Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Re-direct

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Re-direct

Unread postby crounauer » March 3rd, 2011, 7:24 pm

Hello,

I have a Fujitsu Amilo Pro laptop which my son uses for his school work etc. Just recently it started re-directing search queries on google to ad sites. It has progressively got worse and now I am unable to open either firefox or IE. It is able to connect to the network , although I have to do this by ethernet cable as the wireless doesn't work anymore (it used to before the problems). The laptop is also very, very slow. I am having to do this posting on my desktop as my laptop will not launch a browser.

Here are the log files

DDS (Ver_10-12-12.02) - NTFSx86
Run by simon at 23:10:59.93 on 03/03/2011
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.118 [GMT 0:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\Alwil Software\Avast5\avastUI.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\simon\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.gynogapod.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
mSearchAssistant = hxxp://www.google.com/ie
mWinlogon: Userinit=c:\windows\system32\userinit.exe,,c:\program files\epprctos\mvhemtxj.exe
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\simon\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\documents and settings\simon\start menu\programs\startup\mvhemtxj.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupda ... 2836625478
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 2837944199
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\simon\applic~1\mozilla\firefox\profiles\7k0xp609.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - PricesCompare Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: c:\documents and settings\simon\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\windows\downloaded program files\npsoe.dll
FF - Ext: British English Dictionary: en-GB@dictionaries.addons.mozilla.org - %profile%\extensions\en-GB@dictionaries.addons.mozilla.org
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: PricesCompare Community Toolbar: {2e564431-f9c1-45ba-a399-a46a424eeba2} - %profile%\extensions\{2e564431-f9c1-45ba-a399-a46a424eeba2}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-3-1 301528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-3-1 19544]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-1 40384]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [2006-6-29 5504]
S2 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\drivers\btwsp50.sys --> c:\windows\system32\drivers\BTWSp50.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-1 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2011-3-1 40384]

=============== Created Last 30 ================

2011-03-03 19:18:03 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-01 22:42:43 40648 ----a-w- c:\windows\avastSS.scr
2011-03-01 22:39:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
2011-03-01 22:21:38 -------- d-----w- c:\windows\pss
2011-03-01 18:37:01 -------- d-----w- c:\program files\epprctos
2011-02-21 17:47:57 -------- d-----w- C:\spoolerlogs
2011-02-20 21:51:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-20 21:51:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-02-20 21:31:42 -------- d--h--w- C:\$AVG
2011-02-20 14:17:57 -------- d-----w- c:\docume~1\simon\applic~1\AVG10
2011-02-20 14:11:31 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-02-20 13:50:42 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-20 13:50:41 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-02-20 13:47:29 -------- d-----w- c:\program files\AVG
2011-02-20 13:36:51 -------- d-----w- c:\program files\PC Tools Security
2011-02-20 13:32:17 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-19 20:46:57 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-02-19 20:46:55 -------- d-----w- c:\program files\Prevx
2011-02-19 20:46:43 -------- d-----w- c:\docume~1\alluse~1\applic~1\PrevxCSI
2011-02-19 20:41:35 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08:45 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe

=================== ROOTKIT ====================

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: ST96812AS rev.3.04 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3

device: opened successfully
user: MBR read successfully

Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x84D425DC]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x84d487b8]; MOV EAX, [0x84d48834]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x804EE130] -> \Device\Harddisk0\DR0[0x84D5D8B8]
3 CLASSPNP[0xF751EFD7] -> ntkrnlpa!IofCallDriver[0x804EE130] -> [0x84D79F18]
\Driver\atapi[0x84D6E480] -> IRP_MJ_CREATE -> 0x84D425DC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskST96812AS_______________________________3.04____#5&f3ab5ba&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x84D42422
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !

============= FINISH: 23:13:36.87 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 06/11/2006 17:33:08
System Uptime: 03/03/2011 21:49:23 (2 hours ago)

Motherboard: FUJITSU SIEMENS | | AMILO PRO V2055
Processor: Intel(R) Celeron(R) M CPU 410 @ 1.46GHz | mPGA 479M | 1474/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 56 GiB total, 4.281 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
I: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP220: 09/02/2011 22:36:57 - Software Distribution Service 3.0
RP221: 12/02/2011 11:33:49 - System Checkpoint
RP222: 13/02/2011 12:42:40 - System Checkpoint
RP223: 14/02/2011 20:21:30 - System Checkpoint
RP224: 15/02/2011 20:51:44 - System Checkpoint
RP225: 17/02/2011 19:28:46 - System Checkpoint
RP226: 18/02/2011 22:00:17 - System Checkpoint
RP227: 19/02/2011 20:13:42 - Removed BT Connection Manager
RP228: 19/02/2011 20:15:17 - Removed Apple Mobile Device Support
RP229: 19/02/2011 20:16:04 - Removed Apple Software Update
RP230: 19/02/2011 20:17:06 - Removed Google Earth.
RP231: 19/02/2011 20:19:13 - Removed iTunes
RP232: 19/02/2011 20:20:48 - Removed Bonjour
RP233: 19/02/2011 20:23:01 - Removed Microsoft Office XP Professional with FrontPage
RP234: 19/02/2011 20:27:11 - Removed Windows Live Messenger
RP235: 19/02/2011 20:27:34 - Removed Windows Live Sign-in Assistant
RP236: 20/02/2011 13:45:43 - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP237: 20/02/2011 13:47:22 - Installed AVG 2011
RP238: 22/02/2011 20:34:52 - System Checkpoint
RP239: 24/02/2011 18:45:19 - System Checkpoint
RP240: 25/02/2011 19:06:02 - System Checkpoint
RP241: 26/02/2011 19:59:06 - System Checkpoint
RP242: 01/03/2011 22:39:31 - avast! Free Antivirus Setup
RP243: 03/03/2011 21:51:49 - Restore Operation

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Reader 7.0.9
Adobe Shockwave Player 11.5
avast! Free Antivirus
AVG 2011
DivX Content Uploader
DivX Web Player
ERUNT 1.1j
High Definition Audio Driver Package - KB888111
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1
LEGO Chess
Luxor Adventures
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.6.13)
Nero Suite
OGA Notifier 2.0.0048.0
QuickTime
Reader Rabbit's Preschool
Reader Rabbit 1
RealPlayer
Realtek AC'97 Audio
Secret Files 2 - Puritas Cordis
Secret Files Tunguska
Secret Files Tunguska Update
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SpellingFORCE v2.0
Spybot - Search & Destroy
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIA Rhine-Family Fast Ethernet Adapter
VLC media player 1.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

02/03/2011 01:37:08, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\triedit\triedit.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.1.0.9246.
01/03/2011 22:54:46, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
01/03/2011 22:43:35, error: Service Control Manager [7000] - The PC Tools Security Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/03/2011 22:43:34, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the PC Tools Security Service service to connect.
01/03/2011 22:42:33, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 2 time(s).
01/03/2011 22:36:16, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
01/03/2011 22:09:06, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Java Quick Starter service to connect.
01/03/2011 22:09:06, error: Service Control Manager [7000] - The Java Quick Starter service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
01/03/2011 22:09:06, error: Service Control Manager [7000] - The BTWSp50 NDIS Protocol Driver service failed to start due to the following error: The system cannot find the file specified.
01/03/2011 21:50:10, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
01/03/2011 20:13:56, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 Fips intelppm
01/03/2011 20:08:28, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
01/03/2011 19:47:31, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: Access is denied.
01/03/2011 19:43:21, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\wab.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.6040.
01/03/2011 19:43:18, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\outlook express\msoe.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 6.0.2900.5931.
01/03/2011 19:41:56, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\movie maker\moviemk.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 2.1.4028.0.
01/03/2011 19:31:40, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\iedw.exe. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.11.
01/03/2011 19:31:39, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\internet explorer\hmmapi.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.5730.11.
01/03/2011 19:28:34, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadco.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
01/03/2011 19:28:33, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\msadc\msadce.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3002.0.
01/03/2011 19:28:31, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msjro.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
01/03/2011 19:28:31, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadox.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
01/03/2011 19:28:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msadomd.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
01/03/2011 19:28:30, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\system\ado\msado15.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 2.81.3012.0.
01/03/2011 19:27:07, information: Windows File Protection [64002] - File replacement was attempted on the protected system file c:\program files\common files\microsoft shared\vgx\vgx.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 7.0.6000.20628.
01/03/2011 18:42:52, error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
01/03/2011 18:42:52, error: Service Control Manager [7031] - The AVG WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.

==== End Of File ===========================

Thanks in advance,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm
Advertisement
Register to Remove

Re: Search Engine Re-direct

Unread postby askey127 » March 3rd, 2011, 7:46 pm

Hi crounauer,
It is not clear that this system can be saved with online methods without re-installing Windows from scratch.
-----------------------------------------------------------
Remove Programs Using Control Panel
From Start, Settings, Control Panel or Start, Control Panel, click Add/Remove Programs.
Highlight each Entry, as follows, one by one, if it exists, and choose Remove :

Adobe Reader 7.0.9
AVG 2011
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Java(TM) 6 Update 17
Java(TM) 6 Update 2
Java(TM) SE Runtime Environment 6 Update 1

Take extra care in answering questions posed by any Uninstaller.
If the Spybot Uninstaller asks whether you want to remove all files and settings, answer YES. If it reports that it cannot remove all files, that's OK.

--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 5:27 am

Hi askey127,

Thank you for your help.

Java(TM) 6 update 17 produced a fatal error and didn't uninstall
Java(TM) 6 update 2 produced a fatal error and didn't uninstall
Java(TM) SE runtime enviroment 6 update 1 produced a fatal error and didn't uninstall

While I was removing JSE Runtime Enviroment 5.0 update 7, Avast found a rootkits with filename
=> MBR:// physicaldrive0
=> //. physicaldrive0 mbr:tdl4

I removed them using avast.

Everything else was removed.

2011/03/04 09:20:06.0421 0216 TDSS rootkit removing tool 2.4.20.0 Mar 2 2011 10:44:30
2011/03/04 09:20:06.0734 0216 ================================================================================
2011/03/04 09:20:06.0734 0216 SystemInfo:
2011/03/04 09:20:06.0734 0216
2011/03/04 09:20:06.0734 0216 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/04 09:20:06.0734 0216 Product type: Workstation
2011/03/04 09:20:06.0734 0216 ComputerName: SHEEBA
2011/03/04 09:20:06.0734 0216 UserName: simon
2011/03/04 09:20:06.0734 0216 Windows directory: C:\WINDOWS
2011/03/04 09:20:06.0734 0216 System windows directory: C:\WINDOWS
2011/03/04 09:20:06.0734 0216 Processor architecture: Intel x86
2011/03/04 09:20:06.0734 0216 Number of processors: 1
2011/03/04 09:20:06.0734 0216 Page size: 0x1000
2011/03/04 09:20:06.0734 0216 Boot type: Normal boot
2011/03/04 09:20:06.0734 0216 ================================================================================
2011/03/04 09:20:08.0234 0216 Initialize success
2011/03/04 09:20:11.0890 0572 ================================================================================
2011/03/04 09:20:11.0890 0572 Scan started
2011/03/04 09:20:11.0890 0572 Mode: Manual;
2011/03/04 09:20:11.0890 0572 ================================================================================
2011/03/04 09:20:13.0687 0572 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/04 09:20:13.0953 0572 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/03/04 09:20:14.0015 0572 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/04 09:20:14.0093 0572 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/04 09:20:14.0125 0572 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/03/04 09:20:14.0203 0572 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/04 09:20:14.0296 0572 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/04 09:20:14.0390 0572 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/03/04 09:20:14.0453 0572 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/03/04 09:20:14.0531 0572 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/03/04 09:20:14.0578 0572 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/03/04 09:20:14.0796 0572 ALCXWDM (a8407775e1b64057418781481b202930) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/04 09:20:15.0031 0572 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/03/04 09:20:15.0078 0572 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/03/04 09:20:15.0109 0572 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/03/04 09:20:15.0187 0572 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/03/04 09:20:15.0250 0572 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/03/04 09:20:15.0296 0572 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/03/04 09:20:15.0359 0572 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/03/04 09:20:15.0437 0572 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/03/04 09:20:15.0656 0572 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/04 09:20:15.0828 0572 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/04 09:20:15.0984 0572 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/04 09:20:16.0234 0572 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/04 09:20:16.0406 0572 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/04 09:20:16.0562 0572 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/04 09:20:16.0609 0572 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/04 09:20:16.0812 0572 atksgt (751c250affd10d54221027d07c9f4304) C:\WINDOWS\system32\DRIVERS\atksgt.sys
2011/03/04 09:20:16.0921 0572 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/04 09:20:17.0015 0572 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/04 09:20:17.0171 0572 AVGIDSDriver (0c61f066f4d94bd67063dc6691935143) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/03/04 09:20:17.0218 0572 AVGIDSEH (84853f800cd69252c3c764fe50d0346f) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/03/04 09:20:17.0265 0572 AVGIDSFilter (28d6adcd03e10f3838488b9b5d407dd4) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/03/04 09:20:17.0421 0572 AVGIDSShim (0eb16f4dbbb946360af30d2b13a52d1d) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/03/04 09:20:17.0531 0572 Avgldx86 (5fe5a2c2330c376a1d8dcff8d2680a2d) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/03/04 09:20:17.0593 0572 Avgmfx86 (54f1a9b4c9b540c2d8ac4baa171696b1) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/03/04 09:20:17.0625 0572 Avgrkx86 (8da3b77993c5f354cc2977b7ea06d03a) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/03/04 09:20:17.0718 0572 Avgtdix (660788ec46f10ece80274d564fa8b4aa) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/03/04 09:20:17.0828 0572 BCM43XX (e7debb46b9ef1f28932e533be4a3d1a9) C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
2011/03/04 09:20:17.0921 0572 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/04 09:20:18.0015 0572 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/03/04 09:20:18.0046 0572 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/04 09:20:18.0109 0572 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/03/04 09:20:18.0156 0572 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/04 09:20:18.0234 0572 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/04 09:20:18.0312 0572 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/04 09:20:18.0406 0572 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/04 09:20:18.0437 0572 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/03/04 09:20:18.0500 0572 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/04 09:20:18.0562 0572 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/03/04 09:20:18.0656 0572 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/03/04 09:20:18.0703 0572 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/03/04 09:20:18.0796 0572 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/04 09:20:18.0906 0572 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/04 09:20:19.0015 0572 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/04 09:20:19.0062 0572 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/04 09:20:19.0140 0572 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/04 09:20:19.0203 0572 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/03/04 09:20:19.0234 0572 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/04 09:20:19.0328 0572 EKBfltr (74f17da54cec320e3eab105b73234534) C:\WINDOWS\system32\DRIVERS\EKBfltr.sys
2011/03/04 09:20:19.0437 0572 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/04 09:20:19.0500 0572 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/04 09:20:19.0578 0572 FETND5BV (7d53d569892b46738e87f39c9aa8488a) C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys
2011/03/04 09:20:19.0640 0572 FETNDIS (e9648254056bce81a85380c0c3647dc4) C:\WINDOWS\system32\DRIVERS\fetnd5.sys
2011/03/04 09:20:19.0687 0572 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/04 09:20:19.0921 0572 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/04 09:20:19.0984 0572 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/04 09:20:20.0062 0572 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/04 09:20:20.0125 0572 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/04 09:20:20.0250 0572 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/04 09:20:20.0328 0572 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/04 09:20:20.0468 0572 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/03/04 09:20:20.0515 0572 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/04 09:20:20.0734 0572 hwdatacard (4a77f036f7234ed24351ac486d2a29b9) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/03/04 09:20:20.0890 0572 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/03/04 09:20:20.0953 0572 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/03/04 09:20:21.0046 0572 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/04 09:20:21.0140 0572 iaStor (309c4d86d989fb1fcf64bd30dc81c51b) C:\WINDOWS\system32\DRIVERS\iaStor.sys
2011/03/04 09:20:21.0218 0572 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/04 09:20:21.0265 0572 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/03/04 09:20:21.0328 0572 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/03/04 09:20:21.0375 0572 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/04 09:20:21.0453 0572 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/04 09:20:21.0484 0572 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/04 09:20:21.0531 0572 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/04 09:20:21.0578 0572 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/04 09:20:21.0640 0572 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/04 09:20:21.0687 0572 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/04 09:20:21.0843 0572 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/04 09:20:21.0890 0572 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/04 09:20:22.0000 0572 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/04 09:20:22.0062 0572 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/04 09:20:22.0234 0572 lirsgt (975b6cf65f44e95883f3855bae8cecaf) C:\WINDOWS\system32\DRIVERS\lirsgt.sys
2011/03/04 09:20:22.0328 0572 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/04 09:20:22.0437 0572 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/04 09:20:22.0468 0572 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/04 09:20:22.0546 0572 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/04 09:20:22.0609 0572 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/04 09:20:22.0750 0572 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/03/04 09:20:22.0796 0572 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/04 09:20:22.0906 0572 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/04 09:20:23.0000 0572 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/04 09:20:23.0031 0572 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/04 09:20:23.0078 0572 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/04 09:20:23.0140 0572 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/04 09:20:23.0203 0572 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/04 09:20:23.0250 0572 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/04 09:20:23.0500 0572 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/04 09:20:23.0578 0572 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/04 09:20:23.0625 0572 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/04 09:20:23.0687 0572 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/04 09:20:23.0875 0572 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/04 09:20:23.0937 0572 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/04 09:20:24.0015 0572 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/04 09:20:24.0109 0572 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/04 09:20:24.0171 0572 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/04 09:20:24.0281 0572 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/04 09:20:24.0343 0572 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/04 09:20:24.0406 0572 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/04 09:20:24.0562 0572 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/04 09:20:24.0593 0572 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/04 09:20:24.0734 0572 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/04 09:20:24.0828 0572 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/04 09:20:24.0984 0572 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/04 09:20:25.0046 0572 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/03/04 09:20:25.0296 0572 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/03/04 09:20:25.0328 0572 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/03/04 09:20:25.0453 0572 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/04 09:20:25.0515 0572 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/04 09:20:25.0546 0572 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/04 09:20:25.0625 0572 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/04 09:20:25.0671 0572 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/03/04 09:20:25.0718 0572 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/03/04 09:20:25.0750 0572 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/03/04 09:20:25.0812 0572 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/03/04 09:20:25.0843 0572 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/03/04 09:20:25.0984 0572 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/04 09:20:26.0046 0572 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/04 09:20:26.0093 0572 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/04 09:20:26.0140 0572 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/04 09:20:26.0203 0572 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/04 09:20:26.0250 0572 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/04 09:20:26.0406 0572 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/04 09:20:26.0531 0572 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/04 09:20:26.0593 0572 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/04 09:20:26.0718 0572 S3SavageNB (0dbcc071a268e0340a2ba6bdd98bace4) C:\WINDOWS\system32\DRIVERS\s3gnbm.sys
2011/03/04 09:20:26.0843 0572 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/04 09:20:26.0906 0572 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/04 09:20:26.0953 0572 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/03/04 09:20:27.0234 0572 smserial (0eb62cdf4168c49e7568fd544f05d0f1) C:\WINDOWS\system32\DRIVERS\smserial.sys
2011/03/04 09:20:27.0406 0572 SONYPVU1 (a1eceeaa5c5e74b2499eb51d38185b84) C:\WINDOWS\system32\DRIVERS\SONYPVU1.SYS
2011/03/04 09:20:27.0484 0572 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/03/04 09:20:27.0593 0572 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/04 09:20:27.0656 0572 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/04 09:20:27.0765 0572 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/04 09:20:27.0984 0572 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/04 09:20:28.0062 0572 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/04 09:20:28.0156 0572 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/03/04 09:20:28.0218 0572 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/03/04 09:20:28.0250 0572 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/03/04 09:20:28.0296 0572 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/03/04 09:20:28.0375 0572 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/04 09:20:28.0468 0572 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/04 09:20:28.0546 0572 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/04 09:20:28.0578 0572 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/04 09:20:28.0625 0572 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/04 09:20:28.0718 0572 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/03/04 09:20:28.0812 0572 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/04 09:20:28.0843 0572 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/04 09:20:28.0937 0572 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/03/04 09:20:29.0140 0572 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/04 09:20:29.0328 0572 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/04 09:20:29.0390 0572 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/04 09:20:29.0453 0572 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/04 09:20:29.0515 0572 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/04 09:20:29.0546 0572 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/04 09:20:29.0593 0572 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/04 09:20:29.0828 0572 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/03/04 09:20:29.0890 0572 viaagp1 (4b039bbd037b01f5db5a144c837f283a) C:\WINDOWS\system32\DRIVERS\viaagp1.sys
2011/03/04 09:20:29.0968 0572 viagfx (5dbffb9a41da40c8d77c5cdeb98a55b8) C:\WINDOWS\system32\DRIVERS\vtmini.sys
2011/03/04 09:20:30.0078 0572 ViaIde (a5d8b6c8d43786d4215c1df6fab0aae0) C:\WINDOWS\system32\DRIVERS\viaidexp.sys
2011/03/04 09:20:30.0140 0572 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/04 09:20:30.0265 0572 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/04 09:20:30.0390 0572 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/04 09:20:30.0578 0572 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/03/04 09:20:30.0687 0572 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/04 09:20:30.0718 0572 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/04 09:20:30.0843 0572 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/03/04 09:20:30.0890 0572 ================================================================================
2011/03/04 09:20:30.0890 0572 Scan finished
2011/03/04 09:20:30.0890 0572 ================================================================================
2011/03/04 09:20:30.0921 4064 Detected object count: 1
2011/03/04 09:20:44.0968 4064 \HardDisk0 - will be cured after reboot
2011/03/04 09:20:44.0968 4064 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/03/04 09:21:18.0312 0208 Deinitialize success

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby askey127 » March 4th, 2011, 6:41 am

crounauer,
There may be a lot of corrupted Windows XP System files and it may not be feasible to "fix" them.
I would suggest making sure you have any critical data backed up.
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to your Internet activities, you should assume that any data on the machine may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.

Don't use the infected machine to make the changes.

----------------------------------------------
You can download the free version of Revo Uninstaller from HERE (Scroll down)
I would install it, and attempt to use it to Uninstall the offending programs.
You can ignore/close the Update pitch that pops up when you start the program.
You can also get a portable version (no installation required) in a zip file format from one of these sites: ONE or TWO
Start Revo and Highlight the following item, then click the Uninstall icon in the middle of the Menu bar.
Java(TM) SE runtime enviroment 6 update 1
When the Mode dialog comes up, choose Moderate
When it finishes, repeat the process for these other program(s)
Java(TM) 6 update 17
Java(TM) 6 update 2

Revo will succeed many times when regular methods fail.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system. Your antivirus software may warn you about the file.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • DISABLE AVAST
    Right click on the avast! icon in system tray (looks like this: Image) and choose (Stop On-Access Protection)
    Avast On-Access Protection is now disabled.
    Reverse the procedure to re-enable the On-Access Protection.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 8:17 am

Hi askey127,

I uninstalled everything you asked for and then ran Combofix as instructed. It then said that I have to uninstall AVG before it can continue, which I did. It said that I had to reboot to finish some of the installation processes, so I did.

I tried to run ComboFix, but again it said that I had to uninstall AVG. When I look in c:/Program Files there is still a folder called AVG.

Can the remnants of this AVG insallation be removed somehow?

I checked but there was no log file at C:\ComboFix.txt

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby askey127 » March 4th, 2011, 8:28 am

Please go ahead and delete the AVG folder under C:\Program Files\
If that doesn't allow CF to run, let me know and we can search for and remove the Application Data folder as well.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 8:40 am

Hi Askey127,

I had to launch task manager and kill 2 AVG processes which were running for some reason. Once I had done that I was able to delete the AVG folder. It is still saying that AVG 2011 is running. I did reboot after deleting the AVG folder and again launched the task manager to ensure that there were no avg processes running.

ComboFix is still detecting that AVG 2011 is running.

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 10:03 am

Hi askey127,

I rebooted again and the problem disappeared - Combofix is busy running. I will post the log once it is finished.

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 10:16 am

Hi Askey127,

Here is the Combofix log

ComboFix 11-03-03.04 - simon 04/03/2011 13:45:51.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.446.109 [GMT 0:00]
Running from: c:\documents and settings\simon\Desktop\zzz.exe.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\simon\Recent\Thumbs.db
c:\documents and settings\simon\spooldr.ini
C:\mydnswatch
c:\mydnswatch\config.bin
c:\program files\Java
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JavaQuickStarterService
-------\Service_JavaQuickStarterService


((((((((((((((((((((((((( Files Created from 2011-02-04 to 2011-03-04 )))))))))))))))))))))))))))))))
.

2011-03-04 11:31 . 2011-03-04 11:31 -------- d-----w- c:\program files\VS Revo Group
2011-03-03 22:47 . 2011-03-04 12:38 -------- d-----w- c:\program files\ERUNT
2011-03-03 19:18 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-01 22:49 . 2011-02-23 14:54 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-03-01 22:49 . 2011-02-23 14:56 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-03-01 22:49 . 2011-02-23 14:55 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-03-01 22:49 . 2011-02-23 14:55 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-03-01 22:49 . 2011-02-23 14:55 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-03-01 22:49 . 2011-02-23 14:55 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-03-01 22:49 . 2011-02-23 14:54 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-03-01 22:42 . 2011-02-23 15:04 40648 ----a-w- c:\windows\avastSS.scr
2011-03-01 22:42 . 2011-02-23 15:04 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-03-01 22:39 . 2011-03-01 22:39 -------- d-----w- c:\program files\Alwil Software
2011-03-01 22:39 . 2011-03-01 22:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2011-03-01 20:08 . 2011-03-01 20:08 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2011-03-01 18:37 . 2011-03-04 14:00 -------- d-----w- c:\program files\epprctos
2011-02-21 17:47 . 2011-02-21 17:47 -------- d-----w- C:\spoolerlogs
2011-02-20 21:51 . 2011-02-21 16:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-02-20 21:51 . 2011-02-21 15:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-02-20 21:31 . 2011-02-20 21:31 -------- d-----w- C:\$AVG
2011-02-20 14:11 . 2011-02-20 14:11 -------- d--h--w- c:\documents and settings\All Users\Application Data\Common Files
2011-02-20 13:50 . 2011-03-01 16:17 -------- d-----w- c:\windows\system32\drivers\AVG
2011-02-20 13:50 . 2011-03-01 21:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG10
2011-02-20 13:40 . 2011-02-20 13:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2011-02-20 13:36 . 2011-03-03 21:47 -------- d-----w- c:\program files\PC Tools Security
2011-02-20 13:32 . 2011-03-03 21:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-19 20:46 . 2011-02-19 20:46 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-02-19 20:46 . 2011-02-19 20:46 -------- d-----w- c:\program files\Prevx
2011-02-19 20:46 . 2011-02-19 20:47 -------- d-----w- c:\documents and settings\All Users\Application Data\PrevxCSI
2011-02-19 20:41 . 2011-02-20 13:48 -------- d-----w- c:\documents and settings\All Users\Application Data\MFAData

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2006-01-30 17:59 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2006-01-30 17:58 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2006-01-30 17:59 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2006-01-30 17:59 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:08 . 2006-01-30 17:59 832512 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08 . 2006-01-30 17:59 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08 . 2006-01-30 17:59 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08 . 2006-01-30 17:58 17408 ----a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26 . 2006-01-30 17:59 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55 . 2006-01-30 17:59 389120 ----a-w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2006-01-30 17:59 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2006-01-30 17:58 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2006-01-30 17:59 2192768 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2004-08-03 22:59 2069376 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-08 04:12 . 2010-12-08 04:12 251728 ----a-w- c:\windows\system32\drivers\avgldx86.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2010-09-07 16:13 81072 ------w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-09-07 2838912]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\simon\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 186310]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="c:\windows\system32\userinit.exe,,c:\program files\epprctos\mvhemtxj.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart

[HKLM\~\startupfolder\C:^Documents and Settings^simon^Start Menu^Programs^Startup^mvhemtxj.exe]
path=c:\documents and settings\simon\Start Menu\Programs\Startup\mvhemtxj.exe
backup=c:\windows\pss\mvhemtxj.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 09:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
2006-03-01 14:22 577536 ----a-w- c:\windows\SOUNDMAN.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 16:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2008-10-20 18:13 185896 ------w- c:\program files\Common Files\Real\Update_OB\realsched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
2005-03-08 01:33 53248 ----a-w- c:\windows\system32\VTTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
2005-11-01 02:15 163840 ----a-w- c:\windows\system32\VTTrayp.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [13/09/2010 15:27 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [07/09/2010 03:48 26064]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [01/03/2011 22:49 301528]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [08/12/2010 04:12 251728]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [12/11/2010 13:19 299984]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [01/03/2011 22:49 19544]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [03/08/2010 15:23 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [03/08/2010 15:23 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [03/08/2010 15:23 26192]
R3 EKBfltr;ENE Keyboard Controller;c:\windows\system32\drivers\EKBfltr.sys [29/06/2006 14:18 5504]
S2 AVGIDSAgent;AVGIDSAgent;"c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe" --> c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [?]
S2 avgwd;AVG WatchDog;"c:\program files\AVG\AVG10\avgwdsvc.exe" --> c:\program files\AVG\AVG10\avgwdsvc.exe [?]
S2 BTWSp50;BTWSp50 NDIS Protocol Driver;c:\windows\system32\Drivers\BTWSp50.sys --> c:\windows\system32\Drivers\BTWSp50.sys [?]
S2 gupdate;Google Update Service (gupdate);"c:\program files\Google\Update\GoogleUpdate.exe" /svc --> c:\program files\Google\Update\GoogleUpdate.exe [?]
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\Install.job
- c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2010-04-25 13:29]

2011-03-04 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 14:07]

2011-03-03 c:\windows\Tasks\User_Feed_Synchronization-{11DDA160-4F8B-49BC-A2CC-1112E9F3C43E}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 12:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.gynogapod.co.uk/
uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} - hxxp://launch.soe.com/plugin/web/SOEWebInstaller.cab
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-AVG_TRAY - c:\program files\AVG\AVG10\avgtray.exe
MSConfigStartUp-SMSERIAL - sm56hlpr.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
AddRemove-lslwin.exe - c:\tlcwin\PRESCH\uninstal\DeIsL1.isu
AddRemove-Nero - Burning Rom!UninstallKey - c:\program files\Ahead\nero\uninstall\UNNERO.exe
AddRemove-NeroMultiInstaller!UninstallKey - c:\program files\Common Files\Nero\Uninstall\Setupx.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe


.
**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-04 14:00
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwQueryDirectoryFile

scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.

c:\documents and settings\simon\Start Menu\Programs\Startup\mvhemtxj.exe 144269 bytes executable

scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(612)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
.
**************************************************************************
.
Completion time: 2011-03-04 14:04:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-04 14:04
.
Pre-Run: 9,300,291,584 bytes free
Post-Run: 10,362,212,352 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E79A79B8775EF883BBE3DE28379AE46C

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby askey127 » March 4th, 2011, 3:14 pm

crounauer,
---------------------------------------------
Run a Scan with OTL
Please download OTL.exe by OldTimer and save it to your desktop.
  • Double click on the icon to run it.
  • Make sure all other windows are closed to let it run uninterrupted.
  • Copy the text from the code box below and paste it into the Custom Scans/Fixes box. Do not copy the word "Code:"
    Code: Select all
    netsvcs
    drivers32 
    %SYSTEMDRIVE%\*.*
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe 
    userinit.exe
    sfc.dll   
    /md5stop
    
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 4:01 pm

Hi Askey127,

Here is OTL.txt

OTL logfile created on: 04/03/2011 19:47:55 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\simon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.00 Mb Total Physical Memory | 87.00 Mb Available Physical Memory | 19.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.51 Gb Free Space | 17.02% Space Free | Partition Type: NTFS
Drive F: | 499.41 Mb Total Space | 365.28 Mb Free Space | 73.14% Space Free | Partition Type: FAT

Computer Name: SHEEBA | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 19:35:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 19:35:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - File not found [Auto | Stopped] -- -- (avgwd)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/10/30 19:05:02 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/30 19:04:45 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2007/08/08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/03/31 11:38:48 | 003,960,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/11 18:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/14 14:22:54 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)
DRV - [2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2003/07/01 18:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/10/18 09:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys -- (ViaIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gynogapod.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: "PricesCompare Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465674&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "PricesCompare Customized Web Search"
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2e564431-f9c1-45ba-a399-a46a424eeba2}:3.2.3.3
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\

[2010/04/11 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\simon\Application Data\Mozilla\Extensions
[2011/02/28 22:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions
[2010/12/06 21:40:18 | 000,000,000 | ---D | M] (PricesCompare Community Toolbar) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\{2e564431-f9c1-45ba-a399-a46a424eeba2}
[2010/12/20 15:11:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/10 08:10:51 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/02/10 08:11:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\engine@conduit.com
[2011/02/03 20:47:21 | 000,000,000 | ---D | M] (SEMToolbar) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\semtoolbar@bruceclay.com
[2010/11/02 19:02:18 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\searchplugins\conduit.xml

O1 HOSTS File: ([2011/03/04 13:59:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2836625478 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2837944199 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\epprctos\mvhemtxj.exe) - C:\Program Files\epprctos\mvhemtxj.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/30 19:16:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/04 19:48:08 | 000,000,003 | RHS- | M] () - F:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/04 19:37:55 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
[2011/03/04 14:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/04 13:41:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/04 13:30:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/04 13:30:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/04 13:30:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/04 13:30:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/04 11:54:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/04 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/04 11:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\simon\Start Menu\Programs\Revo Uninstaller
[2011/03/04 09:16:22 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\simon\Desktop\tdsskiller.exe
[2011/03/03 22:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/03 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/03 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/03 19:18:03 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/01 22:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/01 22:49:49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/01 22:49:42 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/01 22:49:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/01 22:49:23 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/01 22:49:07 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/01 22:49:06 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/01 22:49:01 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/01 22:42:43 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/01 22:42:42 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/01 22:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/03/01 22:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/01 22:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/01 20:12:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/01 18:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\epprctos
[2011/02/21 17:47:57 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/02/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/20 21:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/20 21:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/20 21:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/20 21:31:42 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/02/20 14:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/20 13:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/20 13:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/20 13:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/20 13:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/20 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/02/20 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/19 20:46:57 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/02/19 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/02/19 20:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/02/19 20:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/19 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/02/19 19:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/19 19:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\simon\My Documents\*.tmp files -> C:\Documents and Settings\simon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/04 19:35:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{11DDA160-4F8B-49BC-A2CC-1112E9F3C43E}.job
[2011/03/04 19:35:22 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
[2011/03/04 19:33:56 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/04 19:33:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/03/04 19:32:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/04 19:32:44 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/04 13:59:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/04 13:41:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/04 11:50:08 | 004,280,109 | R--- | M] () -- C:\Documents and Settings\simon\Desktop\zzz.exe.exe
[2011/03/04 11:31:53 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\Revo Uninstaller.lnk
[2011/03/04 09:02:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/04 08:57:20 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\simon\Desktop\tdsskiller.exe
[2011/03/03 23:04:28 | 000,771,534 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\dds.scr
[2011/03/03 22:53:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\simon\defogger_reenable
[2011/03/03 22:47:26 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/03 22:47:23 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\NTREGOPT.lnk
[2011/03/03 22:47:23 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\ERUNT.lnk
[2011/03/03 19:18:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/03 19:10:52 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/03 19:10:52 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/03 19:09:21 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/01 16:16:02 | 107,481,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 15:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 14:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/20 21:51:42 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/20 14:47:48 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/20 14:04:20 | 000,700,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/19 20:46:57 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/02/19 20:46:43 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/02/16 18:43:52 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/10 08:09:31 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\Documents and Settings\simon\My Documents\*.tmp files -> C:\Documents and Settings\simon\My Documents\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 13:41:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/04 13:41:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/04 13:30:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/04 13:30:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/04 13:30:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/04 13:30:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/04 13:30:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/04 11:52:47 | 004,280,109 | R--- | C] () -- C:\Documents and Settings\simon\Desktop\zzz.exe.exe
[2011/03/04 11:31:53 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\Revo Uninstaller.lnk
[2011/03/03 23:10:17 | 000,771,534 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\dds.scr
[2011/03/03 22:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\simon\defogger_reenable
[2011/03/03 22:47:26 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/03 22:47:23 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\NTREGOPT.lnk
[2011/03/03 22:47:23 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\ERUNT.lnk
[2011/03/03 21:28:23 | 467,841,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/03 19:09:21 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/03 19:09:18 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\simon\Start Menu\Programs\Internet Explorer.lnk
[2011/03/01 16:16:02 | 107,481,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/20 21:51:42 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/20 13:37:30 | 000,700,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/19 20:46:43 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/24 16:55:43 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/10/24 16:55:42 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/05/22 10:31:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/09/07 14:01:43 | 000,001,045 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2008/09/03 18:13:29 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/03 18:13:29 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/01/26 22:39:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/01/17 17:39:42 | 000,000,623 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2007/08/18 08:18:40 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/02 21:25:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/01 17:05:55 | 000,000,212 | ---- | C] () -- C:\WINDOWS\rr.dat
[2007/05/30 18:59:16 | 000,000,224 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/05/20 09:09:47 | 000,000,048 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2007/04/25 20:17:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/04/02 13:46:09 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/30 17:10:13 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 20:40:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/11 22:54:23 | 000,001,436 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/06 18:37:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/28 09:12:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/28 09:11:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/28 09:11:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/01/30 19:38:38 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/30 19:20:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/30 19:13:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/30 19:07:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/30 19:06:54 | 000,109,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/30 18:00:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/30 17:59:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/30 17:59:25 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/30 17:59:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/30 17:59:25 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/30 17:59:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/30 17:59:24 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/30 17:59:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/30 17:59:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/30 17:59:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/30 17:59:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/30 17:59:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/30 17:58:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/03/01 22:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/20 16:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2011/03/01 21:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/12/03 16:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/02/20 14:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/11/06 18:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/20 13:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/20 16:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/19 20:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/08/16 14:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2011/03/02 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/20 21:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Axepi
[2009/08/16 14:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\BT Connection Manager
[2011/02/20 13:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Covyab
[2011/02/24 21:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Cyykq
[2011/02/24 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Edix
[2011/02/19 20:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Sony Online Entertainment
[2010/04/25 16:29:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2011/03/04 19:33:25 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/03/04 19:35:36 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{11DDA160-4F8B-49BC-A2CC-1112E9F3C43E}.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2006/01/30 19:16:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/11/11 22:39:39 | 012,288,463 | ---- | M] () -- C:\AVG7QT.DAT
[2011/03/04 09:02:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/04 13:41:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/03/04 14:04:45 | 000,012,999 | ---- | M] () -- C:\ComboFix.txt
[2006/01/30 19:16:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/04 19:32:44 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2006/09/28 09:11:37 | 000,004,833 | ---- | M] () -- C:\Install.LOG
[2006/01/30 19:16:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/09/14 19:50:15 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2006/09/28 09:11:43 | 000,008,887 | ---- | M] () -- C:\Lang.txt
[2006/01/30 19:16:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/01/04 11:49:27 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/04 19:32:43 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2007/06/01 20:04:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2007/06/01 20:04:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2011/03/04 09:21:18 | 000,049,276 | ---- | M] () -- C:\TDSSKiller.2.4.20.0_04.03.2011_09.20.06_log.txt


< MD5 for: EXPLORER.EXE >
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ERDNT\cache\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2007/06/13 11:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 10:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2004/08/04 12:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: SFC.DLL >
[2008/04/14 00:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\ERDNT\cache\sfc.dll
[2008/04/14 00:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\ServicePackFiles\i386\sfc.dll
[2008/04/14 00:12:05 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=96E1C926F22EE1BFBAE82901A35F6BF3 -- C:\WINDOWS\system32\sfc.dll
[2004/08/04 12:00:00 | 000,005,120 | ---- | M] (Microsoft Corporation) MD5=E8A12A12EA9088B4327D49EDCA3ADD3E -- C:\WINDOWS\$NtServicePackUninstall$\sfc.dll

< MD5 for: USERINIT.EXE >
[2004/08/04 12:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ERDNT\cache\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 00:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 12:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ERDNT\cache\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 00:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

< End of report >
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby crounauer » March 4th, 2011, 4:03 pm

and Extras.txt

OTL Extras logfile created on: 04/03/2011 19:41:29 - Run 1
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\simon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.00 Mb Total Physical Memory | 90.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 71.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 9.53 Gb Free Space | 17.05% Space Free | Partition Type: NTFS
Drive F: | 499.41 Mb Total Space | 369.97 Mb Free Space | 74.08% Space Free | Partition Type: FAT

Computer Name: SHEEBA | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\MSN Messenger\msnmsgr.exe" = C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1
"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B416FDA-CB3E-4514-9616-763E5B0D1140}" = Secret Files Tunguska
"{89AF271D-6795-4012-82AF-B6BB7D5D7571}" = Secret Files Tunguska Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"avast" = avast! Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Revo Uninstaller" = Revo Uninstaller 1.91
"ShockwaveFlash" = Adobe Flash Player 9 ActiveX
"VLC media player" = VLC media player 1.0.3
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast Ethernet Adapter
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 01/03/2011 18:28:37 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/03/2011 18:28:37 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/03/2011 18:28:39 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/03/2011 18:28:50 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

Error - 01/03/2011 19:07:26 | Computer Name = SHEEBA | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.5512, fault address 0x0001295d.

Error - 02/03/2011 01:23:59 | Computer Name = SHEEBA | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

Error - 02/03/2011 16:36:19 | Computer Name = SHEEBA | Source = pctsSvc.exe | ID = 0
Description =

Error - 03/03/2011 17:53:14 | Computer Name = SHEEBA | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 03/03/2011 19:22:21 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: The connection with the server was terminated abnormally

Error - 03/03/2011 19:22:22 | Computer Name = SHEEBA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>
with error: This network connection does not exist.

[ System Events ]
Error - 01/03/2011 17:52:07 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Java Quick Starter service
to connect.

Error - 01/03/2011 17:52:07 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%1053

Error - 01/03/2011 18:09:06 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7000
Description = The BTWSp50 NDIS Protocol Driver service failed to start due to the
following error: %%2

Error - 01/03/2011 18:09:06 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Java Quick Starter service
to connect.

Error - 01/03/2011 18:09:06 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7000
Description = The Java Quick Starter service failed to start due to the following
error: %%1053

Error - 01/03/2011 18:36:16 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 01/03/2011 18:42:33 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7034
Description = The PC Tools Security Service service terminated unexpectedly. It
has done this 2 time(s).

Error - 01/03/2011 18:43:34 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 01/03/2011 18:43:35 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 01/03/2011 18:54:46 | Computer Name = SHEEBA | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Dnscache service.


< End of report >

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby askey127 » March 6th, 2011, 6:10 am

crounauer,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    SRV - File not found [Auto | Stopped] -- -- (gusvc)
    SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
    SRV - File not found [Auto | Stopped] -- -- (avgwd)
    SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
    DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
    DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
    DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
    DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
    DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
    DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
    FF - prefs.js..browser.search.defaultthis.engineName: "PricesCompare Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2465674&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.search.selectedEngine: "PricesCompare Customized Web Search"
    FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178
    FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\
    [2011/02/10 08:11:01 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\engine@conduit.com
    [2010/11/02 19:02:18 | 000,000,929 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\searchplugins\conduit.xml
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: UserInit - (C:\Program Files\epprctos\mvhemtxj.exe) - C:\Program Files\epprctos\mvhemtxj.exe File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://java.sun.com/javase/downloads/index.jsp, and install it to your computer.
In the first section on the page, labeled JDK 6 Update 24 (JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
Select the Platform Windows and check the box to agree to the license.
Choose the Windows Offline installation version and click on the link.
Download it, choose Save, and save it to your desktop.
Then doubleclick it on your desktop, and it will install the newest version of Java for you to use.
You can then remove the Installer from your desktop.

-----------------------------------------------------
See if this online scan will run for you. If this won't run, do a complete scan with Avast!
We are looking to see whether there are multiple Windows System files that are infected but cannot be fixed or removed.
This will tell us if the machine needs to have a Reformat/ReInstall of Windows.

This scan can take a long time (hours), but it is very thorough. Please start it when you can let it finish.
It doesn't remove anything. The report, however, is very valuable.

Run an Online Kaspersky WebScan
  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the Program and Database downloads have finished, (may take a while), Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post the contents of this log in your next reply.

Tell me what you see.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13903
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Search Engine Re-direct

Unread postby crounauer » March 6th, 2011, 4:39 pm

Hi askey127,

Results from the OTL scan

OTL logfile created on: 06/03/2011 20:31:01 - Run 3
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Documents and Settings\simon\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

446.00 Mb Total Physical Memory | 89.00 Mb Available Physical Memory | 20.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 55.88 Gb Total Space | 23.39 Gb Free Space | 41.86% Space Free | Partition Type: NTFS
Drive E: | 14.90 Gb Total Space | 0.00 Gb Free Space | 0.03% Space Free | Partition Type: FAT32

Computer Name: SHEEBA | User Name: simon | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/04 19:35:22 | 000,728,406 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
PRC - [2010/09/07 16:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/03/04 19:35:22 | 000,728,406 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
MOD - [2010/08/23 16:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Auto | Stopped] -- -- (gupdate) Google Update Service (gupdate)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 16:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/10/30 19:05:02 | 000,271,360 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2010/10/30 19:04:45 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2007/08/08 11:12:42 | 000,101,120 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2006/03/31 11:38:48 | 003,960,896 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/02/11 18:46:22 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/14 14:22:54 | 000,005,504 | ---- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EKBfltr.sys -- (EKBfltr)
DRV - [2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s3gnbm.sys -- (S3SavageNB)
DRV - [2003/07/01 18:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2001/10/18 09:00:00 | 000,006,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaidexp.sys -- (ViaIde)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.gynogapod.co.uk/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.co.uk/"
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {2e564431-f9c1-45ba-a399-a46a424eeba2}:3.2.3.3
FF - prefs.js..extensions.enabledItems: ""


FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[2010/04/11 15:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\simon\Application Data\Mozilla\Extensions
[2011/03/06 20:27:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions
[2010/12/06 21:40:18 | 000,000,000 | ---D | M] (PricesCompare Community Toolbar) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\{2e564431-f9c1-45ba-a399-a46a424eeba2}
[2010/12/20 15:11:21 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/02/10 08:10:51 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2011/02/03 20:47:21 | 000,000,000 | ---D | M] (SEMToolbar) -- C:\Documents and Settings\simon\Application Data\Mozilla\Firefox\Profiles\7k0xp609.default\extensions\semtoolbar@bruceclay.com

O1 HOSTS File: ([2011/03/04 13:59:53 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - Startup: C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {000F1EA4-5E08-4564-A29B-29076F63A37A} http://launch.soe.com/plugin/web/SOEWebInstaller.cab (SOE Web Installer)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 2836625478 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 2837944199 (MUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - File not found
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\epprctos\mvhemtxj.exe) - C:\Program Files\epprctos\mvhemtxj.exe File not found
O24 - Desktop WallPaper: C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\simon\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/30 19:16:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/03/06 20:31:38 | 000,000,003 | RHS- | M] () - E:\autorun.inf -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/06 20:21:47 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/03/04 19:53:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/04 19:37:55 | 000,728,406 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
[2011/03/04 14:04:48 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/03/04 13:41:25 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/04 13:30:59 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/04 13:30:59 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/04 13:30:59 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/04 13:30:59 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/04 11:54:43 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/04 11:31:52 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/04 11:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\simon\Start Menu\Programs\Revo Uninstaller
[2011/03/04 09:16:22 | 001,374,808 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\simon\Desktop\tdsskiller.exe
[2011/03/03 22:48:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/03 22:47:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/03 22:47:14 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/03 19:18:03 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/01 22:49:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/01 22:49:49 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/01 22:49:42 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/01 22:49:29 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/01 22:49:23 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/01 22:49:07 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/01 22:49:06 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/01 22:49:01 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/01 22:42:43 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/01 22:42:42 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/01 22:39:32 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011/03/01 22:39:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/03/01 22:21:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2011/03/01 20:12:21 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/03/01 18:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\epprctos
[2011/02/21 17:47:57 | 000,000,000 | ---D | C] -- C:\spoolerlogs
[2011/02/21 17:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/02/20 21:51:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/02/20 21:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/02/20 21:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/02/20 21:31:42 | 000,000,000 | ---D | C] -- C:\$AVG
[2011/02/20 14:11:31 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/20 13:50:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/20 13:50:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/20 13:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/02/20 13:40:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/02/20 13:36:51 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/02/20 13:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/02/19 20:46:57 | 000,076,696 | ---- | C] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/02/19 20:46:55 | 000,000,000 | ---D | C] -- C:\Program Files\Prevx
[2011/02/19 20:46:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2011/02/19 20:41:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/19 19:51:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/02/19 19:10:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/02/19 19:10:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[3 C:\Documents and Settings\simon\My Documents\*.tmp files -> C:\Documents and Settings\simon\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/06 20:30:07 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/06 20:29:45 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/03/06 20:29:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/06 20:29:10 | 467,841,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/06 20:20:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{11DDA160-4F8B-49BC-A2CC-1112E9F3C43E}.job
[2011/03/05 19:32:07 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/03/05 19:32:05 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/04 19:35:22 | 000,728,406 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\simon\Desktop\OTL.exe
[2011/03/04 13:59:53 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/04 13:41:36 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/03/04 11:50:08 | 004,280,109 | R--- | M] () -- C:\Documents and Settings\simon\Desktop\zzz.exe.exe
[2011/03/04 11:31:53 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\Revo Uninstaller.lnk
[2011/03/04 09:02:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/04 08:57:20 | 001,374,808 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\simon\Desktop\tdsskiller.exe
[2011/03/03 23:04:28 | 000,771,534 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\dds.scr
[2011/03/03 22:53:50 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\simon\defogger_reenable
[2011/03/03 22:47:26 | 000,000,773 | ---- | M] () -- C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/03 22:47:23 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\NTREGOPT.lnk
[2011/03/03 22:47:23 | 000,000,598 | ---- | M] () -- C:\Documents and Settings\simon\Desktop\ERUNT.lnk
[2011/03/03 19:18:03 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/03 19:10:52 | 000,380,918 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/03 19:10:52 | 000,053,166 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/03 19:09:21 | 000,000,785 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/01 16:16:02 | 107,481,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/23 15:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 15:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 14:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 14:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 14:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/02/20 21:51:42 | 000,000,957 | ---- | M] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/20 14:47:48 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/20 14:04:20 | 000,700,836 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/19 20:46:57 | 000,076,696 | ---- | M] (Prevx) -- C:\WINDOWS\System32\drivers\pxrts.sys
[2011/02/19 20:46:43 | 000,000,048 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/02/10 08:09:31 | 000,109,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[3 C:\Documents and Settings\simon\My Documents\*.tmp files -> C:\Documents and Settings\simon\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/04 13:41:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/03/04 13:41:30 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/04 13:30:59 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/04 13:30:59 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/04 13:30:59 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/04 13:30:59 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/04 13:30:59 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/04 11:52:47 | 004,280,109 | R--- | C] () -- C:\Documents and Settings\simon\Desktop\zzz.exe.exe
[2011/03/04 11:31:53 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\Revo Uninstaller.lnk
[2011/03/03 23:10:17 | 000,771,534 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\dds.scr
[2011/03/03 22:53:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\simon\defogger_reenable
[2011/03/03 22:47:26 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\simon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/03 22:47:23 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\NTREGOPT.lnk
[2011/03/03 22:47:23 | 000,000,598 | ---- | C] () -- C:\Documents and Settings\simon\Desktop\ERUNT.lnk
[2011/03/03 21:28:23 | 467,841,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/03 19:09:21 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/03 19:09:18 | 000,000,773 | ---- | C] () -- C:\Documents and Settings\simon\Start Menu\Programs\Internet Explorer.lnk
[2011/03/01 16:16:02 | 107,481,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/20 21:51:42 | 000,000,957 | ---- | C] () -- C:\Documents and Settings\simon\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2011/02/20 13:37:30 | 000,700,836 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/02/19 20:46:43 | 000,000,048 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/10/24 16:55:43 | 000,271,360 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2010/10/24 16:55:42 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2010/05/22 10:31:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/08/03 14:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 14:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2008/09/07 14:01:43 | 000,001,045 | ---- | C] () -- C:\WINDOWS\7THLEVEL.INI
[2008/09/03 18:13:29 | 000,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2008/09/03 18:13:29 | 000,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2008/01/26 22:39:50 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2008/01/17 17:39:42 | 000,000,623 | ---- | C] () -- C:\WINDOWS\E-REGTLC.INI
[2007/08/18 08:18:40 | 000,001,364 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/06/02 21:25:59 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/06/01 17:05:55 | 000,000,212 | ---- | C] () -- C:\WINDOWS\rr.dat
[2007/05/30 18:59:16 | 000,000,224 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2007/05/20 09:09:47 | 000,000,048 | ---- | C] () -- C:\WINDOWS\POTATO.INI
[2007/04/25 20:17:11 | 000,000,067 | ---- | C] () -- C:\WINDOWS\DVDRegionFree.INI
[2007/04/02 13:46:09 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/30 17:10:13 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\simon\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/03/15 20:40:08 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/11 22:54:23 | 000,001,436 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/11/06 18:37:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/09/28 09:12:08 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/09/28 09:11:27 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2006/09/28 09:11:24 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\vuins32.dll
[2006/01/30 19:38:38 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2006/01/30 19:20:50 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/01/30 19:13:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/01/30 19:07:55 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/01/30 19:06:54 | 000,109,400 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/01/30 18:00:03 | 000,000,976 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/01/30 17:59:28 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/01/30 17:59:25 | 000,380,918 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/01/30 17:59:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/01/30 17:59:25 | 000,053,166 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/01/30 17:59:25 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/01/30 17:59:24 | 000,004,711 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/01/30 17:59:22 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/01/30 17:59:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/01/30 17:59:13 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/01/30 17:59:12 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/01/30 17:59:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/01/30 17:58:53 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

========== LOP Check ==========

[2011/03/01 22:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/12/20 16:39:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software
[2011/03/01 21:52:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/12/03 16:41:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/02/20 14:11:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2006/11/06 18:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/20 13:48:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/12/20 16:47:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2011/02/19 20:47:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PrevxCSI
[2009/08/16 14:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sierra Wireless
[2011/03/02 20:37:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/02/20 21:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Axepi
[2009/08/16 14:05:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\BT Connection Manager
[2011/02/20 13:35:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Covyab
[2011/02/24 21:19:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Cyykq
[2011/02/24 21:16:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Edix
[2011/02/19 20:16:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\simon\Application Data\Sony Online Entertainment
[2010/04/25 16:29:07 | 000,000,388 | ---- | M] () -- C:\WINDOWS\Tasks\Install.job
[2011/03/06 20:29:45 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/03/06 20:20:31 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{11DDA160-4F8B-49BC-A2CC-1112E9F3C43E}.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C

< End of report >

I will post other results as they are available.

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm

Re: Search Engine Re-direct

Unread postby crounauer » March 6th, 2011, 5:38 pm

Hi Askey127,

I successfully downloaded and installed Download JRE.

The laptop which has the problems is unable to open any browser, IE, firefox, chrome or opera. The browser does temporarily open but closes immediately. As a result I am unable to run the online scanner. Do you have a work around for this?

Incidentally, when I tried to run the online scanner => http://www.kaspersky.com/kos/eng/partne ... bscan.html on another PC the browser just closes. I have tried this on IE, FF and opera. I checked the Kaspersky website and is seems that the online scanner is temporarily unavailable.

I am currently running a complete Avast scan and will post the details when done.

Thanks,
Simon
crounauer
Active Member
 
Posts: 12
Joined: March 3rd, 2011, 7:08 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 18 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware