Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google redirection

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google redirection

Unread postby hypermac99 » May 12th, 2011, 9:10 pm

Used malwarebytes and it didnt fix the problem.

Ran HiJackThis and here is my log.

If anyone can help i would really appreciate it!


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:59:52 PM, on 5/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sygate\SPF\smc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\Common Files\Teleca Shared\logger.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe
C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe
C:\Program Files\TweetDeck\TweetDeck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Mobile Connectivity Suite] "C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: WLSVC - Unknown owner - C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe

--
End of file - 6937 bytes
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm
Advertisement
Register to Remove

Re: Google redirection

Unread postby deltalima » May 14th, 2011, 4:41 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby deltalima » May 14th, 2011, 4:54 pm

Hi hypermac99,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 15th, 2011, 9:31 am

OTL.txt

OTL logfile created on: 5/14/2011 11:48:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Grandmaster B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 115.56 Gb Free Space | 50.66% Space Free | Partition Type: NTFS

Computer Name: WOOPTY-3DFF2ED2 | User Name: Grandmaster B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Grandmaster B\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe (Teleca)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe (Teleca Sweden AB)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe (TODO: <Company name>)
PRC - C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\Generic.exe (Teleca AB)
PRC - C:\Program Files\Common Files\Teleca Shared\logger.exe (Popwire AB)
PRC - C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe (Teleca Sweden AB)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Grandmaster B\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\ksuser.dll (Microsoft Corporation)
MOD - C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\SSSensor.dll (Sygate Technologies, Inc.)


========== Win32 Services (SafeList) ==========

SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (WLSVC) -- C:\Program Files\TRENDnet\TEW-424UB\WLSVC.exe ()
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (LVPrcSrv) -- c:\Program Files\Common Files\Logitech\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (SmcService) -- C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)


========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (HTCAND32) -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV - (AnyDVD) -- C:\WINDOWS\system32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WLNdis50) -- C:\WINDOWS\system32\drivers\WLNdis50.sys ()
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\RTL8187B.sys (Realtek Semiconductor Corporation )
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech QuickCam Fusion(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (lvmvdrv) -- C:\WINDOWS\system32\drivers\LVMVdrv.sys ()
DRV - (LVPrcMon) -- C:\WINDOWS\system32\drivers\LVPrcMon.sys ()
DRV - (Lvckap) -- C:\WINDOWS\system32\drivers\Lvckap.sys ()
DRV - (wg6n) -- C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys (Sygate Technologies, Inc.)
DRV - (wg5n) -- C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys (Sygate Technologies, Inc.)
DRV - (wg4n) -- C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys (Sygate Technologies, Inc.)
DRV - (wg3n) -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys (Sygate Technologies, Inc.)
DRV - (wpsdrvnt) -- C:\WINDOWS\system32\drivers\wpsdrvnt.sys (Sygate Technologies, Inc.)
DRV - (Teefer) -- C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys (Sygate Technologies, Inc.)
DRV - (ASPI) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1214440339-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1214440339-606747145-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/03/19 12:57:35 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/03/20 11:06:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 21:13:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/12 21:13:03 | 000,000,000 | ---D | M]

[2009/07/28 16:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grandmaster B\Application Data\Mozilla\Extensions
[2011/05/12 09:24:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Grandmaster B\Application Data\Mozilla\Firefox\Profiles\88vpr98h.default\extensions
[2010/04/30 23:39:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Grandmaster B\Application Data\Mozilla\Firefox\Profiles\88vpr98h.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/12 21:13:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2009/08/23 23:29:39 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/14 12:26:02 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2009/11/06 11:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2006/10/05 20:09:13 | 000,114,688 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npmozax.dll
[2009/11/06 11:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2008/03/04 17:21:01 | 000,159,744 | ---- | M] (CNN) -- C:\Program Files\Mozilla Firefox\plugins\NPTURNMED.dll
[2007/04/16 13:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2004/08/10 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Mobile Connectivity Suite] C:\Program Files\HTC\HTC Sync\Application Launcher\Application Launcher.exe (Teleca Sweden AB)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [SmcService] C:\Program Files\Sygate\SPF\Smc.exe (Sygate Technologies, Inc.)
O4 - HKU\S-1-5-21-1214440339-606747145-725345543-1003..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10p_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\Sprint media monitor.lnk = C:\WINDOWS\RM.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Grandmaster B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Grandmaster B\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/02 20:02:31 | 000,000,095 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2002/10/03 03:13:44 | 000,000,026 | ---- | M] () - C:\AUTORUN.INF -- [ NTFS ]
O32 - AutoRun File - [2008/12/24 00:05:58 | 000,002,244 | ---- | M] () - C:\AUTORUN.PNF -- [ NTFS ]
O33 - MountPoints2\{283c80c2-4867-11e0-b4d5-0014d159bc59}\Shell\AutoRun\command - "" = H:\PMBP_Win.exe
O33 - MountPoints2\{835cd6b8-7afe-11de-a6eb-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{835cd6b8-7afe-11de-a6eb-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{835cd6b8-7afe-11de-a6eb-806d6172696f}\Shell\AutoRun\command - "" = D:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O36 - AppCertDlls: rdpcedir - (C:\WINDOWS\getmghts.dll) - File not found
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/14 23:47:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Grandmaster B\Desktop\OTL.exe
[2011/05/12 20:59:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grandmaster B\Start Menu\Programs\HiJackThis
[2011/04/27 09:54:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grandmaster B\Desktop\Ringtones
[2011/04/26 23:01:52 | 000,000,000 | ---D | C] -- C:\Program Files\mIRC
[2011/04/26 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Grandmaster B\Application Data\mIRC
[2011/04/26 23:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\mIRC
[2010/07/26 17:35:24 | 004,063,698 | ---- | C] (Award Software, Inc ) -- C:\Documents and Settings\Grandmaster B\Application Data\klinstall.exe
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/14 23:47:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Grandmaster B\Desktop\OTL.exe
[2011/05/13 15:00:12 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Grandmaster B\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/05/12 21:13:08 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Grandmaster B\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/05/12 20:59:23 | 000,002,463 | ---- | M] () -- C:\Documents and Settings\Grandmaster B\Desktop\HiJackThis.lnk
[2011/05/12 18:03:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/12 14:36:10 | 000,039,472 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/05/12 14:35:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/11 15:24:00 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2011/04/26 23:01:52 | 000,000,626 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\mIRC.lnk
[9 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/12 21:13:07 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Mozilla Firefox.lnk
[2011/05/12 20:59:06 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\Grandmaster B\Desktop\HiJackThis.lnk
[2011/04/26 23:01:52 | 000,000,626 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\mIRC.lnk
[2011/03/19 12:49:51 | 000,207,027 | ---- | C] () -- C:\WINDOWS\hpoins46.dat
[2011/03/19 12:49:51 | 000,000,574 | ---- | C] () -- C:\WINDOWS\hpomdl46.dat
[2010/09/12 10:15:22 | 000,000,084 | ---- | C] () -- C:\WINDOWS\System32\4E37A837910D.ini
[2010/05/11 09:58:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/04/30 22:50:33 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\drivers\WLNdis50.sys
[2010/03/23 21:57:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/04 01:40:58 | 000,010,238 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/03/04 01:37:46 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2010/03/04 01:21:40 | 000,000,272 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2010/01/21 14:03:30 | 000,013,484 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/09 16:23:11 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\DVDIFOFilter.dll
[2009/08/17 19:35:42 | 000,222,552 | ---- | C] () -- C:\WINDOWS\RM.exe
[2009/07/28 17:53:00 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2009/07/28 16:59:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/07/28 00:11:44 | 000,014,336 | ---- | C] () -- C:\Documents and Settings\Grandmaster B\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/07/27 23:17:23 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Grandmaster B\Local Settings\Application Data\fusioncache.dat
[2009/07/27 23:10:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/27 23:01:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/27 18:50:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/27 18:49:43 | 000,097,456 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/09/01 14:11:52 | 001,912,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/09/01 14:11:52 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/09/01 14:09:28 | 002,169,984 | ---- | C] () -- C:\WINDOWS\System32\drivers\Lvckap.sys
[2005/03/22 18:38:24 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 18:38:24 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/12/20 11:08:28 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2004/12/20 11:03:26 | 000,561,152 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2004/08/10 20:39:04 | 000,218,264 | ---- | C] () -- C:\WINDOWS\System32\SetAid.dll
[2004/08/10 07:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 07:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 07:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 07:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 07:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 07:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 07:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 07:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 07:00:00 | 000,003,584 | ---- | C] () -- C:\WINDOWS\System32\zx.dll
[2004/08/10 07:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/10 07:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

< End of report >


EXTRAS.txt

OTL Extras logfile created on: 5/14/2011 11:48:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Grandmaster B\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 421.00 Mb Available Physical Memory | 41.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 115.56 Gb Free Space | 50.66% Space Free | Partition Type: NTFS

Computer Name: WOOPTY-3DFF2ED2 | User Name: Grandmaster B | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1214440339-606747145-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Ares Lite Edition\Ares.exe" = C:\Program Files\Ares Lite Edition\Ares.exe:*:Enabled:Ares
"C:\Program Files\Ares\Ares.exe" = C:\Program Files\Ares\Ares.exe:*:Enabled:Ares -- (Ares Development Group)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- ()
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger
"C:\Program Files\ACSPMonitor\ASMonitor.exe" = C:\Program Files\ACSPMonitor\ASMonitor.exe:*:Enabled:System
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Disabled:Nero ShowTime -- (Nero AG)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Disabled:Windows Explorer -- (Microsoft Corporation)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\mIRC\mirc.exe" = C:\Program Files\mIRC\mirc.exe:*:Enabled:mIRC -- (mIRC Co. Ltd.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00B2E284-0B9A-33B4-7E91-BAFD1E35CAFE}" = TweetDeck
"{0360D8F0-626A-4E87-8A16-938BD0BEBCC5}" = 32 Bit HP CIO Components Installer
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 17
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42BBA4CC-EFB6-4653-A2CC-F305D4B399C3}" = PS_AIO_07_D110_SW_Min
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{565E7B0E-B76B-4EAD-9753-F1E72A5CF12E}" = HPAppStudio
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5ECB3A3C-980B-4D12-9724-25DCB07A1F47}" = iTunes
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{77A93F37-0057-0005-3030-2EC938FA6A41}" = iVideoToGo
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A253629-0511-4854-8B4E-46E57E66005C}" = Bonjour
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91D3AD6F-09CD-4695-9FA3-8FB15429BE97}" = D110
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9DE1BE03-AFE2-4CDB-BFEB-D06D736CD01A}" = Apple Mobile Device Support
"{A20A58C4-6784-4B4B-86CC-94E2E3671033}" = Nero 7 Premium
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
"{B1BDEA80-95CE-4DFB-B9D3-DC800E7F87B4}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF448A52-C83E-455D-B5D3-FD9E964C9419}" = Sygate Personal Firewall Pro
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43421C0-0DCB-4F26-8A3B-BF16155F9879}" = TRENDnet TEW-424UB Wireless USB 2.0 Adapter Driver and Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{DBC1DE57-B55A-4D57-9769-1DB9BE506AF7}" = HP Photosmart D110 All-In-One Driver Software 14.0 Rel. 7
"{E517094C-06B6-419F-8FFD-EF4F57972130}" = QuickTransfer
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{E6FB80A3-31B8-4B22-848F-CE4CFDC0117E}" = InterVideo iVideoToGo
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FCAFEEB3-3520-4539-89AF-4B743D2DFAEC}" = HTC Sync
"AddressBar" = MuvEnum Address Bar - Windows Explorer Extension
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AnyDVD" = AnyDVD
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"CSCLIB" = Canon Camera Support Core Library
"DVD Shrink_is1" = DVD Shrink 3.2
"EOS Utility" = Canon Utilities EOS Utility
"Halloween" = Halloween Screen Saver
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"lvdrivers_12.0" = Logitech Webcam Software Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"NVIDIA Drivers" = NVIDIA Drivers
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel(R) PRO Network Connections Drivers
"QcDrv" = Logitech Camera Driver
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Tipard All Music Converter_is1" = Tipard All Music Converter
"TweetDeckFast.FFF259DC0CE2657847BBB4AFF0E62062EFC56543.1" = TweetDeck
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"XviD_is1" = XviD MPEG-4 Video Codec
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-606747145-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/6/2011 7:01:29 AM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1000
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 5/6/2011 7:03:04 AM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1004
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 5/12/2011 1:33:06 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Bonjour Service | ID = 100
Description = 240: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/12/2011 1:33:06 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Bonjour Service | ID = 100
Description = 224: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/12/2011 1:33:06 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Bonjour Service | ID = 100
Description = 432: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/12/2011 1:33:06 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Bonjour Service | ID = 100
Description = 444: ERROR: read_msg errno 10054 (An existing connection was forcibly
closed by the remote host.)

Error - 5/12/2011 1:34:32 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1000
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 5/12/2011 1:35:58 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1004
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 5/12/2011 2:35:07 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1000
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

Error - 5/12/2011 2:36:16 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Application Error | ID = 1004
Description = Faulting application ProfileCnt.exe, version 0.0.0.0, faulting module
ProfileCnt.exe, version 0.0.0.0, fault address 0x00001704.

[ System Events ]
Error - 5/4/2011 8:59:10 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/6/2011 7:01:29 AM | Computer Name = WOOPTY-3DFF2ED2 | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 5/6/2011 8:59:11 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/8/2011 8:59:12 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/10/2011 8:59:13 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/12/2011 1:46:01 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/12/2011 1:47:15 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
ElbyCDIO Fips intelppm

Error - 5/12/2011 2:34:08 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/12/2011 8:59:14 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 5/14/2011 8:59:15 PM | Computer Name = WOOPTY-3DFF2ED2 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >


GMER.txt

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-15 03:23:00
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 SAMSUNG_ rev.VT10
Running: d80t911e.exe; Driver: C:\DOCUME~1\GRANDM~1\LOCALS~1\Temp\pwqdypow.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwAllocateVirtualMemory [0xF77F4B30]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwCreateThread [0xF77F46F0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwMapViewOfSection [0xF77F4470]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwProtectVirtualMemory [0xF77F4C50]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwShutdownSystem [0xF77F4990]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwTerminateProcess [0xF77F48D0]
SSDT \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.) ZwWriteVirtualMemory [0xF77F4D60]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xF6606360, 0x21235D, 0xE8000020]
.text wanarp.sys F77E7402 2 Bytes [90, 90] {NOP ; NOP }

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\Explorer.EXE[2432] Explorer.EXE 01002583 2 Bytes [AC, 18]
.text C:\WINDOWS\Explorer.EXE[2432] Explorer.EXE 01002597 14 Bytes [8B, FF, 55, 8B, EC, 56, 57, ...]
.text C:\WINDOWS\Explorer.EXE[2432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 00C4758E
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 00156466
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!send 71AB4C27 5 Bytes JMP 00155FEE
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!WSARecv 71AB4CB5 5 Bytes JMP 001561EB
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 00156747
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!recv 71AB676F 5 Bytes JMP 00156061
.text C:\Program Files\Mozilla Firefox\firefox.exe[168236] WS2_32.dll!WSASend 71AB68FA 5 Bytes JMP 0015613C
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [F72CF760] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [F72CF970] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [F72CFAD0] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [F72CFA30] Teefer.sys (Teefer Driver/Sygate Technologies, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\ctfmon.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\system32\ctfmon.exe[656] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\HTCVBTServer.exe[1300] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe[1600] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [009D2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [009D2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [009D2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe[2148] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [009D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\Explorer.EXE[2432] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\logger.exe[2752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00972DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00972C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00972C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Teleca Shared\Generic.exe[3120] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00972C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00AB2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00AB2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00AB2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\ClientInitiatedStarter\ClientInitiatedStarter.exe[3264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00AB2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00BA2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00BA2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00BA2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\epmworker.exe[3280] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00BA2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A92DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A92C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00A92C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\HTC\HTC Sync\Mobile Phone Monitor\FsynSrvStarter.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A92C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Grandmaster B\Desktop\d80t911e.exe[167660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Grandmaster B\Desktop\d80t911e.exe[167660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Grandmaster B\Desktop\d80t911e.exe[167660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Documents and Settings\Grandmaster B\Desktop\d80t911e.exe[167660] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[168236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [010D2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[168236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [010D2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[168236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [010D2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\firefox.exe[168236] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [010D2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168864] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [10002DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [10002C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [10002C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\WINDOWS\notepad.exe[168968] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [10002C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00FD2DF0] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00FD2C50] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtClose] [00FD2C10] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)
IAT C:\Program Files\Mozilla Firefox\plugin-container.exe[169972] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00FD2C60] C:\Program Files\Common Files\Logitech\LVMVFM\LVPrcInj.dll (Logitech Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Tcp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\Udp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\RawIp wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device \Driver\Tcpip \Device\IPMULTICAST wpsdrvnt.sys (wpsdrvnt/Sygate Technologies, Inc.)
Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Processes - GMER 1.0.15 ----

Process hidden process (*** hidden *** ) 6452
Process hidden process (*** hidden *** ) 36588
Process hidden process (*** hidden *** ) 37164
Process hidden process (*** hidden *** ) 37792
Process hidden process (*** hidden *** ) 37896
Process hidden process (*** hidden *** ) 38640
Process hidden process (*** hidden *** ) 38900

---- EOF - GMER 1.0.15 ----


holy crap thats a lot to go through! Thanks for your help. and why does that one log say my updates wont connect?! Hell, it use too.

THanks again!
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 15th, 2011, 10:44 am

Hi hypermac99,

Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

  • Click on start
  • Then Run
  • In the open text entry box please copy/paste appwiz.cpl Then click enter.
  • Press the "Remove" or "Change/Remove"...button to uninstall the programs listed above (in red) and any other P2P you have installed NOW.
  • Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.

Security Check
Please download Security Check ... by screen317. Save it to your desktop.
Alternate download site: Link 2
  1. Double click the SecurityCheck.exe icon to begin.
  2. Press the Space Bar when you see the "press any key to continue..." message.
    A Notepad results file will open automatically called checkup.txt
  3. Save "checkup.txt" to your desktop. (This output file is NOT automatically saved!)
  4. Please copy/paste the entire contents of the checkup.txt file into your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 15th, 2011, 10:55 am

I didnt even think about that. Thanks. Doing that now. Be back in a few.
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 15th, 2011, 11:02 am

OK, post the log when ready
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 15th, 2011, 11:21 am

Results of screen317's Security Check version 0.99.11
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Sygate Personal Firewall Pro
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 9.3.2
Out of date Adobe Reader installed!
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 15th, 2011, 11:24 am

Hi hypermac99,

No anti-virus

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download and install a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.

Please run a Full scan and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 15th, 2011, 12:10 pm

No "log" came up but it did find 4 threats. removed 2. had an error with the other 2. Since no log came up I screen captured it. I downloaded Microsoft Security Essentials.

Picture is in link below.

http://i305.photobucket.com/albums/nn22 ... Result.jpg
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 15th, 2011, 12:34 pm

Hi hypermac99,

Run Combofix

Temporarily disable any antispyware, antivirus and or antimalware real-time protection as they may interfere with running of ComboFix.

Download ComboFix from here to your Desktop.

For more information about Combofix please see here.

Close all programs.

Double click combofix.exe and follow the prompts.

If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it’s malware removal procedures, if not, then follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Once installed, you should see the following message:

The recovery console was successfuly installed.
Click ‘YES’ to continue scanning for malware
Click ‘NO’ for exit

Click the YES button.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your “drive access” light. If it is flashing, Combofix is still at work.

When finished ComboFix will produce a log file. Please post the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 15th, 2011, 12:48 pm

I just noticed I only ran a quick scan the 1st go around. Doing a full scan now. When that is over I will do as you advised above.
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 15th, 2011, 12:57 pm

OK,that's fine.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: Google redirection

Unread postby hypermac99 » May 16th, 2011, 1:21 am

ran full scan. Found 14 new items. Anti Virus Software removed all of them. Re booted. Started Combo Fix. downloaded the console and everything rebooted itself and restarted. Once it restarted I turned off all my programs running that you told me too. I left my house at 6:30 pm. I got home just now at 1:15 am and combo fix was still in the same screen it was when i left. Except no light on my PC was blinking. No log file or anything. any ideas? My Windows live updates and options are back. So thats a good sign. Once I got home and found no obvious activity going I restarted my PC on my own.

hmmm....
hypermac99
Regular Member
 
Posts: 15
Joined: May 12th, 2011, 9:05 pm

Re: Google redirection

Unread postby deltalima » May 16th, 2011, 2:55 am

Hi hypermac99,

Please post the contents of the log C:\ComboFix.txt

Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 307 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware