Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help removing redirect virus + maybe more

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 15th, 2011, 1:48 am

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Run by mike at 22:15:43 on 2011-08-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2523 [GMT -7:00]
.
AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Logitech\SetPoint II\SetpointII.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\dKEYUSBCradle\SyncService.exe
C:\WINDOWS\system32\msimsg32.exe
C:\dKEYUSBCradle\ProxyDaemon.exe
C:\dKEYUSBCradle\stunnel-4.10.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\WINDOWS\system32\ieaksie32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
.
============== Pseudo HJT Report ===============
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
BHO: {02da7d50-5013-4377-ab0c-aee7cfbe0fb7} - c:\windows\system32\ati2evxx32.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: WhiteSmoke Toolbar: {e4709dfb-a47d-451c-957d-e78d25263cb8} - c:\program files\whitesmoketoolbar\vmntemplateX.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [36X Raid Configurer] c:\windows\system32\xRaidSetup.exe boot
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\setpoi~1.lnk - c:\program files\logitech\setpoint ii\SetpointII.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{30DFA4DE-996D-4C0C-B286-9064F8681E0B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{70D01DAC-5595-4193-BE94-46FCE0B95C37} : DhcpNameServer = 192.168.1.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
AppInit_DLLs: c:\windows\system32\kemutb32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 184.95.59.211 www.google.com
Hosts: 184.95.59.212 search.yahoo.com
Hosts: 184.95.59.212 www.bing.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\mike\application data\mozilla\firefox\profiles\uw4aeput.default\
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
FF - component: c:\program files\avg\avg10\firefox4\components\avgssff5.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\documents and settings\mike\application data\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npvlc.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {9137752e-97e9-4a33-aae0-d756d2fb1b6a} - %profile%\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Safe Search: {1E73965B-8B48-48be-9C8D-68B920ABC1C4} - c:\program files\avg\avg10\Firefox4
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\mike\application data\Move Networks
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R0 13958082;13958082 Boot Guard Driver;c:\windows\system32\drivers\13958082.sys [2011-5-12 37392]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-2-22 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-3-16 32592]
R1 13958081;13958081;c:\windows\system32\drivers\13958081.sys [2011-5-12 128016]
R1 atitray;atitray;c:\program files\ray adams\ati tray tools\atitray.sys [2007-5-22 18088]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-1-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-3-1 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-4-5 297168]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R1 setup_9.0.0.722_11.05.2011_11-43drv;setup_9.0.0.722_11.05.2011_11-43drv;c:\windows\system32\drivers\1395808.sys [2011-5-12 315408]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2009-8-28 115856]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2009-8-28 41424]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-5-4 116608]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-4-18 7398752]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 Eventlog32;Event Log ;c:\windows\system32\msimsg32.exe [2011-8-14 705024]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2009-6-30 10384]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-4-14 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-2-10 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-2-10 27216]
R3 silabenm;GE Supra DisplayKey USB Cradle Serial Port Enumerator Driver;c:\windows\system32\drivers\silabenm.sys [2011-3-10 24584]
R3 silabser;GE Supra DisplayKey USB Cradle Driver;c:\windows\system32\drivers\silabser.sys [2011-3-10 69256]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2009-8-28 91472]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [2009-8-5 99472]
S2 itlperf;Intel CPU;c:\windows\system32\svchost.exe -k itlsvc [2008-4-14 14336]
S3 ALLOW-IO;ALLOW-IO;\??\d:\allow-io.sys --> d:\ALLOW-IO.sys [?]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2005-8-2 32512]
S3 ZD1211U(WLAN);IEEE 802.11g USB Wireless LAN Driver(WLAN);c:\windows\system32\drivers\ZD1211U.sys [2009-5-23 247296]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\system32\ZDBRGSYS.sys [2009-5-23 19200]
.
=============== Created Last 30 ================
.
2011-08-15 05:11:22 705024 ----a-w- c:\windows\system32\ieaksie32.exe
2011-08-15 05:05:55 0 ---ha-w- c:\documents and settings\mike\cntfrbwdpz.tmp
2011-08-15 03:36:13 155648 ----a-w- c:\windows\system32\kemutb32.dll
2011-08-15 03:36:10 705024 ----a-w- c:\windows\system32\msimsg32.exe
2011-08-15 03:36:07 327680 ----a-w- c:\windows\system32\ati2evxx32.dll
2011-08-06 19:14:47 -------- d-----w- c:\documents and settings\all users\application data\!SASCORE
.
==================== Find3M ====================
.
2011-08-09 23:50:26 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-07 02:52:42 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 02:52:42 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: SAMSUNG_HD753LJ rev.1AA01110 -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe >>UNKNOWN [0x8A6F70E8]<<
_asm { MOV EAX, 0x8a6f7008; XCHG [ESP], EAX; PUSH EAX; PUSH 0x8a6fbeb4; RET ; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; ADD [EAX], AL; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A5FDAB8]
\Driver\Disk[0x8A5B4F38] -> IRP_MJ_CREATE -> 0x8A6F70E8
error: Read A device attached to the system is not functioning.
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
detected hooks:
\Driver\Disk -> 0x8a6f70e8
\Driver\atapi DriverStartIo -> 0x8A53457B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 22:17:21.37 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/14/2009 11:59:03 PM
System Uptime: 8/14/2011 10:10:36 PM (0 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel(R) Core(TM)2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2448/272mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 699 GiB total, 415.571 GiB free.
D: is CDROM ()
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Audio Device on High Definition Audio Bus
Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Manufacturer:
Name: Audio Device on High Definition Audio Bus
PNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_AA01&SUBSYS_00AA0100&REV_1001\5&3BAAFE9&0&0001
Service:
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8169/8110 Family Gigabit Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Manufacturer: Realtek Semiconductor Corp.
Name: Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2
PNP Device ID: PCI\VEN_10EC&DEV_8167&SUBSYS_1083147B&REV_10\4&BB29FA6&0&08F0
Service: RTL8023xp
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:
.
==== System Restore Points ===================
.
RP5: 5/16/2011 10:39:58 PM - Installed AVG 2011
RP6: 5/18/2011 4:25:32 PM - System Checkpoint
RP7: 5/21/2011 4:10:27 PM - Installed AVG 2011
RP8: 5/23/2011 9:39:53 PM - Restore Operation
RP9: 5/23/2011 9:48:46 PM - Installed AVG 2011
RP10: 5/23/2011 9:49:51 PM - Removed AVG 2011
RP11: 5/23/2011 9:50:25 PM - Removed AVG 2011
RP12: 5/23/2011 9:57:04 PM - Installed AVG 2011
RP13: 5/23/2011 9:57:40 PM - Installed AVG 2011
RP14: 5/26/2011 10:59:52 AM - System Checkpoint
RP15: 5/27/2011 12:32:39 PM - Restore Operation
RP16: 5/27/2011 12:39:32 PM - Restore Operation
RP17: 5/27/2011 12:41:54 PM - Restore Operation
RP18: 5/29/2011 12:36:56 PM - System Checkpoint
RP19: 6/2/2011 9:21:21 AM - System Checkpoint
RP20: 6/6/2011 11:55:04 PM - System Checkpoint
RP21: 6/13/2011 9:46:12 PM - Restore Operation
RP22: 8/5/2011 11:37:19 AM - System Checkpoint
RP23: 8/12/2011 12:14:05 PM - System Checkpoint
RP24: 8/13/2011 12:31:34 PM - System Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
7-Zip 4.65
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.5
Adobe Shockwave Player 11.5
AIM 7
Apple Mobile Device Support
Apple Software Update
ATI Display Driver
AVG 2011
BitTorrent
Bonjour
BufferChm
Casino Verite Blackjack V5
CDDRV_Installer
Chinese Simplified Fonts Support For Adobe Reader 9
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Critical Update for Windows Media Player 11 (KB959772)
D1600
DeviceDiscovery
Diablo II
DisplayKEY USB Cradle
DJ_SF_06_D1600_SW_Min
dKeyUSBCradleDriver_x86
DNA
Download Updater (AOL LLC)
Dragon Age: Origins
EasyBot
EPSON Printer Software
EPSON Scan
Full Tilt Poker
G9 Device Package
GIMP 2.6.8
GPBaseService2
Heroes of Might and Magic® III Complete
Heroes of Newerth
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Customer Participation Program 14.0
HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
HP Imaging Device Functions 14.0
HP Photo Creations
HP Smart Web Printing 4.60
HP Solution Center 14.0
HP Update
HPProductAssistant
HPSSupply
IEEE 802.11g USB Wireless LAN Adapter
iTunes
Java Auto Updater
Java(TM) 6 Update 22
JMB36X Raid Configurer
KhalInstallWrapper
Left 4 Dead
Lernout & Hauspie TruVoice American English TTS Engine
Logitech SetPoint
Logitech SetPoint 5.10
Logitech Updater
Magic Online III
Magic Workstation 0.94f
Magicka
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office XP Professional with FrontPage
Microsoft Silverlight
Microsoft Virtual PC 2007
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft WSE 3.0 Runtime
Microsoft XNA Framework Redistributable 3.1
Move Media Player
Mozilla Firefox (3.6.18)
MSN
MSVCRT
MSXML 6.0 Parser (KB927977)
MTG GamePack for Magic Workstation
MTGO Library Bot 2.46
NVIDIA PhysX
OCCT Perestroika 3.1.0
OGA Notifier 2.0.0048.0
PokerStars
Prototype(TM)
QuickTime
Ray Adams ATI Tray Tools
RealPlayer
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Shipstream Manager
Shop for HP Supplies
Skype™ 4.0
SmartWebPrinting
SolutionCenter
SSC Service Utility v4.30
Stamps.com
Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
Stamps.com support for Microsoft Word 2000-2007
StarCraft
StarCraft II Beta
Status
Steam
Sun xVM VirtualBox
SUPERAntiSpyware
The Sims™ 3
Toolbox
TrayApp
Tropico 3 1.00
Turbo Lister 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Ventrilo Client
VideoLAN VLC media player 0.8.4a
Warcraft III
WC3Banlist
WebFldrs XP
WebReg
WhiteSmoke Toolbar
Windows Driver Package - GE Security (silabenm) Ports (12/10/2008 5.4.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
WinPcap 3.1
WinRAR archiver
World of Warcraft
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 5:17:30 PM, error: Service Control Manager [7024] - The Background Intelligent Transfer Service service terminated with service-specific error 2147500037 (0x80004005).
8/7/2011 7:22:28 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
8/7/2011 10:31:25 PM, error: Service Control Manager [7023] - The Intel CPU service terminated with the following error: The specified module could not be found.
8/7/2011 10:31:25 PM, error: Service Control Manager [7023] - The Help and Support service terminated with the following error: The specified module could not be found.
8/10/2011 1:24:29 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to an unreachable host. (0x80072751)
.
==== End Of File ===========================
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am
Advertisement
Register to Remove

Re: Help removing redirect virus + maybe more

Unread postby Gary R » August 19th, 2011, 1:53 am

Looking over your log, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help removing redirect virus + maybe more

Unread postby Gary R » August 19th, 2011, 2:03 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Malware Removal" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi MikeLin007

I'm Gary R, I'll be glad to help you with your computer problems.

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Please observe these rules while we work:
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • If you're using XP, you'll need Administrator privileges to perform the fixes. (XP accounts are Administrator by default)
  • If you're using Vista or Windows7, it will be necessary to right click all tools we use and select ----> Run as Administrator
Important As I said earlier removing Malware is a potentially hazardous thing to do, so to increase our chances of recovery in the event of something unexpected happening, I'd like you to make a backup of your Registry before we start to clean your computer.
  • Download ERUNT to your desktop
  • Alternate Download
  • Double-click on erunt_setup.exe to install the program
  • Untick the NTREGOPT desktop shortcut option
  • Click No when you get the option to run Erunt at Windows startup.
  • During the installation, tick Launch Erunt.
  • Accept the default options for running a backup.
  • Erunt will then backup your registry.
  • Click OK to finish.
  • If you are unable to back up your Registry with ERUNT ....
    • Let me know.
    • Do not follow any further instructions until I tell you to.
It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


Looks like amongst other things, you have a TDL3 rootkit infection ....

Download TDSSKiller.zip and extract it to your Desktop.
  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished a list of detected items should be displayed.
  • Check to make sure the Cure option is selected in the drop down options. If cure is not available DO NOT select either Delete or Quarantine, just select Skip and let me know.
  • Please click on Continue
  • TDSSKiller will now attempt to clean the infection from your computer.
  • It will now ask for a reboot to complete the process, please click on Reboot now
  • When finished re-booting, a log of the cleanup will be found at C:\TDSSKiller.2.4.0.0_DD.MM.YYYY_HH.MM.SS_log.txt (where DD.MM.YYYY_HH.MM.SS are the date and time the tool was run)
  • Post the contents in your next reply please.

Next

Download OTL by OldTimer to your Desktop.

Alternative Download

If you already have a copy of OTL delete it and use this version.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.

Summary of the logs I need from you in your next post:
  • TDSSKiller log
  • OTL.txt
  • Extras.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 3:54 am

Thanks Gary! here is the first log (TDSSKiller), I will edit in the OTL and Extras log in a few min or I will post them in the next reply.

2011/08/19 00:48:22.0312 3344 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/19 00:48:22.0953 3344 ================================================================================
2011/08/19 00:48:22.0953 3344 SystemInfo:
2011/08/19 00:48:22.0953 3344
2011/08/19 00:48:22.0953 3344 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/19 00:48:22.0953 3344 Product type: Workstation
2011/08/19 00:48:22.0953 3344 ComputerName: ----------
2011/08/19 00:48:22.0953 3344 UserName: mike
2011/08/19 00:48:22.0953 3344 Windows directory: C:\WINDOWS
2011/08/19 00:48:22.0953 3344 System windows directory: C:\WINDOWS
2011/08/19 00:48:22.0953 3344 Processor architecture: Intel x86
2011/08/19 00:48:22.0953 3344 Number of processors: 4
2011/08/19 00:48:22.0953 3344 Page size: 0x1000
2011/08/19 00:48:22.0953 3344 Boot type: Normal boot
2011/08/19 00:48:22.0953 3344 ================================================================================
2011/08/19 00:48:24.0109 3344 Initialize success
2011/08/19 00:48:38.0484 3228 ================================================================================
2011/08/19 00:48:38.0484 3228 Scan started
2011/08/19 00:48:38.0484 3228 Mode: Manual;
2011/08/19 00:48:38.0484 3228 ================================================================================
2011/08/19 00:48:39.0609 3228 13958081 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\13958081.sys
2011/08/19 00:48:39.0640 3228 13958082 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\13958082.sys
2011/08/19 00:48:39.0718 3228 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/19 00:48:39.0750 3228 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/19 00:48:39.0812 3228 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/19 00:48:39.0859 3228 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/19 00:48:39.0937 3228 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/19 00:48:39.0984 3228 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/19 00:48:40.0015 3228 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/19 00:48:40.0109 3228 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/19 00:48:40.0171 3228 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2011/08/19 00:48:40.0203 3228 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
2011/08/19 00:48:40.0203 3228 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/19 00:48:40.0218 3228 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/19 00:48:40.0265 3228 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/19 00:48:40.0281 3228 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/19 00:48:40.0296 3228 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/19 00:48:40.0312 3228 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/19 00:48:40.0328 3228 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/19 00:48:40.0343 3228 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/19 00:48:40.0359 3228 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/19 00:48:40.0375 3228 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/19 00:48:40.0421 3228 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/19 00:48:40.0437 3228 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/19 00:48:40.0468 3228 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/19 00:48:40.0468 3228 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/19 00:48:40.0484 3228 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/19 00:48:40.0546 3228 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/19 00:48:40.0593 3228 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/19 00:48:40.0625 3228 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/19 00:48:40.0671 3228 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/19 00:48:40.0703 3228 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/19 00:48:40.0734 3228 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/19 00:48:40.0750 3228 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/08/19 00:48:40.0750 3228 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
2011/08/19 00:48:40.0750 3228 dtscsi - detected LockedFile.Multi.Generic (1)
2011/08/19 00:48:40.0765 3228 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/19 00:48:40.0796 3228 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/19 00:48:40.0812 3228 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/19 00:48:40.0812 3228 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/19 00:48:40.0828 3228 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/19 00:48:40.0843 3228 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/19 00:48:40.0859 3228 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/19 00:48:40.0875 3228 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/19 00:48:40.0906 3228 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/08/19 00:48:40.0906 3228 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/19 00:48:40.0937 3228 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/19 00:48:40.0984 3228 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/19 00:48:41.0031 3228 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/19 00:48:41.0062 3228 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/19 00:48:41.0078 3228 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/19 00:48:41.0109 3228 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/19 00:48:41.0171 3228 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/19 00:48:41.0187 3228 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/19 00:48:41.0296 3228 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/19 00:48:41.0375 3228 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/19 00:48:41.0390 3228 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/19 00:48:41.0406 3228 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/19 00:48:41.0421 3228 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/19 00:48:41.0437 3228 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/19 00:48:41.0453 3228 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/19 00:48:41.0484 3228 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/19 00:48:41.0500 3228 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/19 00:48:41.0515 3228 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/08/19 00:48:41.0515 3228 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/19 00:48:41.0531 3228 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/19 00:48:41.0562 3228 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/19 00:48:41.0578 3228 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/19 00:48:41.0593 3228 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/08/19 00:48:41.0640 3228 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/08/19 00:48:41.0687 3228 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/08/19 00:48:41.0750 3228 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/19 00:48:41.0765 3228 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/19 00:48:41.0796 3228 LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/08/19 00:48:41.0843 3228 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/19 00:48:41.0859 3228 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/19 00:48:41.0875 3228 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/19 00:48:41.0890 3228 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/19 00:48:41.0906 3228 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/19 00:48:41.0906 3228 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/19 00:48:41.0937 3228 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/19 00:48:41.0968 3228 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/19 00:48:41.0984 3228 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/19 00:48:42.0046 3228 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/19 00:48:42.0046 3228 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/19 00:48:42.0062 3228 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/19 00:48:42.0078 3228 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/19 00:48:42.0078 3228 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/19 00:48:42.0093 3228 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/19 00:48:42.0109 3228 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/19 00:48:42.0140 3228 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/19 00:48:42.0171 3228 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/19 00:48:42.0187 3228 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/19 00:48:42.0203 3228 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/19 00:48:42.0218 3228 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/19 00:48:42.0234 3228 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/19 00:48:42.0265 3228 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/19 00:48:42.0312 3228 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/08/19 00:48:42.0312 3228 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/19 00:48:42.0343 3228 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/19 00:48:42.0375 3228 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/19 00:48:42.0390 3228 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/19 00:48:42.0406 3228 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/19 00:48:42.0421 3228 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/19 00:48:42.0453 3228 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/19 00:48:42.0468 3228 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/19 00:48:42.0468 3228 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/19 00:48:42.0484 3228 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/19 00:48:42.0515 3228 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/19 00:48:42.0546 3228 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/19 00:48:42.0640 3228 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/19 00:48:42.0656 3228 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/19 00:48:42.0703 3228 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/19 00:48:42.0750 3228 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/19 00:48:42.0765 3228 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/19 00:48:42.0781 3228 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/19 00:48:42.0781 3228 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/19 00:48:42.0796 3228 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/19 00:48:42.0812 3228 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/19 00:48:42.0828 3228 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/19 00:48:42.0859 3228 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/19 00:48:42.0890 3228 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/19 00:48:42.0906 3228 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/19 00:48:42.0953 3228 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/19 00:48:42.0968 3228 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/19 00:48:43.0000 3228 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/19 00:48:43.0015 3228 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/19 00:48:43.0031 3228 setup_9.0.0.722_11.05.2011_11-43drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\1395808.sys
2011/08/19 00:48:43.0062 3228 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/19 00:48:43.0093 3228 silabenm (8f3f406f7212a929d22751218305a13a) C:\WINDOWS\system32\DRIVERS\silabenm.sys
2011/08/19 00:48:43.0109 3228 silabser (0c6876192fb8a1e26edbf4903b5c052c) C:\WINDOWS\system32\DRIVERS\silabser.sys
2011/08/19 00:48:43.0140 3228 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/19 00:48:43.0171 3228 sptd (6797fa15ddc3beedda91592869c46212) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/19 00:48:43.0171 3228 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6797fa15ddc3beedda91592869c46212
2011/08/19 00:48:43.0171 3228 sptd - detected LockedFile.Multi.Generic (1)
2011/08/19 00:48:43.0187 3228 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/19 00:48:43.0218 3228 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/19 00:48:43.0250 3228 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/19 00:48:43.0250 3228 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/19 00:48:43.0312 3228 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/19 00:48:43.0328 3228 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/19 00:48:43.0359 3228 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/19 00:48:43.0375 3228 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/19 00:48:43.0390 3228 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/19 00:48:43.0437 3228 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/19 00:48:43.0468 3228 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/19 00:48:43.0531 3228 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/19 00:48:43.0546 3228 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/19 00:48:43.0578 3228 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/19 00:48:43.0593 3228 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/19 00:48:43.0625 3228 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/19 00:48:43.0687 3228 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/19 00:48:43.0718 3228 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/19 00:48:43.0734 3228 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/19 00:48:43.0781 3228 VBoxDrv (780f3e9d539249a7858d4d2d7fa75405) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/08/19 00:48:43.0796 3228 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/08/19 00:48:43.0812 3228 VBoxNetFlt (9b571ae5e214b40ca0d6480771e99a0d) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/08/19 00:48:43.0828 3228 VBoxUSBMon (ef5ab4110f0e50711666d6d5c9511698) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/08/19 00:48:43.0843 3228 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/19 00:48:43.0859 3228 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/08/19 00:48:43.0875 3228 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/19 00:48:43.0906 3228 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/08/19 00:48:43.0921 3228 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/19 00:48:43.0968 3228 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/19 00:48:44.0000 3228 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/19 00:48:44.0062 3228 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/19 00:48:44.0078 3228 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/19 00:48:44.0109 3228 ZD1211U(WLAN) (7597e0c770bd8ce1beb552b0a756bdb7) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/08/19 00:48:44.0140 3228 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
2011/08/19 00:48:44.0187 3228 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
2011/08/19 00:48:44.0203 3228 MBR (0x1B8) (2839639fa37b8353e792a2a30a12ced3) \Device\Harddisk0\DR0
2011/08/19 00:48:44.0203 3228 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/08/19 00:48:44.0203 3228 Boot (0x1200) (a239b2d0b42108888cad8e80b7cbc49a) \Device\Harddisk0\DR0\Partition0
2011/08/19 00:48:44.0218 3228 ================================================================================
2011/08/19 00:48:44.0218 3228 Scan finished
2011/08/19 00:48:44.0218 3228 ================================================================================
2011/08/19 00:48:44.0218 1804 Detected object count: 3
2011/08/19 00:48:44.0218 1804 Actual detected object count: 3
2011/08/19 00:49:16.0890 1804 LockedFile.Multi.Generic(dtscsi) - User select action: Skip
2011/08/19 00:49:16.0906 1804 LockedFile.Multi.Generic(sptd) - User select action: Skip
2011/08/19 00:49:16.0921 1804 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/08/19 00:49:16.0921 1804 \Device\Harddisk0\DR0 - ok
2011/08/19 00:49:16.0921 1804 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/19 00:49:28.0796 3504 Deinitialize success
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 4:05 am

Here is the OTL text file

OTL logfile created on: 8/19/2011 12:55:52 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\mike\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 76.96% Memory free
5.09 Gb Paging File | 4.42 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 414.45 Gb Free Space | 59.32% Space Free | Partition Type: NTFS
Drive E: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ---------- | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/19 00:54:57 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\mike\My Documents\Downloads\OTL.exe
PRC - [2011/08/17 11:58:55 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/17 11:58:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/08/17 11:58:49 | 004,603,264 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2011/04/18 17:40:08 | 002,334,560 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2011/04/14 05:36:42 | 001,080,672 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/03/16 16:05:14 | 000,656,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2011/02/08 05:33:20 | 000,658,784 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/04/02 15:34:10 | 000,040,448 | ---- | M] (GE Security Supra) -- C:\dKEYUSBCradle\SyncService.exe
PRC - [2010/04/02 15:34:06 | 000,012,800 | ---- | M] (GE Security Supra) -- C:\dKEYUSBCradle\ProxyDaemon.exe
PRC - [2010/04/02 15:33:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe
PRC - [2010/03/14 15:01:40 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/11/13 04:31:01 | 000,323,392 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\DNA\btdna.exe
PRC - [2009/05/15 01:29:24 | 000,073,728 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCFDRTM.EXE
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/11/13 09:48:44 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint II\SetPointII.exe
PRC - [2008/10/27 12:55:04 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/08/19 00:51:19 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/08/17 11:58:55 | 001,000,920 | ---- | M] () -- C:\Program Files\Mozilla Firefox\js3250.dll
MOD - [2011/08/06 19:44:49 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/08/06 19:44:49 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/08/06 19:44:48 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/04/16 22:16:16 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\e0d56c0582316e9ecb4c18186e37217c\System.ServiceProcess.ni.dll
MOD - [2011/04/16 22:15:18 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d6b4509225efde2a4e3db77205f8a51\System.Configuration.ni.dll
MOD - [2011/04/16 22:10:28 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\b06e49ed8cbe07dbb90e313fa634b27b\System.Xml.ni.dll
MOD - [2011/04/16 22:10:24 | 012,430,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ed2bf0d86229128c194a872f70fe15ee\System.Windows.Forms.ni.dll
MOD - [2011/04/16 22:10:12 | 001,587,200 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d912066086a59f09424c7c69f95e2c55\System.Drawing.ni.dll
MOD - [2011/04/14 20:19:46 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f02cf6430a9fc77908a74ab6925cb73c\System.ni.dll
MOD - [2011/04/14 20:19:36 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\62d5f089dd51f18472a7caf1593d9f6b\mscorlib.ni.dll
MOD - [2011/02/10 07:55:18 | 001,148,256 | ---- | M] () -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
MOD - [2010/04/02 15:33:10 | 000,073,216 | ---- | M] () -- C:\dKEYUSBCradle\stunnel-4.10.exe
MOD - [2010/03/16 10:52:50 | 000,159,744 | ---- | M] () -- C:\WINDOWS\system32\libssl32.dll
MOD - [2005/03/29 01:58:10 | 000,847,872 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Auto | Stopped] -- -- (helpsvc)
SRV - File not found [On_Demand | Running] -- -- (FastUserSwitchingCompatibility)
SRV - [2011/08/17 11:58:50 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/04/18 17:39:42 | 007,398,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2011/02/08 05:33:42 | 000,269,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2010/04/02 15:34:10 | 000,040,448 | ---- | M] (GE Security Supra) [Auto | Running] -- C:\dKEYUSBCradle\SyncService.exe -- (dKeySync)
SRV - [2009/07/26 07:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2005/08/02 14:18:49 | 000,086,016 | ---- | M] (CACE Technologies) [On_Demand | Stopped] -- C:\Program Files\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)


========== Driver Services (SafeList) ==========

DRV - [2011/08/06 12:14:35 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/08/06 12:14:35 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/04/14 21:28:42 | 000,134,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2011/04/05 00:59:56 | 000,297,168 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/03/16 16:03:20 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/03/01 14:25:18 | 000,034,896 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/02/22 08:13:02 | 000,022,992 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/02/10 07:53:54 | 000,027,216 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/02/10 07:53:52 | 000,024,144 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/01/07 06:41:46 | 000,248,656 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/03/15 15:04:44 | 000,069,256 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabser.sys -- (silabser)
DRV - [2010/03/15 15:04:44 | 000,024,584 | ---- | M] (Silicon Laboratories, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\silabenm.sys -- (silabenm)
DRV - [2009/10/22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\13958082.sys -- (13958082)
DRV - [2009/10/09 23:31:10 | 000,315,408 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\1395808.sys -- (setup_9.0.0.722_11.05.2011_11-43drv)
DRV - [2009/09/25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\13958081.sys -- (13958081)
DRV - [2009/09/13 06:18:25 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2009/09/06 03:00:18 | 000,229,208 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VMM.sys -- (vmm)
DRV - [2009/08/05 16:21:14 | 000,041,424 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2009/08/05 16:20:00 | 000,099,472 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2009/08/05 16:20:00 | 000,091,472 | ---- | M] (Sun Microsystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2009/08/05 16:19:56 | 000,115,856 | ---- | M] (Sun Microsystems, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2009/07/22 06:39:23 | 000,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2009/07/22 06:35:32 | 000,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/04/28 20:30:44 | 003,643,904 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/09/26 09:53:00 | 000,079,120 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2008/09/26 09:53:00 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/09/26 09:52:00 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2008/09/26 09:52:00 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2008/09/26 09:52:00 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2008/09/26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008/04/14 00:23:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2007/05/24 03:30:10 | 000,049,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/05/22 02:04:54 | 000,018,088 | ---- | M] () [Kernel | System | Running] -- C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys -- (atitray)
DRV - [2007/01/30 03:57:50 | 004,474,368 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/01/29 06:20:34 | 000,059,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VMNetSrv.sys -- (VPCNetS2)
DRV - [2006/12/14 01:44:06 | 000,085,120 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/11/10 06:08:50 | 000,024,064 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2005/08/02 14:10:13 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/02/04 15:48:46 | 000,247,296 | ---- | M] (ZyDAS Technology Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ZD1211U.sys -- (ZD1211U(WLAN)) IEEE 802.11g USB Wireless LAN Driver(WLAN)
DRV - [2004/06/30 13:54:04 | 000,019,200 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDBRGSYS.sys -- (ZDBRGSYS)
DRV - [2004/01/14 11:30:00 | 000,017,151 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\ZDPNDIS5.sys -- (ZDPNDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 7D DA 02 13 50 77 43 AB 0C AE E7 CF BE 0F B7 [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z007&form=ZGAPHP
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore =
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 7D DA 02 13 50 77 43 AB 0C AE E7 CF BE 0F B7 [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 7D DA 02 13 50 77 43 AB 0C AE E7 CF BE 0F B7 [binary data]

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 7D DA 02 13 50 77 43 AB 0C AE E7 CF BE 0F B7 [binary data]

IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C2 0C 3D 0A 51 5C CC 01 [binary data]
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 50 7D DA 02 13 50 77 43 AB 0C AE E7 CF BE 0F B7 [binary data]
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1390
FF - prefs.js..extensions.enabledItems: {9137752e-97e9-4a33-aae0-d756d2fb1b6a}:1.0
FF - prefs.js..extensions.enabledItems: {63fa5bfd-b341-4af5-9f7e-1925448e1a54}:1.0
FF - prefs.js..extensions.enabledItems: {04610e7d-88db-4154-a296-86a0e33f1300}:1.0
FF - prefs.js..extensions.enabledItems: {85711be1-287f-429c-9e1d-e7820a1389eb}:1.0
FF - prefs.js..extensions.enabledItems: {fe36fb26-9979-4641-8151-658d7973ba07}:1.0
FF - prefs.js..extensions.enabledItems: {51d20aa8-1c3a-4c14-9472-92577cf549ce}:1.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.732: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=1.0.0.0: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.732: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Documents and Settings\mike\Application Data\Move Networks\plugins\npqmp071505000011.dll (Move Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/15 17:07:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/08/02 01:17:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/17 11:59:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/17 11:59:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\moveplayer@movenetworks.com: C:\Documents and Settings\mike\Application Data\Move Networks [2009/11/12 18:21:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/15 17:07:25 | 000,000,000 | ---D | M]

[2009/05/23 01:40:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Application Data\Mozilla\Extensions
[2011/08/19 00:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions
[2011/08/17 12:21:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}
[2010/07/30 16:38:16 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/19 00:52:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}
[2011/08/16 13:14:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}
[2011/08/16 15:54:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}
[2011/08/14 22:58:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}
[2011/08/18 22:50:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}
[2011/08/19 00:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/21 13:18:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/28 13:36:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/12/01 21:02:58 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/12 18:21:48 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\MIKE\APPLICATION DATA\MOVE NETWORKS
[2011/08/02 01:17:17 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES\AVG\AVG10\FIREFOX4
[2010/04/21 13:18:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
[2009/11/06 08:37:19 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2010/09/15 05:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/11/06 08:37:20 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2005/12/12 12:54:46 | 006,740,480 | ---- | M] (VideoLAN Team) -- C:\Program Files\mozilla firefox\plugins\npvlc.dll
[2011/07/01 11:09:13 | 000,001,919 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2011/06/15 13:43:52 | 000,000,916 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 184.95.59.211 www.google.com
O1 - Hosts: 184.95.59.212 search.yahoo.com
O1 - Hosts: 184.95.59.212 www.bing.com
O2 - BHO: (no name) - {02DA7D50-5013-4377-AB0C-AEE7CFBE0FB7} - C:\WINDOWS\system32\ati2evxx32.dll (People Can Fly)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - File not found
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - File not found
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-1085031214-1390067357-299502267-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\S-1-5-21-1085031214-1390067357-299502267-1003..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SetPointII.lnk = C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Logitech Inc.)
O4 - Startup: C:\Documents and Settings\mike\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (PokerStars)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/Me ... b56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/14 23:56:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/16 15:13:07 | 001,246,440 | R--- | M] (BioWare) - E:\autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2009/04/13 20:17:18 | 000,000,058 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell - "" = AutoRun
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009/07/16 15:13:07 | 001,246,440 | R--- | M] (BioWare)
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe root.ini
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/19 00:45:13 | 001,404,720 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mike\Desktop\TDSSKiller.exe
[2011/08/19 00:43:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/19 00:43:15 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/08/19 00:43:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/08/14 22:13:40 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\mike\Desktop\dds.scr
[2011/08/14 20:36:07 | 000,327,680 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\ati2evxx32.dll
[2011/08/06 12:14:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[80 C:\Documents and Settings\mike\My Documents\*.tmp files -> C:\Documents and Settings\mike\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\mike\Desktop\*.tmp files -> C:\Documents and Settings\mike\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mike\*.tmp files -> C:\Documents and Settings\mike\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/19 00:58:17 | 000,084,480 | ---- | M] () -- C:\Documents and Settings\mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/19 00:51:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/19 00:51:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/08/19 00:50:59 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1085031214-1390067357-299502267-1003.job
[2011/08/19 00:50:48 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\xlkn.job
[2011/08/19 00:50:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/19 00:50:46 | 000,167,952 | ---- | M] () -- C:\WINDOWS\System32\ativvaxx.cap
[2011/08/19 00:43:23 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\mike\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/19 00:43:17 | 000,000,611 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\NTREGOPT.lnk
[2011/08/19 00:43:17 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\mike\Desktop\ERUNT.lnk
[2011/08/18 12:04:37 | 128,631,983 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/08/17 18:23:47 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/16 02:15:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1085031214-1390067357-299502267-1003.job
[2011/08/14 22:13:41 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\mike\Desktop\dds.scr
[2011/08/14 20:36:14 | 000,000,099 | ---- | M] () -- C:\WINDOWS\System32\1727545399
[2011/08/14 20:36:07 | 000,705,024 | ---- | M] () -- C:\WINDOWS\System32\ieaksie32.exe
[2011/08/14 20:36:07 | 000,327,680 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\ati2evxx32.dll
[2011/08/14 12:20:39 | 000,138,880 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/08/11 16:33:10 | 001,404,720 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\mike\Desktop\TDSSKiller.exe
[2011/08/09 16:50:26 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/08 11:18:18 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[80 C:\Documents and Settings\mike\My Documents\*.tmp files -> C:\Documents and Settings\mike\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\mike\Desktop\*.tmp files -> C:\Documents and Settings\mike\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mike\*.tmp files -> C:\Documents and Settings\mike\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/19 00:43:23 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\mike\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/08/19 00:43:17 | 000,000,611 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\NTREGOPT.lnk
[2011/08/19 00:43:17 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\mike\Desktop\ERUNT.lnk
[2011/08/14 22:55:39 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/08/14 22:11:22 | 000,705,024 | ---- | C] () -- C:\WINDOWS\System32\ieaksie32.exe
[2011/08/14 20:36:10 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\1727545399
[2011/05/22 15:10:58 | 000,000,185 | --S- | C] () -- C:\WINDOWS\System32\957812415.dat
[2011/05/18 02:16:07 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\5d6sd338618ado12538l6378ct0vow2007
[2011/05/18 02:16:07 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5d6sd338618ado12538l6378ct0vow2007
[2011/05/13 01:52:19 | 000,000,664 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\d3d9caps.dat
[2011/05/12 04:22:32 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\x4j1y16u6560t34
[2011/05/12 04:22:32 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x4j1y16u6560t34
[2011/05/08 23:39:44 | 000,001,498 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5
[2011/05/08 23:39:44 | 000,001,498 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5
[2011/04/08 18:47:56 | 000,001,288 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\p01466yq787g02dkm22q
[2011/04/08 18:47:56 | 000,001,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q
[2011/02/05 02:11:05 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/15 17:04:04 | 000,168,282 | ---- | C] () -- C:\WINDOWS\hphins33.dat
[2010/08/15 17:04:04 | 000,000,512 | ---- | C] () -- C:\WINDOWS\hphmdl33.dat
[2010/03/16 10:52:50 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2010/03/14 15:02:32 | 000,000,024 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/11/29 04:04:38 | 000,000,017 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2009/10/19 00:05:07 | 000,000,036 | -H-- | C] () -- C:\WINDOWS\System32\f9t.dat
[2009/09/13 06:18:25 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys
[2009/08/20 15:11:59 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/08/20 15:11:59 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/08/20 15:11:59 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/08/20 15:11:59 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/08/20 15:11:59 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/08/20 15:11:59 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/08/20 15:11:59 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/08/20 15:11:59 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/08/20 15:11:59 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/08/20 15:11:59 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/08/20 15:11:59 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/08/20 15:11:59 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/08/20 15:11:59 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/08/20 15:11:59 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/08/20 15:11:59 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/08/20 15:11:59 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/07/22 06:39:23 | 000,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2009/07/22 06:35:32 | 000,096,384 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd7981.sys
[2009/07/04 21:57:46 | 000,084,480 | ---- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/28 02:00:03 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/06/07 02:12:31 | 000,000,760 | ---- | C] () -- C:\Documents and Settings\mike\Application Data\setup_ldm.iss
[2009/05/23 01:52:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/05/23 01:51:35 | 000,593,920 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2009/05/23 01:40:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/23 01:16:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2009/05/23 01:16:27 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ZyDelReg.exe
[2009/05/15 02:47:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/05/15 01:27:33 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2009/05/14 23:59:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/05/14 23:54:14 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/05/14 16:49:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/05/14 16:46:37 | 000,135,664 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/28 18:42:28 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/04/28 18:42:28 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/04/01 12:59:00 | 000,188,348 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2009/02/18 10:55:20 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\ATIODE.exe
[2009/02/03 13:52:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ATIODCLI.exe
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/04/14 05:55:28 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/14 05:42:38 | 000,006,672 | ---- | C] () -- C:\WINDOWS\System32\3com_dmiu.dat
[2008/04/14 05:42:38 | 000,005,648 | ---- | C] () -- C:\WINDOWS\System32\12520437z.dat
[2006/12/31 07:57:08 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/12/29 16:04:24 | 000,024,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2005/08/02 14:24:01 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2005/03/29 01:58:20 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2005/03/29 01:58:10 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2001/08/23 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 04:00:00 | 000,434,362 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 04:00:00 | 000,068,232 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/06 12:14:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\!SASCORE
[2009/07/28 00:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
[2010/12/02 04:09:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2011/08/15 01:38:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2009/12/15 23:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BioWare
[2010/12/01 21:20:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/08/20 15:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/27 12:37:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/18 00:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/05 23:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/19 00:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
[2011/06/26 13:02:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\.minecraft
[2010/12/02 04:10:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\acccore
[2010/12/01 21:21:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\AVG10
[2011/03/05 17:54:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\BitTorrent
[2011/08/19 01:01:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\DNA
[2010/09/19 03:30:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\gtk-2.0
[2009/10/19 00:05:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Stamps.com Internet Postage
[2009/12/30 02:46:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Tropico 3
[2009/06/18 01:21:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\mike\Application Data\Wizards of the Coast
[2011/07/01 11:09:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\whitesmoketoolbar
[2011/08/19 00:51:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job
[2011/08/19 00:50:48 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\Tasks\xlkn.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65F321A9

< End of report >
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 4:07 am

and here is the extras text file

OTL Extras logfile created on: 8/19/2011 12:55:52 AM - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Documents and Settings\mike\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 76.96% Memory free
5.09 Gb Paging File | 4.42 Gb Available in Paging File | 86.82% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 698.63 Gb Total Space | 414.45 Gb Free Space | 59.32% Space Free | Partition Type: NTFS
Drive E: | 7.72 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: ---------- | User Name: mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6112:TCP" = 6112:TCP:*:Enabled:WC3TCP
"6112:UDP" = 6112:UDP:*:Enabled:WC3UDP
"6110:TCP" = 6110:TCP:*:Enabled:BittorrentTCP
"6110:UDP" = 6110:UDP:*:Enabled:BitttorrentUDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Warcraft III\war3.exe" = C:\Program Files\Warcraft III\war3.exe:*:Enabled:Warcraft III
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:Enabled:DNA -- (BitTorrent, Inc.)
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Activision\Prototype\prototypef.exe" = C:\Program Files\Activision\Prototype\prototypef.exe:*:Enabled:Prototype(TM) -- (Activision)
"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Java\jre6\bin\javaws.exe" = C:\Program Files\Java\jre6\bin\javaws.exe:*:Enabled:Java(TM) Web Start Launcher -- (Sun Microsystems, Inc.)
"C:\Program Files\Dragon Age\bin_ship\daorigins.exe" = C:\Program Files\Dragon Age\bin_ship\daorigins.exe:*:Enabled:Dragon Age Origins Game -- (BioWare)
"C:\Program Files\Dragon Age\DAOriginsLauncher.exe" = C:\Program Files\Dragon Age\DAOriginsLauncher.exe:*:Enabled:Dragon Age Origins Launcher -- (BioWare)
"C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe" = C:\Program Files\Dragon Age\bin_ship\daupdatersvc.service.exe:*:Enabled:Dragon Age Origins Updater -- (BioWare)
"C:\Program Files\Heroes of Newerth\hon.exe" = C:\Program Files\Heroes of Newerth\hon.exe:*:Enabled:Heroes of Newerth -- (S2 Games)
"C:\Program Files\StarCraft II Beta\StarCraft II.exe" = C:\Program Files\StarCraft II Beta\StarCraft II.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe" = C:\Program Files\StarCraft II Beta\Versions\Base15133\SC2.exe:*:Enabled:StarCraft II -- (Blizzard Entertainment)
"C:\Program Files\Pitney Bowes\PBship\PBSHIP.EXE" = C:\Program Files\Pitney Bowes\PBship\PBSHIP.EXE:*:Enabled:Shipstream Manager -- (Pitney Bowes)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\HP Software Update\hpwucli.exe" = C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe" = C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
"C:\Program Files\StarCraft\StarCraft.exe" = C:\Program Files\StarCraft\StarCraft.exe:*:Enabled:StarCraft - Brood War -- (Blizzard Entertainment)
"C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe" = C:\Program Files\Steam\steamapps\common\left 4 dead\left4dead.exe:*:Enabled:Left 4 Dead -- ()
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- (Flagship Industries, Inc.)
"C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe" = C:\Program Files\Steam\steamapps\common\magicka\Magicka.exe:*:Enabled:Magicka -- (Arrowhead Game Studios AB)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\AVG\AVG10\avgmfapx.exe" = C:\Program Files\AVG\AVG10\avgmfapx.exe:*:Enabled:AVG Installer -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgdiagex.exe" = C:\Program Files\AVG\AVG10\avgdiagex.exe:*:Enabled:AVG Diagnostics 2011 -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgnsx.exe" = C:\Program Files\AVG\AVG10\avgnsx.exe:*:Enabled:Online Shield -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG10\avgemcx.exe" = C:\Program Files\AVG\AVG10\avgemcx.exe:*:Enabled:Personal E-mail Scanner -- (AVG Technologies CZ, s.r.o.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{20EAC554-95F9-4926-8D9A-C4FF3EC44C72}" = AVG 2011
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2FB9EA69-51D4-4913-9AD5-762C034DE811}" = Status
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{343A1706-26A4-45EA-88CF-37CA172B0F27}" = D1600
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMB36X Raid Configurer
"{3FE03663-FEE7-4D25-9E3E-52F97784F2A0}" = G9 Device Package
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{53735ECE-E461-4FD0-B742-23A352436D3A}" = Logitech Updater
"{581CE7EA-A30D-F000-1211-088635773309}" = IEEE 802.11g USB Wireless LAN Adapter
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{5DCF0E4B-F8EA-4229-A0BD-5CA6D4AFB749}" = SolutionCenter
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{695B13B2-7919-4EC5-8601-092F0D2DE069}" = AVG 2011
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{698AC01B-DF0C-4BCE-940C-EB29AD23A560}" = Stamps.com
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74DC0593-6BC6-4001-AD5F-D810AFB68D86}" = HP Update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96178C0A-BAF9-4E49-A2A5-CDE76722105B}" = HP Deskjet D1600 Printer Driver Software 14.0 Rel. 6
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AF7733C1-FB0B-4FED-9730-E0433AF7A2EF}" = Magic Online III
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9B2F671-870B-43A0-8B9D-7DB30CEBD87E}" = DJ_SF_06_D1600_SW_Min
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CD41004C-3C24-45E2-9D66-1ADB3EC678A6}" = Sun xVM VirtualBox
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D20855E8-8F14-44E8-AEDC-BE75434C6EB7}" = DisplayKEY USB Cradle
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.10
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D8AA5EE0-4CB8-49D5-8078-0D6BDF256D15}" = dKeyUSBCradleDriver_x86
"{DAD4DE93-9438-4823-AE5E-93A1BE846FE0}" = Stamps.com Application Support for Microsoft Word 2000, 2002, 2003
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E7D576EC-A0CB-4321-B8A3-558B6D590013}" = Casino Verite Blackjack V5
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1CBC6F7-D82D-4DC5-B81C-9A14F418593A}_is1" = WC3Banlist
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"5D54FF2DFE6B80D5BB80225AD2F6C53861A51CDB" = Windows Driver Package - GE Security (silabenm) Ports (12/10/2008 5.4.0.0)
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM_7" = AIM 7
"ATI Display Driver" = ATI Display Driver
"AVG" = AVG 2011
"ComcastHSI" = Comcast High-Speed Internet Install Wizard
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Diablo II" = Diablo II
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Heroes of Might and Magic® III" = Heroes of Might and Magic® III Complete
"hon" = Heroes of Newerth
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Photo Creations" = HP Photo Creations
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"InstallShield_{9322A850-9091-4D0E-B252-3E82EDA3D94A}" = Prototype(TM)
"Magic Workstation_is1" = Magic Workstation 0.94f
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.20)" = Mozilla Firefox (3.6.20)
"MSNINST" = MSN
"MTG GamePack for Magic Workstation_is1" = MTG GamePack for Magic Workstation
"MTGO Library Bot 2.46" = MTGO Library Bot 2.46
"OCCT_is1" = OCCT Perestroika 3.1.0
"PokerStars" = PokerStars
"rayatitray" = Ray Adams ATI Tray Tools
"RealPlayer 12.0" = RealPlayer
"shipstream" = Shipstream Manager
"Shop for HP Supplies" = Shop for HP Supplies
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SSC Service Utility_is1" = SSC Service Utility v4.30
"Stamps.com" = Stamps.com
"Stamps.com support for Microsoft Word 2000-2007" = Stamps.com support for Microsoft Word 2000-2007
"StarCraft" = StarCraft
"StarCraft II Beta" = StarCraft II Beta
"Steam App 42910" = Magicka
"Steam App 500" = Left 4 Dead
"Tropico3" = Tropico 3 1.00
"tv_enua" = Lernout & Hauspie TruVoice American English TTS Engine
"VLC media player" = VideoLAN VLC media player 0.8.4a
"Warcraft III" = Warcraft III
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"whitesmoketoolbar" = WhiteSmoke Toolbar
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinPcapInst" = WinPcap 3.1
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1085031214-1390067357-299502267-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"EasyBot" = EasyBot
"Move Media Player" = Move Media Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/9/2011 8:14:53 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe,
version 0.8.4.0, fault address 0x00414b99.

Error - 8/9/2011 8:19:14 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application vlc.exe, version 0.8.4.0, faulting module vlc.exe,
version 0.8.4.0, fault address 0x00414b99.

Error - 8/10/2011 4:06:30 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.1.1076, faulting module
unknown, version 0.0.0.0, fault address 0x00030011.

Error - 8/13/2011 4:46:58 AM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application mbam.exe, version 1.51.1.1076, faulting module
unknown, version 0.0.0.0, fault address 0x74617473.

Error - 8/14/2011 10:59:29 PM | Computer Name = ---------- | Source = Application Error | ID = 1000
Description = Faulting application winword.exe, version 10.0.6866.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 8/15/2011 1:22:41 AM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2011 1:25:14 AM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2011 1:26:46 AM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/15/2011 1:30:56 AM | Computer Name = ---------- | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/16/2011 3:21:14 PM | Computer Name = ---------- | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Word.

[ System Events ]
Error - 8/19/2011 1:45:26 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:45:27 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:45:28 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:45:29 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:45:30 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:45:31 AM | Computer Name = ---------- | Source = Cdrom | ID = 262159
Description = The device, \Device\CdRom0, is not ready for access yet.

Error - 8/19/2011 1:46:56 AM | Computer Name = ---------- | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/19/2011 1:46:56 AM | Computer Name = ---------- | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 8/19/2011 3:51:07 AM | Computer Name = ---------- | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 8/19/2011 3:51:07 AM | Computer Name = ---------- | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126


< End of report >
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby Gary R » August 19th, 2011, 12:01 pm

Please go to Control Panel > Add/Remove Programs and Uninstall the following:

BitTorrent
BitTorrent DNA
Java(TM) 6 Update 22


Use of P2P programs is the quickest way there is to pick up an infection. This forum insists on their removal.
Old versions of java can be exploited.

Reboot your computer once those programs have been uninstalled.

Next

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:OTL
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {9137752e-97e9-4a33-aae0-d756d2fb1b6a}:1.0
FF - prefs.js..extensions.enabledItems: {63fa5bfd-b341-4af5-9f7e-1925448e1a54}:1.0
FF - prefs.js..extensions.enabledItems: {04610e7d-88db-4154-a296-86a0e33f1300}:1.0
FF - prefs.js..extensions.enabledItems: {85711be1-287f-429c-9e1d-e7820a1389eb}:1.0
FF - prefs.js..extensions.enabledItems: {fe36fb26-9979-4641-8151-658d7973ba07}:1.0
FF - prefs.js..extensions.enabledItems: {51d20aa8-1c3a-4c14-9472-92577cf549ce}:1.0
FF - HKLM\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA: C:\Program Files\DNA\plugins\npbtdna.dll (BitTorrent, Inc.)
[2011/08/17 12:21:32 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}
[2011/08/19 00:52:49 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}
[2011/08/16 13:14:27 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}
[2011/08/16 15:54:50 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}
[2011/08/14 22:58:14 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}
[2011/08/18 22:50:42 | 000,000,000 | ---D | M] (XUL Cache) -- C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}
[2008/09/03 17:11:24 | 000,054,600 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\mozilla firefox\plugins\npbittorrent.dll
O2 - BHO: (no name) - {02DA7D50-5013-4377-AB0C-AEE7CFBE0FB7} - C:\WINDOWS\system32\ati2evxx32.dll (People Can Fly)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - File not found
O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {e4709dfb-a47d-451c-957d-e78d25263cb8} - File not found
O4 - HKU\S-1-5-21-1085031214-1390067357-299502267-1003..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-18..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-19..\RunOnce: [_nltide_2] File not found
O4 - HKU\S-1-5-20..\RunOnce: [_nltide_2] File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell - "" = AutoRun
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\Shell\AutoRun\command - "" = E:\autorun.exe -- [2009/07/16 15:13:07 | 001,246,440 | R--- | M] (BioWare)
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\Shell\AutoRun\command - "" = D:\Autorun.exe root.ini
[80 C:\Documents and Settings\mike\My Documents\*.tmp files -> C:\Documents and Settings\mike\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\mike\Desktop\*.tmp files -> C:\Documents and Settings\mike\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\mike\*.tmp files -> C:\Documents and Settings\mike\*.tmp -> ]
[2011/08/19 00:50:48 | 000,000,312 | -HS- | M] () -- C:\WINDOWS\tasks\xlkn.job
[2011/08/14 22:11:22 | 000,705,024 | ---- | C] () -- C:\WINDOWS\System32\ieaksie32.exe
[2011/08/14 20:36:10 | 000,000,099 | ---- | C] () -- C:\WINDOWS\System32\1727545399
[2011/05/22 15:10:58 | 000,000,185 | --S- | C] () -- C:\WINDOWS\System32\957812415.dat
[2011/05/18 02:16:07 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\5d6sd338618ado12538l6378ct0vow2007
[2011/05/18 02:16:07 | 000,001,416 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\5d6sd338618ado12538l6378ct0vow2007
[2011/05/12 04:22:32 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\x4j1y16u6560t34
[2011/05/12 04:22:32 | 000,001,136 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\x4j1y16u6560t34
[2011/05/08 23:39:44 | 000,001,498 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5
[2011/05/08 23:39:44 | 000,001,498 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5
[2011/04/08 18:47:56 | 000,001,288 | -HS- | C] () -- C:\Documents and Settings\mike\Local Settings\Application Data\p01466yq787g02dkm22q
[2011/04/08 18:47:56 | 000,001,288 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q
[2009/07/05 23:15:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/10/19 00:05:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B}
[2009/10/19 00:05:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD}
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:65F321A9

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6110:TCP"=-
"6110:UDP"=-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\DNA\btdna.exe"=-
"C:\Program Files\BitTorrent\bittorrent.exe"=-

:Files
C:\Program Files\DNA
C:\Program Files\BitTorrent

:Commands
[emptytemp]
[emptyflash]
[resethosts]

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Next

I see you have Malwarebytes Anti-Malware installed ....

  • Click on the Malwarebytes' Anti-Malware icon to launch the programme.
    • Click the Updates tab.
      • Click Check for Updates and allow the programme to download the latest definitions.
    • Click the Scanner tab.
      • Check Perform Quick Scan.
      • Click Scan and wait for the scan to complete.
      • When the scan is complete, click OK, then Show Results.
      • Check all items except items in the C:\System Volume Information folder and click on Remove Selected.
        • A box will pop-up telling you that files have been quarantined.
        • A log will pop-up.
      • Post the log in your next reply please.

You can also access the log by doing the following
  • Click on the Logs tab.
    • Click on the log at the bottom of those listed to highlight it.
    • Click Open

Next

I want you to run another scan with TDSSKiller, this time do not try to remove anything with it.

  • Double click on TDSSKiller.exe to launch it.
    • If using Vista or Windows7, when prompted by UAC allow the prompt.
  • Click on Start Scan
  • The scan will run.
  • When the scan has finished, if it finds anything please click on the drop down arrow next to Cure and select Skip
  • Now click on Report to open the log file created by TDSSKiller in your root directory C:\
  • Post the contents in your next reply please.
  • DO NOT TRY TO FIX ANYTHING IT MAY FIND

Summary of the logs I need from you in your next post:
  • OTL log
  • MBAM log
  • New TDSSKiller log
  • Let me know how your computer is behaving now.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 2:30 pm

Here is the new OTL log

All processes killed
========== OTL ==========
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {9137752e-97e9-4a33-aae0-d756d2fb1b6a}:1.0 removed from extensions.enabledItems
Prefs.js: {63fa5bfd-b341-4af5-9f7e-1925448e1a54}:1.0 removed from extensions.enabledItems
Prefs.js: {04610e7d-88db-4154-a296-86a0e33f1300}:1.0 removed from extensions.enabledItems
Prefs.js: {85711be1-287f-429c-9e1d-e7820a1389eb}:1.0 removed from extensions.enabledItems
Prefs.js: {fe36fb26-9979-4641-8151-658d7973ba07}:1.0 removed from extensions.enabledItems
Prefs.js: {51d20aa8-1c3a-4c14-9472-92577cf549ce}:1.0 removed from extensions.enabledItems
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bittorrent.com/BitTorrentDNA\ not found.
File C:\Program Files\DNA\plugins\npbtdna.dll not found.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300} folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce} folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54} folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb} folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a} folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\defaults folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome folder moved successfully.
C:\Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07} folder moved successfully.
File C:\Program Files\mozilla firefox\plugins\npbittorrent.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02DA7D50-5013-4377-AB0C-AEE7CFBE0FB7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02DA7D50-5013-4377-AB0C-AEE7CFBE0FB7}\ deleted successfully.
C:\WINDOWS\system32\ati2evxx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e4709dfb-a47d-451c-957d-e78d25263cb8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4709dfb-a47d-451c-957d-e78d25263cb8}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e4709dfb-a47d-451c-957d-e78d25263cb8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e4709dfb-a47d-451c-957d-e78d25263cb8}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-1390067357-299502267-1003\Software\Microsoft\Windows\CurrentVersion\Run\\BitTorrent DNA not found.
File C:\Program Files\DNA\btdna.exe not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.
Invalid CLSID key: _nltide_2
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 not found.
Invalid CLSID key: _nltide_2
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.
Invalid CLSID key: _nltide_2
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\_nltide_2 deleted successfully.
Invalid CLSID key: _nltide_2
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{10bba966-76c5-11de-9ac2-00508dbbd0f2}\ not found.
File move failed. E:\autorun.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639d0883-40e0-11de-bf22-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639d0883-40e0-11de-bf22-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{639d0883-40e0-11de-bf22-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{639d0883-40e0-11de-bf22-806d6172696f}\ not found.
File D:\Autorun.exe root.ini not found.
C:\Documents and Settings\mike\My Documents\~WRL0073.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0208.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0295.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0348.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0428.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0517.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0557.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0571.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0693.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0741.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0777.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0820.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0900.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0939.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL0982.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1101.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1104.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1217.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1224.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1245.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1264.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1269.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1288.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1297.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1304.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1482.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1581.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1586.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1613.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1620.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1676.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1748.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1756.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1779.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1817.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1927.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1947.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1952.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL1985.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2025.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2086.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2213.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2266.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2402.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2434.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2463.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2505.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2558.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2577.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2621.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2624.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2668.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2723.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2773.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2799.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL2827.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3160.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3179.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3203.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3280.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3529.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3634.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3638.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3639.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3678.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3684.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3710.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3728.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3784.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3796.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3801.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3803.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3855.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3860.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3903.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3909.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3947.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL3996.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL4010.tmp deleted successfully.
C:\Documents and Settings\mike\My Documents\~WRL4026.tmp deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\mike\Desktop\cntfrbwdpz.tmp deleted successfully.
C:\Documents and Settings\mike\cntfrbwdpz.tmp deleted successfully.
C:\WINDOWS\tasks\xlkn.job moved successfully.
C:\WINDOWS\system32\ieaksie32.exe moved successfully.
C:\WINDOWS\system32\1727545399 moved successfully.
C:\WINDOWS\system32\957812415.dat moved successfully.
C:\Documents and Settings\mike\Local Settings\Application Data\5d6sd338618ado12538l6378ct0vow2007 moved successfully.
C:\Documents and Settings\All Users\Application Data\5d6sd338618ado12538l6378ct0vow2007 moved successfully.
C:\Documents and Settings\mike\Local Settings\Application Data\x4j1y16u6560t34 moved successfully.
C:\Documents and Settings\All Users\Application Data\x4j1y16u6560t34 moved successfully.
C:\Documents and Settings\mike\Local Settings\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5 moved successfully.
C:\Documents and Settings\All Users\Application Data\03xs3jxsws8q26w85by5758w4d18g21t0two7rg60v7n3w5 moved successfully.
C:\Documents and Settings\mike\Local Settings\Application Data\p01466yq787g02dkm22q moved successfully.
C:\Documents and Settings\All Users\Application Data\p01466yq787g02dkm22q moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}\x86 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{B0AFCE64-DF3F-4824-8985-B21DB0EEE07B} folder moved successfully.
C:\Documents and Settings\All Users\Application Data\{C1D59375-A181-4409-8AA2-9116026536CD} folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:65F321A9 deleted successfully.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6110:TCP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\\6110:UDP deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\DNA\btdna.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BitTorrent\bittorrent.exe deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\DNA not found.
File\Folder C:\Program Files\BitTorrent not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 8881022 bytes
->FireFox cache emptied: 44395641 bytes
->Flash cache emptied: 650 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 124390945 bytes
->Java cache emptied: 7732 bytes
->Flash cache emptied: 175594 bytes

User: mike
->Temp folder emptied: 2562618530 bytes
->Temporary Internet Files folder emptied: 277605827 bytes
->Java cache emptied: 5201533 bytes
->FireFox cache emptied: 203360155 bytes
->Flash cache emptied: 2889376 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 416470965 bytes
->Java cache emptied: 1681 bytes
->Flash cache emptied: 125091 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 695627304 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 94240118 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3419750 bytes

Total Files Cleaned = 4,234.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService
->Flash cache emptied: 0 bytes

User: mike
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.26.5 log created on 08192011_111803

Files\Folders moved on Reboot...
File move failed. E:\autorun.exe scheduled to be moved on reboot.

Registry entries deleted on Reboot...
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 2:43 pm

Here is the mbam log:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7511

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

8/19/2011 11:42:27 AM
mbam-log-2011-08-19 (11-42-27).txt

Scan type: Quick scan
Objects scanned: 170162
Time elapsed: 2 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 2:46 pm

here is the new TDSS log

2011/08/19 11:44:46.0187 3772 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/19 11:44:47.0375 3772 ================================================================================
2011/08/19 11:44:47.0375 3772 SystemInfo:
2011/08/19 11:44:47.0375 3772
2011/08/19 11:44:47.0375 3772 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/19 11:44:47.0375 3772 Product type: Workstation
2011/08/19 11:44:47.0375 3772 ComputerName: ----------
2011/08/19 11:44:47.0375 3772 UserName: mike
2011/08/19 11:44:47.0375 3772 Windows directory: C:\WINDOWS
2011/08/19 11:44:47.0375 3772 System windows directory: C:\WINDOWS
2011/08/19 11:44:47.0375 3772 Processor architecture: Intel x86
2011/08/19 11:44:47.0375 3772 Number of processors: 4
2011/08/19 11:44:47.0375 3772 Page size: 0x1000
2011/08/19 11:44:47.0375 3772 Boot type: Normal boot
2011/08/19 11:44:47.0375 3772 ================================================================================
2011/08/19 11:44:48.0296 3772 Initialize success
2011/08/19 11:44:53.0140 1940 ================================================================================
2011/08/19 11:44:53.0140 1940 Scan started
2011/08/19 11:44:53.0140 1940 Mode: Manual;
2011/08/19 11:44:53.0140 1940 ================================================================================
2011/08/19 11:44:54.0296 1940 13958081 (7dd41b7ac1fbb1dbf20bb1f4e4fbe58c) C:\WINDOWS\system32\DRIVERS\13958081.sys
2011/08/19 11:44:54.0343 1940 13958082 (a305fad3719c5db0c13d1c2bfd08a04d) C:\WINDOWS\system32\DRIVERS\13958082.sys
2011/08/19 11:44:54.0390 1940 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/19 11:44:54.0421 1940 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/19 11:44:54.0453 1940 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/19 11:44:54.0500 1940 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/08/19 11:44:54.0578 1940 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/08/19 11:44:54.0625 1940 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/19 11:44:54.0640 1940 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/19 11:44:54.0734 1940 ati2mtag (8e54c76db5d88bf8b4e82b37e1322671) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/19 11:44:54.0765 1940 ATITool (0e4bb35c5305099ac82053ac992e3e0e) C:\WINDOWS\system32\DRIVERS\ATITool.sys
2011/08/19 11:44:54.0796 1940 atitray (f46afb51f1a1cb8c7ecd85533ca839fe) C:\Program Files\Ray Adams\ATI Tray Tools\atitray.sys
2011/08/19 11:44:54.0812 1940 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/19 11:44:54.0828 1940 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/19 11:44:54.0859 1940 AVGIDSDriver (c403e7f715bb0a851a9dfae16ec4ae42) C:\WINDOWS\system32\DRIVERS\AVGIDSDriver.Sys
2011/08/19 11:44:54.0890 1940 AVGIDSEH (1af676db3f3d4cc709cfab2571cf5fc3) C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys
2011/08/19 11:44:54.0890 1940 AVGIDSFilter (4c51e233c87f9ec7598551de554bc99d) C:\WINDOWS\system32\DRIVERS\AVGIDSFilter.Sys
2011/08/19 11:44:54.0921 1940 AVGIDSShim (c3fc426e54f55c1cc3219e415b88e10c) C:\WINDOWS\system32\DRIVERS\AVGIDSShim.Sys
2011/08/19 11:44:54.0937 1940 Avgldx86 (4e796d3d2c3182b13b3e3b5a2ad4ef0a) C:\WINDOWS\system32\DRIVERS\avgldx86.sys
2011/08/19 11:44:54.0953 1940 Avgmfx86 (5639de66b37d02bd22df4cf3155fba60) C:\WINDOWS\system32\DRIVERS\avgmfx86.sys
2011/08/19 11:44:54.0953 1940 Avgrkx86 (d1baf652eda0ae70896276a1fb32c2d4) C:\WINDOWS\system32\DRIVERS\avgrkx86.sys
2011/08/19 11:44:54.0984 1940 Avgtdix (aaf0ebcad95f2164cffb544e00392498) C:\WINDOWS\system32\DRIVERS\avgtdix.sys
2011/08/19 11:44:55.0000 1940 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/19 11:44:55.0046 1940 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/19 11:44:55.0062 1940 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/19 11:44:55.0078 1940 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/19 11:44:55.0078 1940 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/19 11:44:55.0140 1940 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/19 11:44:55.0187 1940 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/19 11:44:55.0218 1940 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/19 11:44:55.0234 1940 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/19 11:44:55.0265 1940 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/19 11:44:55.0296 1940 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/19 11:44:55.0312 1940 dtscsi (12aca694b50ea53563c1e7c99e7bb27d) C:\WINDOWS\System32\Drivers\dtscsi.sys
2011/08/19 11:44:55.0312 1940 Suspicious file (NoAccess): C:\WINDOWS\System32\Drivers\dtscsi.sys. md5: 12aca694b50ea53563c1e7c99e7bb27d
2011/08/19 11:44:55.0312 1940 dtscsi - detected LockedFile.Multi.Generic (1)
2011/08/19 11:44:55.0328 1940 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/19 11:44:55.0343 1940 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/19 11:44:55.0343 1940 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/19 11:44:55.0375 1940 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/19 11:44:55.0375 1940 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/08/19 11:44:55.0390 1940 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/19 11:44:55.0406 1940 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/19 11:44:55.0421 1940 GEARAspiWDM (f2f431d1573ee632975c524418655b84) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/19 11:44:55.0437 1940 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
2011/08/19 11:44:55.0453 1940 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/19 11:44:55.0468 1940 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/08/19 11:44:55.0500 1940 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/19 11:44:55.0546 1940 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/08/19 11:44:55.0578 1940 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/08/19 11:44:55.0578 1940 HPZius12 (abcb05ccdbf03000354b9553820e39f8) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/08/19 11:44:55.0625 1940 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/19 11:44:55.0656 1940 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/19 11:44:55.0671 1940 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/19 11:44:55.0765 1940 IntcAzAudAddService (b29781b9a90cd55fc5d859c0b1c243bc) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/08/19 11:44:55.0812 1940 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/08/19 11:44:55.0843 1940 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/08/19 11:44:55.0859 1940 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/19 11:44:55.0875 1940 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/19 11:44:55.0890 1940 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/19 11:44:55.0906 1940 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/19 11:44:55.0937 1940 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/19 11:44:55.0937 1940 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/19 11:44:55.0953 1940 JRAID (6e4e3c0b27116b14d1150be7eeceaac6) C:\WINDOWS\system32\DRIVERS\jraid.sys
2011/08/19 11:44:55.0953 1940 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/19 11:44:55.0968 1940 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/08/19 11:44:55.0984 1940 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/19 11:44:56.0000 1940 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/19 11:44:56.0015 1940 L8042Kbd (dc61f15187372d164769c841655e58f3) C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys
2011/08/19 11:44:56.0046 1940 L8042mou (cb6e007d3a67cb80ee9df2afd4b0fc9d) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
2011/08/19 11:44:56.0078 1940 LBeepKE (8f4d784b3f22f468eea99da02b0e39e5) C:\WINDOWS\system32\Drivers\LBeepKE.sys
2011/08/19 11:44:56.0109 1940 LHidFilt (dd83dc92463fce6324fd30a13d17d0da) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
2011/08/19 11:44:56.0125 1940 LMouFilt (8fe0008e183ff0293a925b78a5581c5f) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
2011/08/19 11:44:56.0156 1940 LMouKE (58597a99792461e89bb5c44e17508d70) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
2011/08/19 11:44:56.0187 1940 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/19 11:44:56.0218 1940 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/19 11:44:56.0234 1940 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/19 11:44:56.0265 1940 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/19 11:44:56.0265 1940 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/19 11:44:56.0281 1940 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/19 11:44:56.0296 1940 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/19 11:44:56.0328 1940 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/19 11:44:56.0343 1940 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/19 11:44:56.0375 1940 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/19 11:44:56.0390 1940 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/19 11:44:56.0390 1940 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/19 11:44:56.0406 1940 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/19 11:44:56.0421 1940 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/19 11:44:56.0421 1940 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/19 11:44:56.0437 1940 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/19 11:44:56.0468 1940 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/19 11:44:56.0468 1940 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/19 11:44:56.0500 1940 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/19 11:44:56.0515 1940 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/19 11:44:56.0515 1940 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/19 11:44:56.0546 1940 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/08/19 11:44:56.0578 1940 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
2011/08/19 11:44:56.0593 1940 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/08/19 11:44:56.0609 1940 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/19 11:44:56.0625 1940 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/19 11:44:56.0671 1940 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/19 11:44:56.0687 1940 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/19 11:44:56.0703 1940 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/19 11:44:56.0703 1940 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/08/19 11:44:56.0750 1940 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/08/19 11:44:56.0750 1940 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/19 11:44:56.0765 1940 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/19 11:44:56.0781 1940 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/19 11:44:56.0812 1940 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/08/19 11:44:56.0812 1940 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/19 11:44:56.0890 1940 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/19 11:44:56.0906 1940 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/19 11:44:56.0921 1940 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/19 11:44:56.0968 1940 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/19 11:44:56.0984 1940 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/19 11:44:56.0984 1940 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/19 11:44:57.0000 1940 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/19 11:44:57.0015 1940 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/19 11:44:57.0015 1940 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/19 11:44:57.0046 1940 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/08/19 11:44:57.0078 1940 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/19 11:44:57.0109 1940 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/19 11:44:57.0125 1940 RTL8023xp (1e11171c0b9989e1bdaa59e96b2e81c4) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/08/19 11:44:57.0187 1940 SASDIFSV (39763504067962108505bff25f024345) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/08/19 11:44:57.0187 1940 SASKUTIL (77b9fc20084b48408ad3e87570eb4a85) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/08/19 11:44:57.0218 1940 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/19 11:44:57.0234 1940 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/08/19 11:44:57.0265 1940 setup_9.0.0.722_11.05.2011_11-43drv (66ef49622baa18e4d4f1fe4bae1d51b8) C:\WINDOWS\system32\DRIVERS\1395808.sys
2011/08/19 11:44:57.0281 1940 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/19 11:44:57.0312 1940 silabenm (8f3f406f7212a929d22751218305a13a) C:\WINDOWS\system32\DRIVERS\silabenm.sys
2011/08/19 11:44:57.0312 1940 silabser (0c6876192fb8a1e26edbf4903b5c052c) C:\WINDOWS\system32\DRIVERS\silabser.sys
2011/08/19 11:44:57.0359 1940 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/19 11:44:57.0406 1940 sptd (6797fa15ddc3beedda91592869c46212) C:\WINDOWS\system32\Drivers\sptd.sys
2011/08/19 11:44:57.0406 1940 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: 6797fa15ddc3beedda91592869c46212
2011/08/19 11:44:57.0406 1940 sptd - detected LockedFile.Multi.Generic (1)
2011/08/19 11:44:57.0421 1940 Sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/19 11:44:57.0453 1940 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/19 11:44:57.0468 1940 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/19 11:44:57.0468 1940 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/19 11:44:57.0531 1940 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/19 11:44:57.0546 1940 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/19 11:44:57.0562 1940 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/19 11:44:57.0593 1940 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/19 11:44:57.0593 1940 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/19 11:44:57.0640 1940 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/19 11:44:57.0671 1940 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/19 11:44:57.0718 1940 USBAAPL (60a68a5ea173a97971ee9f1ff49eb2b3) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/19 11:44:57.0750 1940 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/08/19 11:44:57.0765 1940 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/08/19 11:44:57.0765 1940 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/19 11:44:57.0796 1940 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/19 11:44:57.0828 1940 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/19 11:44:57.0843 1940 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/19 11:44:57.0875 1940 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/19 11:44:57.0906 1940 VBoxDrv (780f3e9d539249a7858d4d2d7fa75405) C:\WINDOWS\system32\DRIVERS\VBoxDrv.sys
2011/08/19 11:44:57.0921 1940 VBoxNetAdp (4ef76d8d7505f20dbf54886c01a7a730) C:\WINDOWS\system32\DRIVERS\VBoxNetAdp.sys
2011/08/19 11:44:57.0937 1940 VBoxNetFlt (9b571ae5e214b40ca0d6480771e99a0d) C:\WINDOWS\system32\DRIVERS\VBoxNetFlt.sys
2011/08/19 11:44:57.0953 1940 VBoxUSBMon (ef5ab4110f0e50711666d6d5c9511698) C:\WINDOWS\system32\DRIVERS\VBoxUSBMon.sys
2011/08/19 11:44:57.0968 1940 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/19 11:44:57.0984 1940 vmm (e41fef9e3056fe88c71e411f705be41e) C:\WINDOWS\system32\Drivers\vmm.sys
2011/08/19 11:44:58.0000 1940 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/19 11:44:58.0015 1940 VPCNetS2 (f96a678debdccb0b4bb7f38cb2580589) C:\WINDOWS\system32\DRIVERS\VMNetSrv.sys
2011/08/19 11:44:58.0031 1940 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/19 11:44:58.0062 1940 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/08/19 11:44:58.0078 1940 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/19 11:44:58.0125 1940 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/19 11:44:58.0140 1940 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/19 11:44:58.0171 1940 ZD1211U(WLAN) (7597e0c770bd8ce1beb552b0a756bdb7) C:\WINDOWS\system32\DRIVERS\zd1211u.sys
2011/08/19 11:44:58.0218 1940 ZDBRGSYS (f506a40dc8890f61cc6660efbecc0810) C:\WINDOWS\system32\ZDBRGSYS.SYS
2011/08/19 11:44:58.0265 1940 ZDPNDIS5 (29c917279d79848b3dd94909fc00e2a8) C:\WINDOWS\system32\ZDPNDIS5.SYS
2011/08/19 11:44:58.0296 1940 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/08/19 11:44:58.0390 1940 Boot (0x1200) (a239b2d0b42108888cad8e80b7cbc49a) \Device\Harddisk0\DR0\Partition0
2011/08/19 11:44:58.0390 1940 ================================================================================
2011/08/19 11:44:58.0390 1940 Scan finished
2011/08/19 11:44:58.0390 1940 ================================================================================
2011/08/19 11:44:58.0406 4008 Detected object count: 2
2011/08/19 11:44:58.0406 4008 Actual detected object count: 2
2011/08/19 11:45:09.0500 4008 LockedFile.Multi.Generic(dtscsi) - User select action: Skip
2011/08/19 11:45:09.0500 4008 LockedFile.Multi.Generic(sptd) - User select action: Skip
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby Gary R » August 19th, 2011, 5:33 pm

Looking better ....

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on: Image
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log in your next reply please.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)

How is your computer running now ?
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 19th, 2011, 9:44 pm

Its running a lot better now. Thank you so much for your help. Here is the results of the ESET scan.

ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-20 01:16:08
# local_time=2011-08-19 06:16:08 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 96 0 56129862 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=155386
# found=27
# cleaned=0
# scan_time=9498
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe probably a variant of Win32/Agent.FSSZEC trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_WINDOWS\system32\ati2evxx32.dll a variant of Win32/Kryptik.RSL trojan (unable to clean) 00000000000000000000000000000000 I
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby Gary R » August 20th, 2011, 1:27 am

Still a few orphans to remove ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}
C:\Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso
C:\Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.


Please run another E-set scan when OTL has moved those files, and post me the log. I need to see if they are being re-generated
User avatar
Gary R
Administrator
Administrator
 
Posts: 21866
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 20th, 2011, 1:51 am

Here is the OTL log. I will have the E-set scan up in an hour or two, it takes a while scanning. Also are you able to tell if I had a keylogger on here? Should I be worried about identity theft? Thanks again for all your help Gary.

========== FILES ==========
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07} folder moved successfully.
C:\Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso moved successfully.
C:\Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe moved successfully.

OTL by OldTimer - Version 3.2.26.5 log created on 08192011_224845
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am

Re: Help removing redirect virus + maybe more

Unread postby MikeLin007 » August 20th, 2011, 7:29 pm

Sorry for the delay on the E-set log, here it is.

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=c12a70e189e4e14e9db6e20185663aca
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-20 11:10:10
# local_time=2011-08-20 04:10:10 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777189 100 96 0 56206186 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=155541
# found=27
# cleaned=0
# scan_time=12016
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_Documents and Settings\mike\Application Data\Mozilla\Firefox\Profiles\uw4aeput.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_111803\C_WINDOWS\system32\ati2evxx32.dll a variant of Win32/Kryptik.RSL trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{04610e7d-88db-4154-a296-86a0e33f1300}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{51d20aa8-1c3a-4c14-9472-92577cf549ce}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{63fa5bfd-b341-4af5-9f7e-1925448e1a54}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{85711be1-287f-429c-9e1d-e7820a1389eb}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{9137752e-97e9-4a33-aae0-d756d2fb1b6a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\pj3ny8b4.default\extensions\{fe36fb26-9979-4641-8151-658d7973ba07}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Documents and Settings\mike\My Documents\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro\The Sims 3 - Razor1911 MAXSPEED www.torentz.3xforum.ro.iso probably a variant of Win32/Hupigon.CJKIBCX trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08192011_224845\C_Program Files\MTGOLibrary\MTGO Library Bot\ScreenshotMaker.exe probably a variant of Win32/Agent.FSSZEC trojan (unable to clean) 00000000000000000000000000000000 I
MikeLin007
Regular Member
 
Posts: 29
Joined: August 15th, 2011, 1:16 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 45 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware