Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

internet homepage being redirected

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

internet homepage being redirected

Unread postby hanberuk » June 23rd, 2012, 6:59 am

hello, i have diagnosed couple of trojans - i have been told by malware bytes they are here:

1. UDS:DangerousObject.Multi.Generic
lgrxyx.exe
c:\Documents and Settings\Hannah\Local Settings\Application Data
2. UDS:DangerousObject.Multi.Generic
kthqm.exe
c:\Documents and Settings\Hannah\Start Menu\Programs\Startup

and another programme found:
HKCU\SOFTWARE\microsoft\windows\CurrentVersion\Run|msghqog
c:\Documents and Settings\Hannah\My Documents\Downloads\IMG_11162473515562104-IMG-facebook.com[1]exe
c:\Documents and Settings\Hannah\My Documents\Downloads\IMG_11162473515562104-IMG-facebook.com[2]exe

but i can't get any anti-virus programmes to delete them. your help would be much appreciated.
when i log in, instead of going to google.co.uk, firefox now goes or tries to default (if blocked) to domredi.com. i only use mozilla firefox, and it now takes several minutes to open. everything else is running increasingly slow as well. i think it was because i tried to open and download a scam jpeg on someone's facebook page.

i had panda cloud as the antivirus prpgramme at the time, the others i have added subsequently in my attempts to identitfy the problem. panda still hasn't detected a thing.
many thanks,
hannah

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Hannah at 10:48:44 on 2012-06-23
.
============== Running Processes ===============
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJU.EXE
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Hannah\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&affID=17160
uURLSearchHooks: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Panda Security Toolbar: {b821bf60-5c2d-41eb-92dc-3e4ccd3a22e4} - c:\program files\panda security\panda security toolbar\PandaSecurityDx.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Livestation] c:\program files\livestation\Livestation.exe -startup
uRun: [EPSON BX610FW Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifju.exe /fu "c:\windows\temp\E_S108.tmp" /EF "HKCU"
uRun: [Spotify Web Helper] "c:\program files\spotify\data\SpotifyWebHelper.exe"
uRun: [KSS] "c:\program files\kaspersky lab\kaspersky security scan 2.0\kss.exe" /autorun
mRun: [DrvLsnr] c:\program files\analog devices\soundmax\DrvLsnr.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PSUNMain] "c:\program files\panda security\panda cloud antivirus\PSUNMain.exe" /Traybar
mRun: [Panda Security URL Filtering] "c:\documents and settings\all users\application data\panda security url filtering\Panda_URL_Filtering.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: Interfaces\{E307E7BA-E71D-4536-9F9C-FEBB59B1A566} : NameServer = 172.17.17.254,212.23.3.100
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hannah\application data\mozilla\firefox\profiles\hlocyyui.default\
FF - prefs.js: browser.startup.homepage - hxxp://domredi.com/1/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?babsrc=SP_ss ... D=17160&q=
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R? Ahridioa;Ahridioa
R? esgiguard;esgiguard
R? gupdate;Google Update Service (gupdate)
R? LMIRfsClientNP;LMIRfsClientNP
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MozillaMaintenance;Mozilla Maintenance Service
R? SkypeUpdate;Skype Updater
R? SymSnapService;SymSnapService
R? vsdatant;vsdatant
S? KSS;Kaspersky Security Scan Service
S? LMIInfo;LogMeIn Kernel Information Provider
S? LMIRfsDriver;LogMeIn Remote File System Driver
S? MBAMProtector;MBAMProtector
S? MBAMService;MBAMService
S? NanoServiceMain;Panda Cloud Antivirus Service
S? PSINAflt;PSINAflt
S? PSINFile;PSINFile
S? PSINKNC;PSINKNC
S? PSINProc;PSINProc
S? PSINProt;PSINProt
S? RapportCerberus_34302;RapportCerberus_34302
S? RapportEI;RapportEI
S? RapportIaso;RapportIaso
S? RapportKELL;RapportKELL
S? RapportMgmtService;Rapport Management Service
S? RapportPG;RapportPG
S? SASKUTIL;SASKUTIL
S? Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider
.
=============== Created Last 30 ================
.
2012-06-22 22:51:51 -------- d-----w- c:\documents and settings\hannah\application data\SUPERAntiSpyware.com
2012-06-22 22:51:03 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2012-06-22 22:42:35 -------- d-----w- C:\Autoruns
2012-06-22 19:39:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-06-21 10:58:35 -------- d-----w- c:\program files\Kaspersky Lab
2012-06-21 10:58:34 -------- d-----w- c:\documents and settings\all users\application data\Kaspersky Lab
2012-06-21 00:10:15 -------- d-----w- c:\documents and settings\hannah\application data\Malwarebytes
2012-06-21 00:09:59 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-06-21 00:09:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-21 00:09:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-20 23:39:45 -------- d-----w- c:\program files\Enigma Software Group
2012-06-20 23:39:11 -------- d-----w- c:\windows\9E897D0FF80441A3966C7BB6EB5B6BE8.TMP
2012-06-20 23:39:04 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-06-10 10:55:55 -------- d-----w- c:\program files\Dropbox
2012-06-08 20:42:28 65720 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2012-05-31 14:45:58 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-31 14:45:40 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-05-31 14:45:40 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
.
==================== Find3M ====================
.
2012-06-14 16:02:45 60 -c--a-w- c:\windows\wpd99.drv
2001-05-24 12:59:30 162304 -c--a-w- c:\program files\UNWISE.EXE
.
============= FINISH: 10:54:45.76 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/09/2006 19:16:12
System Uptime: 23/06/2012 10:20:51 (0 hours ago)
.
Motherboard: Hewlett-Packard | | HP System Board
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | FC-478 | 1992/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 49 GiB total, 10.72 GiB free.
D: is FIXED (NTFS) - 26 GiB total, 8.698 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1326: 04/04/2012 16:54:11 - System Checkpoint
RP1327: 05/04/2012 20:26:28 - System Checkpoint
RP1328: 07/04/2012 14:14:17 - System Checkpoint
RP1329: 09/04/2012 00:04:12 - System Checkpoint
RP1330: 10/04/2012 14:27:29 - System Checkpoint
RP1331: 14/04/2012 20:10:26 - System Checkpoint
RP1332: 16/04/2012 09:30:53 - System Checkpoint
RP1333: 22/04/2012 22:28:58 - Installed Rapport
RP1334: 25/04/2012 09:58:07 - System Checkpoint
RP1335: 26/04/2012 09:58:43 - System Checkpoint
RP1336: 29/04/2012 12:45:23 - System Checkpoint
RP1337: 21/05/2012 22:25:16 - System Checkpoint
RP1338: 24/05/2012 20:16:40 - System Checkpoint
RP1339: 26/05/2012 17:13:38 - System Checkpoint
RP1340: 27/05/2012 18:00:29 - System Checkpoint
RP1341: 29/05/2012 14:48:22 - System Checkpoint
RP1342: 31/05/2012 09:09:49 - Installed Rapport
RP1343: 01/06/2012 10:47:37 - System Checkpoint
RP1344: 02/06/2012 16:43:01 - System Checkpoint
RP1345: 03/06/2012 17:36:16 - System Checkpoint
RP1346: 04/06/2012 18:32:54 - System Checkpoint
RP1347: 05/06/2012 21:37:59 - System Checkpoint
RP1348: 07/06/2012 14:17:50 - System Checkpoint
RP1349: 08/06/2012 14:26:43 - System Checkpoint
RP1350: 09/06/2012 18:16:13 - System Checkpoint
RP1351: 10/06/2012 18:43:22 - System Checkpoint
RP1352: 11/06/2012 20:03:36 - System Checkpoint
RP1353: 12/06/2012 20:38:59 - System Checkpoint
RP1354: 13/06/2012 21:36:23 - System Checkpoint
RP1355: 17/06/2012 18:28:40 - System Checkpoint
RP1356: 18/06/2012 10:28:43 - Installed Rapport
RP1357: 19/06/2012 10:54:18 - System Checkpoint
RP1358: 20/06/2012 17:25:18 - System Checkpoint
RP1359: 21/06/2012 00:39:43 - Installed SpyHunter
RP1360: 21/06/2012 11:58:33 - Installed Kaspersky Security Scan.
RP1361: 22/06/2012 12:20:54 - System Checkpoint
RP1362: 23/06/2012 08:58:11 - Removed SpyHunter
.
==== Installed Programs ======================
.
.
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe InDesign 2.0.1
Adobe Photoshop CS
Adobe Reader X (10.0.1)
Adobe SVG Viewer 3.0
AIDA32 v3.93
Apple Application Support
Apple Software Update
CloneCD
Critical Update for Windows Media Player 11 (KB959772)
Dropbox
DVD Shrink 3.2
EPSON BX610FW Series Printer Uninstall
EPSON Scan
Epson Stylus Office BX610FW_Office TX610FW_SX610FW Manual
EpsonNet Print
EpsonNet Setup
Express Scribe
FinePixViewer Resource
FinePixViewer Ver.5.1
FoxTab PDF Converter
FreeMind
FUJIFILM USB Driver
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel(R) Extreme Graphics Driver
Intel(R) PRO Ethernet Adapter and Software
IRISPen Express 6
J2SE Runtime Environment 5.0 Update 6
Java Auto Updater
Java(TM) 6 Update 22
Kaspersky Security Scan
LiveUpdate 2.7 (Symantec Corporation)
LogMeIn
Macromedia Shockwave Player
Malwarebytes Anti-Malware version 1.61.0.1400
McAfee Security Scan Plus
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office XP Professional with FrontPage
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 12.0 (x86 en-GB)
Mozilla Maintenance Service
MSXML 6 Service Pack 2 (KB973686)
Nero Suite
Norton Ghost
OpenAL
OpenOffice.org 3.3
Panda Cloud Antivirus
Panda Security Toolbar
Panda Security URL Filtering
Pdf995
PhotoBox 3.2.5
PowerDVD
QuickTime
Rapport
RAW FILE CONVERTER LE
RealPlayer
Recuva
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skype Click to Call
Skype™ 5.9
SoundMAX
Spotify
Toolbar Cleaner 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player Firefox Plugin
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
XviD MPEG-4 Video Codec
.
==== Event Viewer Messages From Past Week ========
.
23/06/2012 10:51:46, error: PlugPlayManager [11] - The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without first being prepared for removal.
23/06/2012 10:49:02, error: PlugPlayManager [11] - The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without first being prepared for removal.
23/06/2012 09:44:50, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MDM with arguments "" in order to run the server: {0C0A3666-30C9-11D0-8F20-00805F2CD064}
23/06/2012 09:44:06, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
23/06/2012 09:43:54, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
23/06/2012 09:43:51, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD eeCtrl Fips intelppm IPSec MRxSmb NetBIOS NetBT PSINKNC RapportKELL RasAcd Rdbss SASDIFSV SASKUTIL Tcpip
23/06/2012 09:43:51, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
23/06/2012 09:43:51, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/06/2012 09:43:51, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
23/06/2012 09:43:51, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
23/06/2012 09:43:49, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
23/06/2012 00:20:29, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000243' while processing the file 'kthqm.exe' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
22/06/2012 20:16:43, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl PCIIde
18/06/2012 20:38:55, error: Service Control Manager [7022] - The Rapport Management Service service hung on starting.
17/06/2012 17:19:21, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: eeCtrl
.
==== End Of File ===========================
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am
Advertisement
Register to Remove

Re: internet homepage being redirected

Unread postby melboy » June 25th, 2012, 12:38 pm

Hi and welcome to the MR forums. :)

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  1. I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  2. The fixes are specific to your problem and should only be used for this issue on this machine.
  3. If you don't know or understand something, please don't hesitate to ask.
  4. Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  5. Please DO NOT run any other tools or scans whilst I am helping you.
  6. It is important that you reply to this thread. Do not start a new topic.
  7. DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  8. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  9. Absence of symptoms does not mean that everything is clear.


NOTE: Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.


IMPORTANT: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.



No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.



==========================================================



Uninstall Programs

  • click on start
  • Click on control panel
  • Double click the icon add/remove programs
  • click on the first program in the list and click Remove
  • Continue through the list below (one at a time) until all programs have been removed.
  • If something isn't found, please continue with the next entry in the list.
Kaspersky Security Scan
McAfee Security Scan Plus



OTL

Download OTL by Old Timer and save it to your Desktop.

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.



aswMBR

Download aswMBR and save it to your Desktop.

  • Double click aswMBR.exe to run it.
  • Click No to the prompt to download Avast! virus definitions.
  • Click the Scan button.
  • After a short while when the scan reports "Scan finished successfully", click Save log & save the log to your desktop.
  • Click OK
  • Two files will be created, aswMBR.txt & a file named MBR.dat
  • Save MBR.dat to to a form of removable media. (CD, DVD, USB flash drive etc) - This is a backup of your MBR. Do not delete this file.
  • NOTE: Do not click to fix anything at this stage!
  • Click EXIT.
  • Copy & Paste the contents of aswMBR.txt into your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: internet homepage being redirected

Unread postby hanberuk » June 25th, 2012, 8:08 pm

thanks a lot, i will try it tomorrow
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby melboy » June 26th, 2012, 2:08 pm

Ok. Please reply as soon as possible - Thanks.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: internet homepage being redirected

Unread postby hanberuk » June 26th, 2012, 5:13 pm

hi melboy, the 3 files are pasted in the order you requested. very clear instructions.
thanks,
hannah

OTL logfile created on: 26/06/2012 21:39:28 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.48 Mb Total Physical Memory | 245.44 Mb Available Physical Memory | 32.32% Memory free
1.44 Gb Paging File | 0.85 Gb Available in Paging File | 59.22% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 10.77 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
Drive D: | 25.73 Gb Total Space | 8.70 Gb Free Space | 33.80% Space Free | Partition Type: NTFS

Computer Name: HANNAHPC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 21:38:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
PRC - [2012/06/23 21:50:38 | 000,145,412 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\lgrxyx.exe
PRC - [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/06/01 22:10:33 | 000,932,528 | ---- | M] () -- C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/31 15:45:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:59:46 | 000,460,096 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/01/26 07:00:00 | 000,199,680 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIFJU.EXE
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/01 22:10:33 | 000,932,528 | ---- | M] () -- C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/31 15:45:38 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/28 22:29:41 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/02/24 00:41:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/12/02 21:05:25 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007/03/15 02:00:58 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2007/02/14 13:55:11 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 13:55:10 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/31 15:45:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2007/12/20 18:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/11/15 19:46:14 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2007/08/03 16:09:34 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/18 10:32:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/05/28 22:29:41 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/05 14:10:09 | 000,144,008 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/11/30 19:37:24 | 000,112,648 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/11/23 10:59:40 | 000,130,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2010/06/23 09:39:55 | 000,030,280 | ---- | M] (Panda Security) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\PsBoot.sys -- (PsBoot)
DRV - [2008/01/19 21:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 20:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 20:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/12/20 18:13:54 | 000,136,416 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2007/11/15 19:46:40 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/08/03 16:09:34 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/08/03 16:09:34 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2005/05/03 16:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&affID=17160
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&affID=17160
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&o ... 1V4IPYX&q={searchTerms}
IE - HKCU\..\SearchScopes\{87278A5A-6A85-4859-9675-1CBBFB27F297}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://domredi.com/1/"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 00:36:43 | 000,000,000 | ---D | M]

[2008/09/03 23:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Extensions
[2012/05/24 20:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions
[2012/03/24 08:10:55 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/05/24 20:25:16 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions\zotero@chnm.gmu.edu
[2012/03/31 19:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/23 23:06:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/31 15:45:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 00:36:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/31 15:45:35 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2011/04/09 19:28:19 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/31 19:15:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/31 15:45:35 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/31 15:45:35 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml
[2012/05/31 15:45:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/31 15:45:35 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [EPSON BX610FW Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe ()
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E307E7BA-E71D-4536-9F9C-FEBB59B1A566}: NameServer = 172.17.17.254,212.23.3.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/28 09:33:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/22 23:42:36 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{2543d53e-055e-11dd-bcf6-000423314116}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 21:40:55 | 000,030,280 | ---- | C] (Panda Security) -- C:\WINDOWS\System32\drivers\PsBoot.sys
[2012/06/26 21:38:08 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2012/06/26 21:36:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hannah\Desktop\aswMBR.exe
[2012/06/23 10:48:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hannah\My Documents\My Videos
[2012/06/23 00:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/06/22 23:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/06/22 23:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\SUPERAntiSpyware.com
[2012/06/22 23:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/22 23:42:35 | 000,000,000 | ---D | C] -- C:\Autoruns
[2012/06/21 01:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\Malwarebytes
[2012/06/21 01:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 01:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/21 01:09:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/21 01:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/21 00:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Start Menu\Programs\SpyHunter
[2012/06/21 00:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/21 00:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/19 17:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/06/19 17:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/10 11:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/05/31 15:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/31 15:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Hannah\Desktop\*.tmp files -> C:\Documents and Settings\Hannah\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/26 21:38:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2012/06/26 21:37:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hannah\Desktop\aswMBR.exe
[2012/06/26 21:03:11 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 15:03:10 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/26 14:43:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/26 13:37:33 | 000,214,188 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\hannah statement.pdf
[2012/06/26 13:37:27 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/06/25 19:22:26 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Microsoft Word.lnk
[2012/06/24 12:23:07 | 000,145,412 | R-S- | M] () -- C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe
[2012/06/24 12:09:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/23 21:50:38 | 000,145,412 | ---- | M] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\lgrxyx.exe
[2012/06/21 12:05:33 | 000,415,365 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\babycatswing.jpg
[2012/06/21 01:10:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 23:35:40 | 000,171,628 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\3907-delandas_ontology_assemblage_and.pdf
[2012/06/20 23:35:24 | 000,282,487 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\Delanda-Protevi.pdf
[2012/06/20 21:08:32 | 001,500,584 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\newman book.pdf
[2012/06/20 16:29:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/20 15:58:09 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\doc16x16.gif
[2012/06/14 17:02:55 | 002,221,684 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Empowerment1.pdf
[2012/06/10 11:56:08 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/10 11:55:41 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Dropbox.lnk
[2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/06/07 10:53:18 | 000,068,555 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\551257_10150947345789634_729845943_n.jpg
[2012/06/07 01:11:38 | 000,213,898 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Hemisphere1_WEB.jpg
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Hannah\Desktop\*.tmp files -> C:\Documents and Settings\Hannah\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 13:37:25 | 000,214,188 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\hannah statement.pdf
[2012/06/24 12:23:07 | 000,145,412 | R-S- | C] () -- C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe
[2012/06/23 21:50:38 | 000,145,412 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\lgrxyx.exe
[2012/06/22 23:52:37 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 23:52:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 12:05:30 | 000,415,365 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\babycatswing.jpg
[2012/06/21 01:10:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 23:35:40 | 000,171,628 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\3907-delandas_ontology_assemblage_and.pdf
[2012/06/20 23:35:24 | 000,282,487 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\Delanda-Protevi.pdf
[2012/06/20 21:08:32 | 001,500,584 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\newman book.pdf
[2012/06/20 15:58:04 | 000,000,366 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\doc16x16.gif
[2012/06/19 17:55:52 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/14 17:02:43 | 002,221,684 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\Empowerment1.pdf
[2012/06/07 10:53:09 | 000,068,555 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\551257_10150947345789634_729845943_n.jpg
[2012/06/07 01:11:38 | 000,213,898 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\Hemisphere1_WEB.jpg
[2012/03/24 08:08:59 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/04/26 02:07:27 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/26 02:07:27 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/04/26 02:07:27 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/26 02:07:27 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/04/26 02:07:27 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/04/26 02:07:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/26 02:07:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/26 02:07:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/26 02:07:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/26 02:07:26 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/26 02:07:26 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/26 02:07:26 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/26 02:07:26 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/26 02:07:26 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/26 02:07:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/26 02:07:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/26 02:07:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/26 02:07:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/26 02:07:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/09 19:28:29 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/15 13:54:46 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/14 23:20:45 | 000,855,641 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\PandaIDProtectHelp.chm
[2011/01/19 10:30:54 | 125,367,591 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/01/03 22:54:48 | 000,000,666 | ---- | C] () -- C:\Program Files\Spotify.lnk
[2009/12/07 17:42:49 | 000,310,777 | ---- | C] () -- C:\Program Files\for mark.htm
[2007/06/11 19:52:53 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 02:07:17 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2006/09/10 22:35:30 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008/02/05 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/07/19 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/04/26 02:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/07/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/10/06 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/14 22:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/06/23 08:43:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2012/06/26 13:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/01 00:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2012/02/28 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/04/26 02:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/02/25 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\.oit
[2012/06/26 21:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Dropbox
[2011/06/12 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Epson
[2006/09/13 11:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\FUJIFILM
[2010/09/04 00:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IRISPen
[2010/09/04 00:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IrisPen6
[2006/09/10 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IsolatedStorage
[2009/01/15 14:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Livestation
[2010/10/06 15:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\NCH Swift Sound
[2012/02/24 01:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\OpenOffice.org
[2011/03/14 23:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Panda Security
[2012/06/06 01:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\pandasecuritytb
[2007/03/09 11:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\pdf995
[2006/11/01 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Quark
[2012/06/01 22:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Spotify
[2011/03/14 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\SurfSecret Privacy Suite
[2007/02/19 20:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Thunderbird
[2012/04/18 19:06:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job

========== Purity Check ==========


< End of report >

OTL Extras logfile created on: 26/06/2012 21:39:28 - Run 1
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.48 Mb Total Physical Memory | 245.44 Mb Available Physical Memory | 32.32% Memory free
1.44 Gb Paging File | 0.85 Gb Available in Paging File | 59.22% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 10.77 Gb Free Space | 22.06% Space Free | Partition Type: NTFS
Drive D: | 25.73 Gb Total Space | 8.70 Gb Free Space | 33.80% Space Free | Partition Type: NTFS

Computer Name: HANNAHPC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- C:\WINDOWS\rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [FinePix] -- "C:\Program Files\FinePixViewer\FinePixViewer.exe" "%1" (FUJI PHOTO FILM CO.,LTD.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabled:Delivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Spotify\spotify.exe" = C:\Program Files\Spotify\spotify.exe:*:Enabled:Spotify -- (Spotify Ltd)
"C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Documents and Settings\Hannah\My Documents\Downloads\PDFConverterSetup.exe" = C:\Documents and Settings\Hannah\My Documents\Downloads\PDFConverterSetup.exe:*:Enabled:InstallCore™
"C:\Program Files\NewSoft\Presto! PageManager 8 for EP\LicenseCheck.exe" = C:\Program Files\NewSoft\Presto! PageManager 8 for EP\LicenseCheck.exe:*:Enabled:License Check
"C:\Program Files\Panda Security\Panda Security Toolbar\dtUser.exe" = C:\Program Files\Panda Security\Panda Security Toolbar\dtUser.exe:*:Enabled:Panda Security Toolbar DTX Broker -- (Visicom Media Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1DD81E7D-0D28-4CEB-87B2-C041A4FCB215}" = Rapport
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24ED4D80-8294-11D5-96CD-0040266301AD}" = FinePixViewer Ver.5.1
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{3E31400D-274E-4647-916C-2CACC3741799}" = EpsonNet Print
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{65D41D8F-B96A-41D6-90A2-A6DEF0112A42}" = IRISPen Express 6
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7E7658A2-CD3F-48A7-93EA-0882BCA4FD2A}" = LogMeIn
"{82AF3E91-57E1-4754-84D0-40A46E2479AB}" = OpenOffice.org 3.3
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{B44529FF-501E-47CD-A06D-223C161BE058}" = FinePixViewer Resource
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D680C913-5955-469D-9D88-C1940F7506D6}" = RAW FILE CONVERTER LE
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{FEB2D0CA-9912-4AA1-8FBE-CFD852F9F1FC}" = Panda Cloud Antivirus
"{FFFAE01B-466F-4C07-9821-A94FD753BDDA}" = EpsonNet Setup
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe InDesign 2.0" = Adobe InDesign 2.0.1
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIDA32_is1" = AIDA32 v3.93
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CloneCD" = CloneCD
"DVD Shrink_is1" = DVD Shrink 3.2
"EPSON BX610FW Series" = EPSON BX610FW Series Printer Uninstall
"EPSON Scanner" = EPSON Scan
"Epson Stylus Office BX610FW_Office TX610FW_SX610FW User’s Guide" = Epson Stylus Office BX610FW_Office TX610FW_SX610FW Manual
"FoxTab PDF Converter" = FoxTab PDF Converter
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{65D41D8F-B96A-41D6-90A2-A6DEF0112A42}" = IRISPen Express 6
"LiveUpdate" = LiveUpdate 2.7 (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 12.0 (x86 en-GB)" = Mozilla Firefox 12.0 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OpenAL" = OpenAL
"Panda Cloud Antivirus" = Panda Cloud Antivirus
"Panda Security URL Filtering" = Panda Security URL Filtering
"pandasecuritytb" = Panda Security Toolbar
"Pdf995" = Pdf995
"PhotoBox" = PhotoBox 3.2.5
"PROSet" = Intel(R) PRO Ethernet Adapter and Software
"Rapport_msi" = Rapport
"RealPlayer 6.0" = RealPlayer
"Recuva" = Recuva
"Scribe" = Express Scribe
"Spotify" = Spotify
"Toolbar Cleaner" = Toolbar Cleaner 1.0
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XviD_is1" = XviD MPEG-4 Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Spotify" = Spotify

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 20/06/2012 11:34:56 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/06/2012 06:47:48 | Computer Name = HANNAHPC | Source = Application Error | ID = 1000
Description = Faulting application psunmain.exe, version 3.0.0.79, faulting module
ieframe.dll, version 7.0.6000.17055, fault address 0x000c52d5.

Error - 22/06/2012 18:50:36 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/06/2012 18:53:05 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 18:57:12 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 19:58:57 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 20:58:07 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 23/06/2012 03:58:37 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 23/06/2012 05:57:07 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 26/06/2012 08:39:03 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ Application Events ]
Error - 20/06/2012 11:34:56 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 12.0.0.4493, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 21/06/2012 06:47:48 | Computer Name = HANNAHPC | Source = Application Error | ID = 1000
Description = Faulting application psunmain.exe, version 3.0.0.79, faulting module
ieframe.dll, version 7.0.6000.17055, fault address 0x000c52d5.

Error - 22/06/2012 18:50:36 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.60.0.80, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 22/06/2012 18:53:05 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 18:57:12 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 19:58:57 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 22/06/2012 20:58:07 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 23/06/2012 03:58:37 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 23/06/2012 05:57:07 | Computer Name = HANNAHPC | Source = Google Update | ID = 20
Description =

Error - 26/06/2012 08:39:03 | Computer Name = HANNAHPC | Source = Application Hang | ID = 1002
Description = Hanging application AcroRd32.exe, version 10.0.1.434, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 23/06/2012 05:21:54 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 23/06/2012 05:49:02 | Computer Name = HANNAHPC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASDIFSV\0000 disappeared from the system without
first being prepared for removal.

Error - 23/06/2012 05:51:46 | Computer Name = HANNAHPC | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_SASKUTIL\0000 disappeared from the system without
first being prepared for removal.

Error - 24/06/2012 07:10:02 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 24/06/2012 07:23:08 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 25/06/2012 06:11:50 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 25/06/2012 10:32:34 | Computer Name = HANNAHPC | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 25/06/2012 14:00:22 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 26/06/2012 05:33:12 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl

Error - 26/06/2012 09:44:26 | Computer Name = HANNAHPC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
eeCtrl


< End of report >
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-06-26 22:05:29
-----------------------------
22:05:29.111 OS Version: Windows 5.1.2600 Service Pack 2
22:05:29.111 Number of processors: 1 586 0x204
22:05:29.111 ComputerName: HANNAHPC UserName: Hannah
22:05:31.564 Initialize success
22:05:47.361 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
22:05:47.361 Disk 0 Vendor: SAMSUNG_SP0822N WA100-34 Size: 76351MB BusType: 3
22:05:47.376 Disk 0 MBR read successfully
22:05:47.376 Disk 0 MBR scan
22:05:47.376 Disk 0 Windows XP default MBR code
22:05:47.392 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49999 MB offset 63
22:05:47.407 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 26348 MB offset 102398310
22:05:47.407 Disk 0 scanning sectors +156360645
22:05:47.486 Disk 0 scanning C:\WINDOWS\system32\drivers
22:05:53.907 Service scanning
22:06:12.001 Modules scanning
22:06:28.314 Disk 0 trace - called modules:
22:06:28.329 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
22:06:28.329 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x83b5fab8]
22:06:28.329 3 CLASSPNP.SYS[f751705b] -> nt!IofCallDriver -> \Device\00000063[0x83bcc138]
22:06:28.329 5 ACPI.sys[f748d620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x83b61940]
22:06:28.329 Scan finished successfully
22:06:49.189 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Hannah\Desktop\MBR.dat"
22:06:49.189 The log file has been saved successfully to "C:\Documents and Settings\Hannah\Desktop\aswMBR.txt"
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby hanberuk » June 26th, 2012, 5:16 pm

PS the ODT scan also brought up several warnings about kthqm.exe and lgrxyx.exe
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby hanberuk » June 26th, 2012, 5:18 pm

I mean OTL
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby melboy » June 26th, 2012, 5:41 pm

Thank you.



Temporarily disable Malwarebytes' Anti-malware (mbam)

We need to temporarily disable mbam's realtime protection so it doesn't interfere with any fixes.

  • Right click the mbam system tray icon
  • Uncheck Start with windows
  • Uncheck Enable protection & click Yes to the prompt
  • Reboot your computer for the changes to take effect.



OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&affID=17160
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://domredi.com/1/
    IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&affID=17160
    FF - prefs.js..browser.startup.homepage: "http://domredi.com/1/"
    FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=SP_ss&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&instlRef=sst&affID=17160&q="
    [2011/04/09 19:28:19 | 000,002,423 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found
    O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe ()
    
    :Files
    C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe
    C:\Documents and Settings\Hannah\Local Settings\Application Data\lgrxyx.exe
    
    :Commands
    [CreateRestorePoint]
    [EmptyTemp]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: internet homepage being redirected

Unread postby hanberuk » June 26th, 2012, 6:44 pm

mbam was already disabled in the way you said - could the problem be a different anti virus programme, ie spyhunter? i'll do the OTL fix now anyway
thanks
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby hanberuk » June 26th, 2012, 7:07 pm

All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}\ not found.
Prefs.js: "http://domredi.com/1/" removed from browser.startup.homepage
Prefs.js: "http://search.babylon.com/?babsrc=SP_ss&mntrId=84ad1081000000000000000423314116&tlver=1.4.19.19&instlRef=sst&affID=17160&q=" removed from keyword.URL
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
File C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe not found.
========== FILES ==========
File\Folder C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\kthqm.exe not found.
File\Folder C:\Documents and Settings\Hannah\Local Settings\Application Data\lgrxyx.exe not found.
========== COMMANDS ==========
Restore point Set: OTL Restore Point

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 56257592 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 51055342 bytes
->Flash cache emptied: 348 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56502 bytes

User: Hannah
->Temp folder emptied: 2775185495 bytes
->Temporary Internet Files folder emptied: 63296334 bytes
->Java cache emptied: 31487121 bytes
->FireFox cache emptied: 105278096 bytes
->Flash cache emptied: 1683887 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 2267715 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 3602497 bytes
%systemroot%\System32 .tmp files removed: 3770897 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30703379 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64717686 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 73765084 bytes

Total Files Cleaned = 3,112.00 mb


OTL by OldTimer - Version 3.2.53.0 log created on 06262012_235251

Files\Folders moved on Reboot...
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_fa4.dat not found!

PendingFileRenameOperations files...
File C:\WINDOWS\temp\Perflib_Perfdata_fa4.dat not found!

Registry entries deleted on Reboot...
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby melboy » June 26th, 2012, 7:22 pm

Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

    The log can also be found here:
    1. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
    2. Or via the Logs tab when the application is started.

Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately.
Failure to reboot will prevent MBAM from removing all the malware.



Gmer

Download GMER Rootkit Scanner from here.

  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • When GMER opens, it will run an inital quick scan. This should only take a few seconds, allow it to complete.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
    See image below
    Image
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in your next reply
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

-- If GMER crashes or results in a BSoD, please inform me --

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Note: Do not run any programs while Gmer is running.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: internet homepage being redirected

Unread postby hanberuk » June 27th, 2012, 3:33 am

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
http://www.malwarebytes.org

Database version: v2012.06.26.09

Windows XP Service Pack 2 x86 NTFS
Internet Explorer 7.0.5730.13
Hannah :: HANNAHPC [administrator]

Protection: Disabled

27/06/2012 00:58:59
mbam-log-2012-06-27 (00-58-59).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209454
Time elapsed: 10 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-06-27 08:26:23
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_SP0822N rev.WA100-34
Running: pt3c5zwy.exe; Driver: C:\DOCUME~1\Hannah\LOCALS~1\Temp\uwdcipog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwAssignProcessToJobObject [0xEDE5E0DA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwCreateFile [0xEDE5ECA6]
SSDT \??\C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys ZwCreateThread [0xEDFA85E0]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteFile [0xEDE5EEB8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteKey [0xEDE62714]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwDeleteValueKey [0xEDE62756]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwLoadKey [0xEDE628FA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenFile [0xEDE5EDCA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenProcess [0xEDE5E282]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwOpenThread [0xEDE5E482]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwProtectVirtualMemory [0xEDE5E5C2]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwQueryValueKey [0xEDE6285E]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRenameKey [0xEDE627A8]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwReplaceKey [0xEDE627EA]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwRestoreKey [0xEDE62824]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetContextThread [0xEDE5E068]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetInformationFile [0xEDE5EF6A]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSetValueKey [0xEDE6269C]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwSuspendThread [0xEDE5DFE6]
SSDT \SystemRoot\system32\DRIVERS\PSINProc.sys (PSINProc Filter Driver for XP32/Panda Security, S.L.) ZwTerminateProcess [0xEC2F1416]
SSDT \??\C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (RapportPG/Trusteer Ltd.) ZwTerminateThread [0xEDE5DF46]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1332] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 00415370 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (RapportMgmtService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1332] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 71A70001
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1332] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 71A10022
.text C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe[1332] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71AE0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1908] ntdll.dll!KiUserApcDispatcher 7C90E450 5 Bytes JMP 0043AC70 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (RapportService/Trusteer Ltd.)
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1908] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 71A80001
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1908] USER32.dll!CallMsgFilterW + 21D 7E42DBC9 6 Bytes JMP 71AE001E
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1908] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 719E0022
.text C:\Program Files\Trusteer\Rapport\bin\RapportService.exe[1908] WS2_32.dll!gethostbyname 71AB4FD4 5 Bytes JMP 71A20022
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3052] USER32.dll!SetWindowLongA 7E41D60D 5 Bytes JMP 10665EE6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3052] USER32.dll!SetWindowLongW 7E41D62B 5 Bytes JMP 10665E78 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3052] USER32.dll!GetWindowInfo 7E41E77C 5 Bytes JMP 10454822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[3052] USER32.dll!TrackPopupMenu 7E4650EE 5 Bytes JMP 10454DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] ntdll.dll!NtMapViewOfSection 7C90D51E 5 Bytes JMP 713F0022
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] ntdll.dll!_CIpow + 42B 7C90E44B 5 Bytes JMP 00AEE1C0 c:\program files\trusteer\rapport\bin\rooksdol.dll (Rooks/Dolomite/Trusteer Ltd.)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] ntdll.dll!KiUserApcDispatcher + 5 7C90E455 2 Bytes [EB, F4] {JMP 0xfffffffffffffff6}
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] ntdll.dll!LdrLoadDll 7C915CBB 5 Bytes JMP 0196C930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] kernel32.dll!LoadLibraryExW + C4 7C801BB5 4 Bytes CALL 71A90001
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 01B9E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] kernel32.dll!MapViewOfFile 7C80B915 5 Bytes JMP 01B9E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] kernel32.dll!SetUnhandledExceptionFilter 7C8447ED 6 Bytes PUSH 71A30022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!DispatchMessageW 7E418A01 6 Bytes PUSH 71560022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!TranslateMessage 7E418BF6 6 Bytes PUSH 71440022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!GetMessageW 7E4191C6 6 Bytes PUSH 714E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!PeekMessageW 7E41929B 6 Bytes PUSH 719F0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!RegisterClassExW 7E41AF7F 6 Bytes PUSH 71AE0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!GetWindowRect 7E41B6D4 6 Bytes PUSH 714A0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!CreateWindowExW 7E41FC25 6 Bytes JMP 719A000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!CreateWindowExA 7E41FF33 6 Bytes JMP 7196000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!DdeInitializeW 7E429CEF 6 Bytes PUSH 715A0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] USER32.dll!GetClipboardData 7E430D7A 6 Bytes PUSH 71520022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] GDI32.dll!BitBlt 77F16F79 6 Bytes PUSH 715E0022; RET
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] GDI32.dll!CreateDIBSection 77F19AA1 5 Bytes JMP 01B9E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSALookupServiceNextW 71AB2E99 6 Bytes JMP 718C0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSALookupServiceEnd 71AB3226 6 Bytes JMP 71890F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSALookupServiceBeginW 71AB3307 6 Bytes JMP 71920F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!send 71AB428A 6 Bytes JMP 71860F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSARecv 71AB4318 6 Bytes JMP 717D0F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!recv 71AB615A 6 Bytes JMP 71830F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSASend 71AB6233 6 Bytes JMP 71800F5A
.text C:\Program Files\Mozilla Firefox\firefox.exe[3992] WS2_32.dll!WSAGetOverlappedResult 71AC0D03 6 Bytes JMP 717A0F5A

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 symsnap.sys (StorageCraft Volume Snap-Shot/StorageCraft)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby melboy » June 27th, 2012, 8:03 am

Hello - How are things running now?

OTL

  • Double click on OTL.exe to run it.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When done, OTL.txt Will be opened
  • Please post the contents in your next reply.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK

Re: internet homepage being redirected

Unread postby hanberuk » June 27th, 2012, 9:57 am

hi, it seems a lot better! no longer redirecting google, do you think the virus has gone?

OTL logfile created on: 27/06/2012 14:31:44 - Run 2
OTL by OldTimer - Version 3.2.53.0 Folder = C:\Documents and Settings\Hannah\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

759.48 Mb Total Physical Memory | 89.92 Mb Available Physical Memory | 11.84% Memory free
1.44 Gb Paging File | 0.81 Gb Available in Paging File | 56.43% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 48.83 Gb Total Space | 12.83 Gb Free Space | 26.27% Space Free | Partition Type: NTFS
Drive D: | 25.73 Gb Total Space | 8.70 Gb Free Space | 33.80% Space Free | Partition Type: NTFS

Computer Name: HANNAHPC | User Name: Hannah | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/06/26 21:38:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
PRC - [2012/06/08 21:42:12 | 001,668,952 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/06/01 22:10:33 | 000,932,528 | ---- | M] () -- C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/05/31 15:45:39 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/03/19 10:51:36 | 000,217,256 | ---- | M] (Panda Security) -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe
PRC - [2011/04/28 14:01:20 | 000,439,616 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
PRC - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
PRC - [2011/01/17 20:08:58 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 20:08:58 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2007/06/13 11:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2003/05/08 11:34:32 | 000,069,632 | ---- | M] (adi) -- C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
PRC - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/01 22:10:33 | 000,932,528 | ---- | M] () -- C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
MOD - [2012/05/31 15:45:38 | 001,952,696 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/28 22:29:41 | 000,520,464 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll
MOD - [2012/02/24 00:41:43 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2012/02/01 14:43:10 | 000,557,056 | ---- | M] () -- C:\Program Files\Trusteer\Rapport\bin\js32.dll
MOD - [2011/12/02 21:05:25 | 008,527,008 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2007/03/15 02:00:58 | 000,051,716 | ---- | M] () -- C:\WINDOWS\system32\pdf995mon.dll
MOD - [2007/02/14 13:55:11 | 000,165,424 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\MiniCrypto.dll
MOD - [2007/02/14 13:55:10 | 000,099,888 | ---- | M] () -- C:\Program Files\Panda Security\Panda Cloud Antivirus\APIcr.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/06/08 21:42:12 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/06/05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/31 15:45:40 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/28 13:58:54 | 000,140,608 | ---- | M] (Panda Security, S.L.) [Auto | Running] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2007/12/20 18:13:46 | 001,553,896 | ---- | M] (Symantec) [On_Demand | Stopped] -- C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe -- (SymSnapService)
SRV - [2007/11/15 19:46:14 | 000,116,032 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\ramaint.exe -- (LMIMaint)
SRV - [2007/08/03 16:09:34 | 000,063,040 | ---- | M] (LogMeIn, Inc.) [Disabled | Stopped] -- C:\Program Files\LogMeIn\x86\LogMeIn.exe -- (LogMeIn)
SRV - [2007/04/23 11:22:14 | 003,068,352 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2012/06/18 10:32:57 | 000,228,208 | ---- | M] () [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_34302.sys -- (RapportCerberus_34302)
DRV - [2012/06/08 21:42:30 | 000,071,480 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportEI.sys -- (RapportEI)
DRV - [2012/06/08 21:42:28 | 000,166,840 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys -- (RapportPG)
DRV - [2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\RapportKELL.sys -- (RapportKELL)
DRV - [2012/05/28 22:29:41 | 000,021,520 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Running] -- c:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\39624\RapportIaso.sys -- (RapportIaso)
DRV - [2012/04/04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/01/05 14:10:09 | 000,144,008 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINAflt.sys -- (PSINAflt)
DRV - [2011/11/30 19:37:24 | 000,112,648 | ---- | M] (Panda Security, S.L.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProt.sys -- (PSINProt)
DRV - [2011/11/23 10:59:40 | 000,130,312 | ---- | M] (Panda Security, S.L.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PSINKNC.sys -- (PSINKNC)
DRV - [2011/04/28 13:57:38 | 000,111,688 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINProc.sys -- (PSINProc)
DRV - [2011/04/28 13:57:38 | 000,097,096 | ---- | M] (Panda Security, S.L.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\PSINFile.sys -- (PSINFile)
DRV - [2008/01/19 21:12:42 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2008/01/19 20:45:40 | 000,038,112 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\v2imount.sys -- (v2imount)
DRV - [2008/01/19 20:40:16 | 000,015,088 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\vproeventmonitor.sys -- (VProEventMonitor)
DRV - [2007/12/20 18:13:54 | 000,136,416 | ---- | M] (StorageCraft) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\symsnap.sys -- (symsnap)
DRV - [2007/11/15 19:46:40 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2007/08/03 16:09:34 | 000,046,112 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2007/08/03 16:09:34 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\LogMeIn\x86\rainfo.sys -- (LMIInfo)
DRV - [2005/05/03 16:34:02 | 000,027,392 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV - [2004/08/04 00:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/03/08 12:55:50 | 000,013,567 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
IE - HKCU\..\URLSearchHook: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
IE - HKCU\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://www.google.com/search?ie=utf-8&o ... 1V4IPYX&q={searchTerms}
IE - HKCU\..\SearchScopes\{87278A5A-6A85-4859-9675-1CBBFB27F297}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2321: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.2379: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1483: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/05/31 15:45:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/02/24 00:36:43 | 000,000,000 | ---D | M]

[2008/09/03 23:34:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Extensions
[2012/05/24 20:25:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions
[2012/03/24 08:10:55 | 000,000,000 | ---D | M] (Panda Security Toolbar) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}
[2012/05/24 20:25:16 | 000,000,000 | ---D | M] (Zotero) -- C:\Documents and Settings\Hannah\Application Data\Mozilla\Firefox\Profiles\hlocyyui.default\extensions\zotero@chnm.gmu.edu
[2012/03/31 19:15:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/23 23:06:59 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/05/31 15:45:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/24 00:36:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012/05/31 15:45:35 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/03/31 19:15:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/05/31 15:45:35 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/05/31 15:45:35 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/01/27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\pandasecuritytb.xml
[2012/05/31 15:45:40 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/05/31 15:45:35 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2001/08/23 13:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O3 - HKLM\..\Toolbar: (Panda Security Toolbar) - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Panda Security URL Filtering] C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering\Panda_URL_Filtering.exe (Panda Security)
O4 - HKLM..\Run: [PSUNMain] C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe (Panda Security, S.L.)
O4 - HKCU..\Run: [EPSON BX610FW Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFJU.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Livestation] C:\Program Files\Livestation\Livestation.exe -startup File not found
O4 - HKCU..\Run: [Spotify Web Helper] C:\Program Files\Spotify\Data\SpotifyWebHelper.exe ()
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Hannah\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 157
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta ... s-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E307E7BA-E71D-4536-9F9C-FEBB59B1A566}: NameServer = 172.17.17.254,212.23.3.100
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - (igfxsrvc.dll) - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O20 - Winlogon\Notify\LMIinit: DllName - (LMIinit.dll) - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.)
O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/02/28 09:33:40 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2012/06/22 23:42:36 | 000,000,000 | ---D | M] - C:\Autoruns -- [ NTFS ]
O33 - MountPoints2\{2543d53e-055e-11dd-bcf6-000423314116}\Shell\AutoRun\command - "" = F:\setupSNK.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/26 23:52:51 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/06/26 21:38:08 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2012/06/26 21:36:53 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Hannah\Desktop\aswMBR.exe
[2012/06/23 10:48:47 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Hannah\My Documents\My Videos
[2012/06/23 00:20:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2012/06/22 23:53:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2012/06/22 23:51:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\SUPERAntiSpyware.com
[2012/06/22 23:51:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2012/06/22 23:42:35 | 000,000,000 | ---D | C] -- C:\Autoruns
[2012/06/21 01:10:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Application Data\Malwarebytes
[2012/06/21 01:10:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/21 01:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/06/21 01:09:56 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/21 01:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/06/21 00:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Hannah\Start Menu\Programs\SpyHunter
[2012/06/21 00:39:45 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012/06/21 00:39:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2012/06/19 17:55:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2012/06/19 17:55:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/06/10 11:55:55 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/08 21:42:28 | 000,065,720 | ---- | C] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/05/31 15:45:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Mozilla
[2012/05/31 15:45:58 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[1 C:\Documents and Settings\Hannah\Desktop\*.tmp files -> C:\Documents and Settings\Hannah\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/27 14:28:33 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/27 14:25:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/27 09:03:12 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/26 22:06:49 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\MBR.dat
[2012/06/26 21:38:38 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Hannah\Desktop\OTL.exe
[2012/06/26 21:37:38 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Hannah\Desktop\aswMBR.exe
[2012/06/26 13:37:33 | 000,214,188 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\hannah statement.pdf
[2012/06/26 13:37:27 | 000,000,060 | ---- | M] () -- C:\WINDOWS\wpd99.drv
[2012/06/25 19:22:26 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Microsoft Word.lnk
[2012/06/24 12:09:38 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/21 12:05:33 | 000,415,365 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\babycatswing.jpg
[2012/06/21 01:10:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 23:35:40 | 000,171,628 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\3907-delandas_ontology_assemblage_and.pdf
[2012/06/20 23:35:24 | 000,282,487 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\Delanda-Protevi.pdf
[2012/06/20 21:08:32 | 001,500,584 | ---- | M] () -- C:\Documents and Settings\Hannah\My Documents\newman book.pdf
[2012/06/20 16:29:17 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/20 15:58:09 | 000,000,366 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\doc16x16.gif
[2012/06/14 17:02:55 | 002,221,684 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Empowerment1.pdf
[2012/06/10 11:56:08 | 000,001,029 | ---- | M] () -- C:\Documents and Settings\Hannah\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/10 11:55:41 | 000,001,015 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Dropbox.lnk
[2012/06/08 21:42:28 | 000,065,720 | ---- | M] (Trusteer Ltd.) -- C:\WINDOWS\System32\drivers\RapportKELL.sys
[2012/06/07 10:53:18 | 000,068,555 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\551257_10150947345789634_729845943_n.jpg
[2012/06/07 01:11:38 | 000,213,898 | ---- | M] () -- C:\Documents and Settings\Hannah\Desktop\Hemisphere1_WEB.jpg
[1 C:\Documents and Settings\Hannah\Desktop\*.tmp files -> C:\Documents and Settings\Hannah\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/26 22:06:49 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\MBR.dat
[2012/06/26 13:37:25 | 000,214,188 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\hannah statement.pdf
[2012/06/22 23:52:37 | 000,000,886 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/22 23:52:35 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/21 12:05:30 | 000,415,365 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\babycatswing.jpg
[2012/06/21 01:10:01 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/20 23:35:40 | 000,171,628 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\3907-delandas_ontology_assemblage_and.pdf
[2012/06/20 23:35:24 | 000,282,487 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\Delanda-Protevi.pdf
[2012/06/20 21:08:32 | 001,500,584 | ---- | C] () -- C:\Documents and Settings\Hannah\My Documents\newman book.pdf
[2012/06/20 15:58:04 | 000,000,366 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\doc16x16.gif
[2012/06/19 17:55:52 | 000,002,265 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2012/06/14 17:02:43 | 002,221,684 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\Empowerment1.pdf
[2012/06/07 10:53:09 | 000,068,555 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\551257_10150947345789634_729845943_n.jpg
[2012/06/07 01:11:38 | 000,213,898 | ---- | C] () -- C:\Documents and Settings\Hannah\Desktop\Hemisphere1_WEB.jpg
[2012/03/24 08:08:59 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\PSUNCpl.dat
[2011/04/26 02:07:27 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011/04/26 02:07:27 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011/04/26 02:07:27 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011/04/26 02:07:27 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011/04/26 02:07:27 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011/04/26 02:07:27 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011/04/26 02:07:27 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011/04/26 02:07:26 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011/04/26 02:07:26 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011/04/26 02:07:26 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011/04/26 02:07:26 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011/04/26 02:07:26 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011/04/26 02:07:26 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011/04/26 02:07:26 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011/04/26 02:07:26 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011/04/26 02:07:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011/04/26 02:07:26 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011/04/26 02:07:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011/04/26 02:07:26 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011/04/09 19:28:29 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2011/03/15 13:54:46 | 000,000,170 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/14 23:20:45 | 000,855,641 | ---- | C] () -- C:\Documents and Settings\Hannah\Application Data\PandaIDProtectHelp.chm
[2011/01/19 10:30:54 | 125,367,591 | ---- | C] () -- C:\Program Files\openofficeorg1.cab
[2010/01/03 22:54:48 | 000,000,666 | ---- | C] () -- C:\Program Files\Spotify.lnk
[2009/12/07 17:42:49 | 000,310,777 | ---- | C] () -- C:\Program Files\for mark.htm
[2007/06/11 19:52:53 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/07 02:07:17 | 000,162,304 | ---- | C] () -- C:\Program Files\UNWISE.EXE
[2006/09/10 22:35:30 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Hannah\Local Settings\Application Data\fusioncache.dat

========== LOP Check ==========

[2008/02/05 18:49:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avg7
[2008/07/19 23:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Channel4
[2011/04/26 02:07:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/07/20 11:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2010/10/06 15:26:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/03/14 22:43:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2012/06/27 14:28:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security URL Filtering
[2012/06/26 13:37:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2006/11/01 00:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Quark
[2012/02/28 12:06:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2011/04/26 02:12:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2012/02/25 14:39:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\.oit
[2012/06/27 14:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Dropbox
[2011/06/12 18:25:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Epson
[2006/09/13 11:27:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\FUJIFILM
[2010/09/04 00:09:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IRISPen
[2010/09/04 00:09:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IrisPen6
[2006/09/10 22:35:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\IsolatedStorage
[2009/01/15 14:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Livestation
[2010/10/06 15:26:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\NCH Swift Sound
[2012/02/24 01:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\OpenOffice.org
[2011/03/14 23:28:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Panda Security
[2012/06/06 01:40:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\pandasecuritytb
[2007/03/09 11:42:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\pdf995
[2006/11/01 00:54:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Quark
[2012/06/01 22:15:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Spotify
[2011/03/14 23:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\SurfSecret Privacy Suite
[2007/02/19 20:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Hannah\Application Data\Thunderbird
[2012/04/18 19:06:15 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\scribeShakeIcon.job

========== Purity Check ==========



< End of report >
hanberuk
Regular Member
 
Posts: 20
Joined: June 23rd, 2012, 6:39 am

Re: internet homepage being redirected

Unread postby melboy » June 27th, 2012, 12:47 pm

Hi

One final check.


ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.


  • Please go here to run the scan.
  • Click on Scan now
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: Image (Selecting Uninstall application on close if you so wish)
  • Re-enable your anti-virus software.
User avatar
melboy
MRU Expert
MRU Expert
 
Posts: 3670
Joined: July 25th, 2008, 4:25 pm
Location: UK
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware