | ---- | C] () -- C:\ProgramData\tmpE350.log
[2010-05-02 14:23:05 | 000,007,168 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys
[2010-05-02 13:27:57 | 000,001,936 | ---- | C] () -- C:\Windows\System32\nethasp.ini
[2010-03-21 01:08:09 | 002,392,064 | ---- | C] () -- C:\Windows\System32\videotrans.dll
[2010-03-21 01:08:09 | 000,215,040 | ---- | C] () -- C:\Windows\System32\videoformat.dll
[2010-03-21 01:08:09 | 000,017,920 | ---- | C] () -- C:\Windows\System32\videocore.dll
[2010-03-21 01:08:08 | 000,061,440 | ---- | C] () -- C:\Windows\System32\imgscaler.dll
[2010-03-21 01:08:08 | 000,022,016 | ---- | C] () -- C:\Windows\System32\img_utils.dll
[2010-02-15 16:32:16 | 000,000,648 | ---- | C] () -- C:\ProgramData\tmpB02E.log
[2009-11-22 19:10:14 | 000,000,248 | ---- | C] () -- C:\Windows\chromas.ini
[2009-07-04 13:08:25 | 000,000,693 | ---- | C] () -- C:\ProgramData\tmpDA38.log
[2009-05-28 09:11:26 | 000,000,006 | -HS- | C] () -- C:\ProgramData\.SSysID
[2009-05-28 09:11:26 | 000,000,006 | -HS- | C] () -- C:\Users\Pedro\AppData\Local\.BSysID
[2009-05-04 00:05:19 | 000,000,163 | ---- | C] () -- C:\Windows\STATVIEW.INI
[2009-04-27 11:56:22 | 000,037,888 | ---- | C] () -- C:\Windows\System32\el379ux.dll
[2009-04-27 11:56:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth2.dll
[2009-04-27 11:56:22 | 000,001,025 | ---- | C] () -- C:\Windows\System32\grcauth1.dll
[2009-04-27 11:56:22 | 000,000,204 | ---- | C] () -- C:\Windows\System32\wgezc24.dll
[2009-04-27 11:56:22 | 000,000,100 | ---- | C] () -- C:\Windows\System32\prsgrc.dll
[2009-04-27 11:56:19 | 000,000,016 | -H-- | C] () -- C:\Windows\System32\mb6a5lr.dll
[2009-04-19 01:32:06 | 000,000,753 | ---- | C] () -- C:\ProgramData\tmp943A.log
[2009-03-01 11:35:02 | 000,000,723 | ---- | C] () -- C:\ProgramData\tmpE994.log
[2009-01-17 19:31:52 | 000,000,738 | ---- | C] () -- C:\ProgramData\tmp1D80.log
[2008-10-18 20:40:30 | 000,000,029 | ---- | C] () -- C:\Windows\AviMerin.INI
[2008-10-16 22:13:10 | 000,000,274 | ---- | C] () -- C:\Windows\autogk.ini
[2008-10-15 00:24:52 | 000,056,320 | ---- | C] () -- C:\Windows\System32\iyvu9_32.dll
[2008-10-15 00:04:34 | 002,041,363 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2008-09-22 21:02:51 | 000,087,608 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\ezpinst.exe
[2008-09-22 20:58:39 | 000,000,668 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\vso_ts_preview.xml
[2008-09-22 20:57:35 | 000,034,308 | ---- | C] () -- C:\Windows\System32\Chip.dll
[2008-09-22 20:57:08 | 000,000,034 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\pcouffin.log
[2008-09-22 20:56:33 | 000,087,608 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\inst.exe
[2008-09-22 20:56:33 | 000,007,887 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\pcouffin.cat
[2008-09-22 20:56:33 | 000,001,144 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\pcouffin.inf
[2008-09-19 23:17:24 | 000,006,439 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\PrimoPDFSet.xml
[2008-09-19 23:16:04 | 000,176,235 | ---- | C] () -- C:\Windows\System32\Primomonnt.dll
[2008-09-19 11:43:20 | 000,204,800 | ---- | C] () -- C:\Windows\System32\IVIresizeW7.dll
[2008-09-19 11:43:20 | 000,200,704 | ---- | C] () -- C:\Windows\System32\IVIresizeA6.dll
[2008-09-19 11:43:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeP6.dll
[2008-09-19 11:43:20 | 000,192,512 | ---- | C] () -- C:\Windows\System32\IVIresizeM6.dll
[2008-09-19 11:43:20 | 000,188,416 | ---- | C] () -- C:\Windows\System32\IVIresizePX.dll
[2008-09-19 11:43:20 | 000,020,480 | ---- | C] () -- C:\Windows\System32\IVIresize.dll
[2008-09-16 00:14:24 | 003,596,288 | ---- | C] () -- C:\Windows\System32\qt-dx331.dll
[2008-09-16 00:11:10 | 000,012,288 | ---- | C] () -- C:\Windows\System32\DivXWMPExtType.dll
[2008-08-29 13:58:26 | 000,197,408 | ---- | C] () -- C:\Windows\System32\vpnapi.dll
[2008-06-20 19:10:19 | 000,000,391 | ---- | C] () -- C:\Windows\Globocan2002.ini
[2008-06-20 18:06:42 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2008-06-20 18:06:42 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth2.dll
[2008-06-20 18:06:42 | 000,001,025 | ---- | C] () -- C:\Windows\System32\clauth1.dll
[2008-06-20 18:06:42 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2008-06-20 18:06:42 | 000,000,073 | ---- | C] () -- C:\Windows\System32\ssprs.dll
[2008-06-14 18:29:25 | 000,000,685 | ---- | C] () -- C:\Windows\winmdi.ini
[2008-06-09 19:25:27 | 000,010,848 | ---- | C] () -- C:\Windows\hpdj5100.ini
[2008-05-25 22:45:08 | 000,000,317 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008-05-25 12:02:30 | 000,000,196 | ---- | C] () -- C:\Windows\ulead32.ini
[2008-05-24 18:20:51 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2008-05-23 22:50:40 | 000,184,320 | ---- | C] () -- C:\Users\Pedro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008-05-23 20:21:53 | 000,027,503 | ---- | C] () -- C:\Users\Pedro\AppData\Roaming\UserTile.png
[2008-05-23 19:31:57 | 000,000,680 | ---- | C] () -- C:\Users\Pedro\AppData\Local\d3d9caps.dat
[2008-04-28 16:13:33 | 000,000,280 | ---- | C] () -- C:\Windows\primopdf.ini
[2008-02-03 12:43:23 | 000,012,288 | ---- | C] () -- C:\Windows\impborl.dll
[2007-10-02 11:52:13 | 000,167,936 | ---- | C] () -- C:\Windows\System32\nvccoin.dll
[2007-10-01 06:59:45 | 001,769,984 | ---- | C] () -- C:\Windows\System32\drivers\snp2uvc.sys
[2007-09-04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2007-06-13 07:18:53 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2007-05-24 10:14:02 | 000,004,133 | ---- | C] () -- C:\Windows\entrust.ini
[2007-05-24 10:13:48 | 000,106,584 | ---- | C] () -- C:\Windows\System32\fwnetcfg.dll
[2007-05-09 07:16:39 | 000,028,160 | ---- | C] () -- C:\Windows\System32\drivers\sncduvc.sys
[2007-04-20 16:15:53 | 000,000,010 | ---- | C] () -- C:\Windows\System32\ABLKSR.ini
[2007-02-05 19:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006-11-02 12:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006-11-02 10:25:26 | 000,557,568 | ---- | C] () -- C:\Windows\System32\hpotscl1.dll
[2006-11-02 10:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006-11-02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006-11-01 06:54:30 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006-11-01 06:52:38 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2006-05-26 13:29:14 | 000,007,680 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2006-03-09 02:57:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005-10-28 11:23:16 | 002,255,872 | ---- | C] () -- C:\Program Files\BioEdit.exe
[2005-05-31 08:02:46 | 000,001,303 | ---- | C] () -- C:\Program Files\LICENSE.TXT
[2005-05-31 08:02:30 | 000,066,598 | ---- | C] () -- C:\Program Files\ReadMe.txt
[2005-05-07 04:05:59 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2004-06-19 11:43:04 | 000,017,372 | ---- | C] () -- C:\Program Files\BioEdit.ini
[2004-04-29 19:01:54 | 000,959,370 | ---- | C] () -- C:\Program Files\treev32.zip
[2004-03-18 07:44:29 | 001,663,068 | ---- | C] () -- C:\Windows\System32\libmmd.dll
[2003-09-16 15:52:28 | 000,147,456 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2003-09-16 15:43:31 | 000,884,736 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2003-09-16 15:41:43 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll
[2003-06-04 15:32:42 | 000,001,120 | ---- | C] () -- C:\Program Files\TreeView.txt
[2002-05-15 04:58:38 | 000,122,880 | ---- | C] () -- C:\Windows\System32\v2k2_dec.dll

========== LOP Check ==========

[2010-03-20 22:17:17 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\AnvSoft
[2009-05-31 15:53:57 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Astro Gemini Software
[2010-11-09 17:58:03 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Azureus
[2009-08-05 20:33:56 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Camfrog
[2010-05-02 14:23:17 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Canneverbe Limited
[2009-05-28 11:33:12 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\DAEMON Tools Lite
[2010-11-11 11:50:36 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\EndNote
[2009-08-19 15:03:43 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\FlowJo7
[2010-09-08 10:11:46 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Image Zone Express
[2010-04-12 21:43:26 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\InfraRecorder
[2008-10-06 10:41:45 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Leadertech
[2010-10-11 14:05:40 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\MEGA4_4028
[2009-08-10 23:09:39 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\ooVoo Details
[2008-05-23 20:21:53 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\PeerNetworking
[2008-05-24 15:16:39 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Seven Zip
[2009-07-03 15:40:05 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Sports Interactive
[2009-09-01 09:23:20 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\The Discovery Series
[2008-05-24 20:43:19 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\TuneUp Software
[2010-03-21 15:38:40 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Ulead Systems
[2010-03-21 00:05:41 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\VistaCodecs
[2010-10-05 21:31:33 | 000,000,000 | ---D | M] -- C:\Users\Pedro\AppData\Roaming\Vso
[2010-11-05 17:48:18 | 000,000,386 | ---- | M] () -- C:\Windows\Tasks\1-Click Maintenance.job
[2010-11-10 17:51:27 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006-11-02 09:53:57 | 000,438,840 | RHS- | M] () -- C:\bootmgr
[2010-10-25 09:34:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010-10-25 09:34:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010-11-11 09:18:53 | 3534,356,480 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006-11-02 12:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006-11-02 12:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006-11-02 12:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006-11-02 12:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006-09-18 21:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006-11-02 09:46:05 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006-11-02 12:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2006-10-26 18:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008-02-03 12:43:24 | 000,503,808 | ---- | M] (ScreenTime Media) -- C:\Windows\Asus_Camera_ScreenSaver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2005-10-28 11:23:16 | 002,255,872 | ---- | M] () -- C:\Program Files\BioEdit.exe
[2010-11-09 15:41:09 | 000,017,372 | ---- | M] () -- C:\Program Files\BioEdit.ini
[2009-07-09 14:36:34 | 005,079,326 | ---- | M] (MRC-Holland) -- C:\Program Files\Coffalyser v8.exe
[2008-09-23 02:44:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
[2005-05-31 08:02:46 | 000,001,303 | ---- | M] () -- C:\Program Files\LICENSE.TXT
[2005-05-31 08:02:30 | 000,066,598 | ---- | M] () -- C:\Program Files\ReadMe.txt
[2004-04-29 19:01:54 | 000,959,370 | ---- | M] () -- C:\Program Files\treev32.zip
[2003-06-04 15:32:42 | 000,001,120 | ---- | M] () -- C:\Program Files\TreeView.txt

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006-11-02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006-11-02 10:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006-11-02 10:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006-11-02 10:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006-11-02 10:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2008-09-23 02:44:45 | 000,000,286 | -HS- | M] () -- C:\Users\Pedro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2010-11-09 20:12:17 | 053,123,856 | ---- | M] () -- C:\Users\Pedro\Desktop\avira_antivir_personal_en.exe
[2010-11-11 16:34:17 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro\Desktop\OTL.exe
[2010-10-28 18:47:54 | 082,090,552 | ---- | M] ( ) -- C:\Users\Pedro\Desktop\setup_9.0.0.722_28.10.2010_22-08 Kaspersky virus removal.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2008-09-25 09:44:50

< End of report >


About your questions: I use an Asus X53Sseries and I think I don't have a Vista disk because I don't remember of been given one when I bought the computer.

Thanks again for your help.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 11th, 2010, 1:38 pm

senshi,
-----------------------------------------------
Run Defence Inspector
Download the tool from this link: http://downloads.securitycadets.com/Def ... pector.exe
Once downloaded, double-click DefenceInspector to run it ( on Vista or Windows 7, please click Continue/Allow at the UAC prompt).
When presented with the option to begin the scan, please press any key to continue.
When DefenceInspector has finished scanning (this should not take longer than a minute or so), a log will appear.
Please post the entire contents of this log in your next reply.
-----------------------------------------------------------
Retrieve the List of Installed programs Using HJT
Open HijackThis, click Open The Misc Tools Section. Then scroll down the list if you need to, click Open Uninstall Manager and Save List...
The List of installed programs will automatically be saved as uninstall_list.txt in your HiJackThis folder.
In addition, the list opens in Notepad so you can also save as another name in another location if you wish.
Please paste the contents into your next reply.
-----------------------------------------------------
Let's check whether you have any infected files or settings.
This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.

Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 13th, 2010, 10:47 am

Hi askey127,

I can't run Defence Inspector. Everytime I open the file I receive an error saying (something like): "it is not possible to run the application because the side-by-side configuration is incorrect; check the event viewer for further information". I also tried in security mode but no luck.

Here is the Uninstall List from HiJackThis (as I told you previously Spybot and Vuze are on the list because of the system restore):

2007 Microsoft Office system
ABC Amber vCard Converter
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop CS3
Adobe Reader 8 - Português
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Software Update
ASUS Data Security Manager
ASUS InstantFun
ASUS Live Update
ASUS Splendid Video Enhancement Technology
Asus_Camera_ScreenSaver
ATK Generic Function Service
ATK Hotkey
ATK Media
ATKOSD2
Auto Gordian Knot 1.60
AVIMerIn Setup
AviSynth 2.5
BioEdit
CalcuSyn
ccc-Branding
CCleaner
CDBurnerXP
Check Point VPN-1 SecuRemote/SecureClient NGX R60 HFA2
Chinese Simplified Fonts Support For Adobe Reader 8
Cisco Systems VPN Client 5.0.04.0300
ClustalX2
Compressor WinRAR
ConvertXtoDVD 3.2.0.52
Direct Show Ogg Vorbis Filter (remove only)
DirectShow .SHN FIlter
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DVD Decrypter (Remove Only)
DVD Shrink 3.2
EndNote X2
ffdshow [rev 2202] [2008-10-10]
FIFA 09
FlowJo 7.5
Free CD to MP3 Converter
FreeKapture 2.00 - Freeware
GLOBOCAN 2002
Google Talk Plugin
HASP Emulator Professiaonal Edition V2.33 for Windows NT/W2K/XP
HiJackThis
HijackThis 1.99.1
HP Image Zone Express
hp print screen utility
ImageJ 1.41o
Indeo® Software
InfraRecorder
Intel® Turbo Memory and Intel® Matrix Storage Manager
InterVideo AVControlSDK
InterVideo DeviceService
ISI ResearchSoft - Export Helper
iSilo
Jalview
Java(TM) 6 Update 21
JMB36X Raid Configurer
K-Lite Codec Pack 4.1.7 (Full)
LifeFrame2
Malwarebytes' Anti-Malware
MediaCoder 0.6.1
MEGA 4
Microsoft Office Access MUI (English) 2007
Microsoft Office Access MUI (Portuguese (Portugal)) 2007
Microsoft Office Access MUI (Spanish) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Excel MUI (Portuguese (Portugal)) 2007
Microsoft Office Excel MUI (Spanish) 2007
Microsoft Office Groove MUI (Portuguese (Portugal)) 2007
Microsoft Office InfoPath MUI (Portuguese (Portugal)) 2007
Microsoft Office OneNote MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office Outlook MUI (Portuguese (Portugal)) 2007
Microsoft Office Outlook MUI (Spanish) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint MUI (Portuguese (Portugal)) 2007
Microsoft Office PowerPoint MUI (Spanish) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (Basque) 2007
Microsoft Office Proof (Catalan) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Galician) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Portuguese (Portugal)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing (Portuguese (Portugal)) 2007
Microsoft Office Proofing (Spanish) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Publisher MUI (Portuguese (Portugal)) 2007
Microsoft Office Publisher MUI (Spanish) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared MUI (Portuguese (Portugal)) 2007
Microsoft Office Shared MUI (Spanish) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office Word MUI (Portuguese (Portugal)) 2007
Microsoft Office Word MUI (Spanish) 2007
Microsoft Windows Media Video 9 VCM
Motorola SM56 Speakerphone Modem
Mozilla Firefox (3.6.10)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
NB Probe
Need for Speed Underground 2
neroxml
Open Video Capture version 1.1
PDF Settings
PENTAX Optio 50 Driver
Power4Gear eXtreme
PowerForPhone
PrimoPDF
Quantity One
Quick AVI MPEG Joiner v2.0
QuickTime
Realtek High Definition Audio Driver
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
SecureW2 EAP Suite 1.1.1 for Windows
Sequence_Analysis_Tools_Installer 0.3
SolveigMM AVI Trimmer
SPSS 13.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
StatView
Subtitle Workshop 2.51
SubtitleCreator
SUPERAntiSpyware
Synaptics Pointing Device Driver
TuneUp Utilities 2008
Unlocker 1.8.5
USB 2.0 1.3M UVC WebCam
UTAX TA Product Library
Vista Codec Package
VistaFeaturePack
Vuze
WaveCat 1.00
Winamp
WinFlash
WinMDI2.9
Wireless Console 2
WMV Converter 2.5
Xvid 1.1.3 final uninstall



I will now run the online scan from Kaspersky.

Thank you.
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby senshi » November 13th, 2010, 11:50 am

I also can't run Kaspersky... :(

Error: Update has failed The program could not be started. Please close the window of Kaspersky Online Scanner 7.0 and start the program again from the web site of Kaspersky Lab. Successful updating of Kaspersky Online Scanner 7.0 and scanning of your computer requires uninterrupted Internet connection. Please make sure that the Internet connection is established. [ERROR: License has expired]
senshi
Regular Member
 
Posts: 19
Joined: November 4th, 2010, 6:34 am

Re: Google redirections... Trojan.Win32.Patched.kl

Unread postby askey127 » November 14th, 2010, 9:10 am

senshi,
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Spybot Search & Destroy
Vuze

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
---------------------------------------------
Run CKScanner
Download CKScanner from HERE
Important - Save it to your desktop.
Right-Click CKScanner.exe, choose Run as administrator and click Search For Files.
After a couple minutes or less, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop, give permission if asked, and copy/paste the contents in your next reply.
-----------------------------------------------------------
Post a New HiJackThis Log
Start HijackThis (double-click in XP, or right-click and "Run as administrator" in Vista/Win7)
Click Do System Scan and Save a Log File.
When the Scan is complete, select the whole log (Ctrl +A), copy (Ctrl+C) and paste (Ctrl+V) the log contents into a reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 40 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware