Google Redirecting Malware

Page 3 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Go down

Google Redirecting Malware

Post by crucifix676 on Wed 23 Jun 2010, 12:06 pm

First topic message reminder :

Hi, I'm having an issue where some of my google search results redirect me to unrelated sites and not the link I clicked on either. Pretty sure it's malware too and various scans aren't getting rid of it. Please do help me out.


Here's a Hijack This log entry:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
O1 - Hosts: 75.125.96.162 nprotect.lineage2.com
O1 - Hosts: 75.125.96.162 l2testauthd.lineage2.com
O1 - Hosts: 75.125.96.162 l2authd.lineage2.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: HpWebHelper - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SetDefaultPrinter] c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [RBreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat
O4 - HKLM\..\Run: [PMLreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HPSUreset] c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PSUNMain] "C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Mqoganapiqifep] rundll32.exe "C:\WINDOWS\iwufazeqeq.dll",Startup
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\Emsisoft Anti-Malware\a2guard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [ooVoo.exe] C:\Program Files\ooVoo\oovoo.exe /minimized
O4 - HKCU\..\Run: [Kmozafeyutezezuq] rundll32.exe "C:\WINDOWS\wroFrne.dll",Startup
O4 - HKLM\..\Policies\Explorer\Run: [Jhjxm] rundll32 "C:\WINDOWS\system32\12520437Z.dll",NZOHMSFAFN
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.]
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O15 - Trusted Zone: [You must be registered and logged in to see this link.] (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs: C:\WINDOWS\system32\0048.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Emsisoft Anti-Malware 5.0 - Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\Emsisoft Anti-Malware\a2service.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NanoServiceMain - Panda Security, S.L. - C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down


Re: Google Redirecting Malware

Post by crucifix676 on Thu 22 Jul 2010, 6:45 pm

I get back "Unknown boot code has been found on some of your physical disks"

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Fri 23 Jul 2010, 5:56 am

Please post the log from it, so I may see which ones are infected.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri 23 Jul 2010, 12:08 pm

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix




crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Fri 23 Jul 2010, 5:06 pm

Please open Notepad and enter in the following:
@echo off
start remover.exe fix \.\PhysicalDrive0
exit
Then, click File > Save as...
Save as remove.bat to the same location as remover.exe.
Choose Save as type... All Files.
Click Save.

Then, exit Notepad.

Double-click on remove.bat.

Please re-run remover.exe and post a new log in your next reply.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri 23 Jul 2010, 5:42 pm

I got this from remove.bat:

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

CreateFile() ERROR 2
ERROR: Can't open physical disk device.



And I'm still getting this from remover.exe:


Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 53b87386f68c4cb2306da5ba771dbe8b
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix









crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Fri 23 Jul 2010, 5:48 pm

Do you have an XP cd?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri 23 Jul 2010, 5:49 pm

Yes I do.

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Fri 23 Jul 2010, 5:51 pm

Reboot your computer.

Boot from the windows XP CD, press the "R" key in the setup in order to start the Recovery Console.

Select your windows XP installation from the list (usually 1). It will prompt for an administrator password. The password is probably blank, so just hit enter.

Enter the command: fixmbr at the input prompt and confirm the next question with a Y.

It should then reboot the computer. If it does not, then type exit.

Boot back in to the Normal XP.

=================

After that, post a new Bootkit Remover log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri 23 Jul 2010, 6:09 pm

Bootkit Remover version 1.0.0.1
(c) 2009 eSage Lab
[You must be registered and logged in to see this link.]

\\.\C: -> \\.\PhysicalDrive0
MD5: 6def5ffcbcdbdb4082f1015625e597bd
\\.\D: -> \\.\PhysicalDrive0

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)




crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Fri 23 Jul 2010, 6:10 pm

Good. Anymore redirects?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Fri 23 Jul 2010, 6:26 pm

Yes, actually. I'm still getting redirects.

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Sat 24 Jul 2010, 5:35 am

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).



[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sat 24 Jul 2010, 6:55 pm

GooredFix by jpshortstuff (03.07.10.1)
Log created at 00:54 on 24/07/2010 (HP_Administrator)
Firefox version 3.6.7 (en-US)

========== GooredScan ==========

Removing Orphan:
"{30A770C9-F875-44F8-AF80-3147BCCFD89A}"="C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\{30A770C9-F875-44F8-AF80-3147BCCFD89A}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [02:50 07/12/2009]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [22:59 23/07/2007]

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\
[You must be registered and logged in to see this link.] [03:57 14/05/2010]
{20a82645-c095-46ed-80e3-08825760534b} [20:53 27/04/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [22:38 07/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [09:57 24/04/2010]

---------- Old Logs ----------
GooredFix[22.29.29_29-06-2010].txt

-=E.O.F=-

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Sun 25 Jul 2010, 9:14 pm

1. Click Start, click Run, type sigverif, and then click OK.

2. Click Advanced, click Look for other files that are not digitally signed, navigate to the Winnt\System32\Drivers folder, and then click OK.

3. Click Start.

4. After it has finished running, navigate to C:\Windows\Sigverify.txt, open it and post the contents of the log here.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Sun 25 Jul 2010, 10:34 pm

********************************

Microsoft Signature Verification

Log file generated on 7/25/2010 at 4:33 AM
OS Platform: Windows 2000 (x86), Version: 5.1, Build: 2600, CSDVersion: Service Pack 3
Scan Results: Total Files: 336, Signed: 323, Unsigned: 10, Not Scanned: 3

User-specified search path: *.*
User-specified search pattern: C:\WINDOWS\system32\drivers

File Modified Version Status Catalog Signed By
------------------ ------------ ----------- ------------ ----------- -------------------
[c:\windows\system32\drivers]
103c_hp_cpc_rb103aa- 4/17/2008 None Not Signed N/A
1394bus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
acpiec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
adv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv05nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv07nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv08nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv09nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
adv11nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
aec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
afd.sys 8/14/2008 2:5.1 Signed KB956803.cat Microsoft Windows Component Publisher
agp440.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
agpcpq.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
alim1541.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk6.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk7.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
amdk8.sys 3/9/2005 2:5.1,2:5.2 Signed oem9.CAT Microsoft Windows Publisher
aracpi.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arhidfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arkbcfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
armoucfltr.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
arp1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
arpolicy.sys 8/2/2005 2:5.0,2:5.1,2:5.2 Signed AwayMode160.cat Microsoft Windows Publisher
asyncmac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1btxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1mdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1pdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1raxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1rvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1snxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1ttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1tuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati1xsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtaa.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ati2mtag.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinbtxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinmdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinpdxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinraxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinrvxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinsnxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinttxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atintuxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxbxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atinxsxx.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ativmc20.cod 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atksgt.sys 7/8/2010 None Signed N/A Tages SA
atmarpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmepvc.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atmlane.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atmuni.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
atv01nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv02nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv04nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv06nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
atv10nt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
audstub.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bantext.sys 2/27/2008 None Not Signed N/A
bb-run.sys 11/5/2003 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
beep.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
bridge.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthmodem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthpan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthport.sys 6/13/2008 2:5.1 Signed KB951376-v2.cat Microsoft Windows Component Publisher
bthprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
bthusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cbidf2k.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ccdecode.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdaudio.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
cdfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cdr4_xp.sys 8/19/2005 8.0.0.212 Not Signed N/A
cdralw2k.sys 8/19/2005 8.0.0.212 Not Signed N/A
ch7xxnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cinemst2.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
classpnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cpqdap01.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
crusoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
cxthsfs2.cty 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diag69xp.sys 1/20/2006 1.142.524.2004 Not Signed N/A
disk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
diskdump.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmboot.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dmload.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dmusic.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
drmkaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxapi.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
dxg.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
dxgthk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
enum1394.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fastfat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fdc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fips.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
flpydisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fltmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
fsvga.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
fs_rec.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftdisk.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ftsata2.sys 6/29/2005 2:5.1 Signed oem0.CAT Microsoft Windows Hardware Compatibility Publisher
gagp30kx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
gearaspiwdm.sys 5/18/2009 2:5.00,2:5.1,2:5.2,2Signed oem141.CAT Microsoft Windows Hardware Compatibility Publisher
gm.dls 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
gmreadme.txt 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
hcwfalcn.rom 1/17/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakob.rom 4/20/2005 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwmakoc.rom 2/9/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hcwpp2.sys 4/13/2006 2:5.1 Signed oem10.CAT Microsoft Windows Hardware Compatibility Publisher
hdaudbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hdaudio.sys 1/8/2005 2:5.1 Signed KB888111WXPSP2.cat Microsoft Windows XP Publisher
hidbth.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidir.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidparse.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidserv.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hidusb.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hitmanpro35.sys 6/29/2010 None Signed N/A SurfRight B.V.
hsfbs2s2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfcxts2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfdpsp2.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
hsfprof.cty 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsxhwbs2.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_cnxt.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
hsx_dp.sys 12/6/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
http.sys 10/20/2009 2:5.1 Signed KB970430.cat Microsoft Windows Component Publisher
i8042prt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
iastor.sys 6/17/2005 2:5.00,2:5.1,2:5.2 Signed oem1.CAT Microsoft Windows Hardware Compatibility Publisher
imapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
intelppm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ip6fw.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipfltdrv.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
ipinip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipnat.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ipsec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
irenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
isapnp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kbdhid.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
kmixer.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ks.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ksecdd.sys 6/24/2009 2:5.1 Signed KB968389.cat Microsoft Windows Component Publisher
lirsgt.sys 7/8/2010 None Signed N/A Tages SA
mbam.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mbamswissarmy.sys 4/29/2010 None Signed N/A Malwarebytes Corporation
mcd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mdmxsdk.sys 10/5/2005 2:5.1 Signed oem8.CAT Microsoft Windows Hardware Compatibility Publisher
mf.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mhndrv.sys 8/10/2004 5.1.2600.2180 Not Signed N/A
mnmdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
modem.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouclass.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mouhid.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
mountmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mqac.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxdav.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mrxsmb.sys 2/24/2010 2:5.1 Signed KB980232.cat Microsoft Windows Component Publisher
msfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
msgpc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mskssrv.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspclock.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mspqm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mssmbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mstee.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlmnt5.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtlstrm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mtxparhm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mup.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
mutohpen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nabtsfec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndis.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndistapi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndisuio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndiswan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ndproxy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbios.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netbt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
netwlan5.img 7/17/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nic1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nikedrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
nmnt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
npfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ntmtlfax.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nuidfltr.sys 5/9/2009 2:5.1,2:6.0,2:6.1 Signed oem142.CAT Microsoft Windows Hardware Compatibility Publisher
null.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nv4_mini.sys 4/3/2010 2:5.00,2:5.1 Signed oem143.CAT Microsoft Windows Hardware Compatibility Publisher
nvenetfd.sys 3/3/2006 2:5.00,2:5.1 Signed oem134.CAT Microsoft Windows Hardware Compatibility Publisher
nvgts.sys 8/18/2008 2:5.00,2:5.1 Signed oem138.CAT Microsoft Windows Hardware Compatibility Publisher
nvnetbus.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvnrm.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvsnpu.sys 3/3/2006 2:5.00,2:5.1 Signed oem133.CAT Microsoft Windows Hardware Compatibility Publisher
nvtcp.sys 3/3/2006 1.0.0.5024 Not Signed N/A
nwlnkflt.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkfwd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkipx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
nwlnknb.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwlnkspx.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
nwrdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ohci1394.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
oprghdlr.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
p3.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
partmgr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
parvdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pcdrndisuio.sys 2/2/2006 5.1.2600.2180 Not Signed N/A
pci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pciide.sys 8/17/2001 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pciidex.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
pcmcia.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
point32.sys 6/10/2008 2:5.00,2:5.1,2:5.2 Signed oem6.CAT Microsoft Windows Hardware Compatibility Publisher
portcls.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
processr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
ps2.sys 12/12/2005 2:5.1 Signed oem107.CAT Microsoft Windows Hardware Compatibility Publisher
psched.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
psinaflt.sys 10/30/2009 None Signed N/A Panda Security S.L
psinfile.sys 10/13/2009 None Signed N/A Panda Security S.L
psinknc.sys 10/13/2009 None Signed N/A Panda Security S.L
psinproc.sys 10/13/2009 None Signed N/A Panda Security S.L
ptilink.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
pxhelp20.sys 8/19/2005 3.0.9.0 Not Signed N/A
rasacd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rasl2tp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspppoe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspptp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
raspti.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rawwan.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdbss.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpcdd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rdpdr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rdpwd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
recagent.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
redbook.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rfcomm.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rio8drv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
riodrv.sys 8/10/2004 2:5.1 Signed nt5inf.cat Microsoft Windows Component Publisher
rmcast.sys 5/8/2008 2:5.1 Signed KB950762.cat Microsoft Windows Component Publisher
rndismp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rndismpx.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
rootmdm.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
rtkhdaud.sys 2/11/2009 2:5.00,2:5.1 Signed oem150.CAT Microsoft Windows Hardware Compatibility Publisher
rtl8139.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
s3gnbm.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
scsiport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sdbus.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
secdrv.sys 11/13/2007 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
serial.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffdisk.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_mmc.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sffp_sd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sfloppy.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
siint5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sisagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnt7554.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slntamr.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slnthal.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
slwdmsup.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smbali.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
smclib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
sonydcam.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
splitter.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sr.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
srv.sys 12/31/2009 2:5.1 Signed KB971468.cat Microsoft Windows Component Publisher
stream.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
streamip.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swenum.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
swmidi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
sysaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tape.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tcpip.sys 6/20/2008 2:5.1 Signed KB951748.cat Microsoft Windows Component Publisher
tcpip6.sys 2/11/2010 2:5.1 Signed KB978338.cat Microsoft Windows Component Publisher
tdi.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdpipe.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tdtcp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
termdd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
tosdvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tsbvcap.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
tunmp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
uagp35.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
udfs.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
update.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usb8023x.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbaudio.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbcamd2.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbccgp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbd.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
usbehci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbhub.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbintel.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbkey.sys 2/2/2006 None Not Signed N/A
usbohci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbport.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbprint.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbscan.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbstor.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbuhci.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
usbvideo.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vchnt5.dll 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
vdmindvd.sys 8/10/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
vga.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaagp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
viaide.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
videoprt.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
volsnap.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wacompen.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv07nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv08nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv09nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wadv11nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wanarp.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv06nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
watv10nt.sys 8/3/2004 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wdf01000.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdfldr.sys 11/2/2006 2:5.0,2:5.1,2:5.2 Signed Wdf01005.cat Microsoft Windows Component Publisher
wdmaud.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wmilib.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wpdusb.sys 10/18/2006 2:5.1 Signed WMFDist11.cat Microsoft Windows Component Publisher
ws2ifsl.sys 8/9/2004 2:5.1 Signed nt5.cat Microsoft Windows Component Publisher
wstcodec.sys 4/13/2008 2:5.1 Signed sp3.cat Microsoft Windows Component Publisher
wudfpf.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows
wudfrd.sys 9/28/2006 2:5.1,2:5.2 Signed Wudf01000.cat Microsoft Windows

Unscanned Files:
------------------
[c:\windows\system32\drivers]
msftwdf_kernel_01005msft_kernel_nuidfltrsptd.sys The process cannot access the file because it is being used by another process.

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Mon 26 Jul 2010, 6:59 pm

How often do the redirects occur? What causes them?


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Mon 26 Jul 2010, 9:16 pm

The redirects happen pretty sporadically, and they seem to only occur on Google search engines. I click on a search result and sometimes I get redirected to a completely unrelated and ad-filled site. Often times I will just go back to the original search page and click on the search result again many times before I finally go to the correct page and not an unrelated redirected page. There seems to be some side symptoms of this such as slower computer speed and occasional error messages, but it could be something other than the redirecting issue.

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Tue 27 Jul 2010, 3:36 pm

Please download RenewMyDNS by DragonMaster Jay.
  • Save it to your Desktop.
  • Right-click on the file and select Extract All...
  • Choose a location to save extracted files and keep pressing Next until Finish.
  • Double-click RenewMyDNS folder, then double-click RenewMyDNS.bat to start the program.
  • Follow the prompts, and when finished it will launch a log.
  • Post that log in your next reply.
  • After posting the log, delete the folder RenewMyDNS.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Tue 27 Jul 2010, 7:16 pm



Reply from 98.137.149.56: bytes=32 time=477ms TTL=56

Reply from 98.137.149.56: bytes=32 time=310ms TTL=56

Request timed out.

Reply from 98.137.149.56: bytes=32 time=555ms TTL=56



Ping statistics for 98.137.149.56:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 310ms, Maximum = 555ms, Average = 447ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=409ms TTL=117

Reply from 64.202.189.170: bytes=32 time=518ms TTL=117

Reply from 64.202.189.170: bytes=32 time=404ms TTL=117

Reply from 64.202.189.170: bytes=32 time=394ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 394ms, Maximum = 518ms, Average = 431ms



Pinging facebook.com [69.63.189.16] with 32 bytes of data:



Reply from 69.63.189.16: bytes=32 time=426ms TTL=242

Reply from 69.63.189.16: bytes=32 time=423ms TTL=242

Reply from 69.63.189.16: bytes=32 time=206ms TTL=242

Reply from 69.63.189.16: bytes=32 time=93ms TTL=242



Ping statistics for 69.63.189.16:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 93ms, Maximum = 426ms, Average = 287ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Wed 28 Jul 2010, 5:16 am

That is not a complete log. The information I needed is at the beginning of the log.

Please re-run the tool and post a new log.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed 28 Jul 2010, 10:58 am

RenewMyDNS by DragonMaster Jay
DNS Diagnostics and refresher
Version 0.1.4 - November 2009

Microsoft Windows XP [Version 5.1.2600]


(((((((((((((((((((( Network and DNS Information ))))))))))))))))))))




Windows IP Configuration



Host Name . . . . . . . . . . . . : Eric

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Broadcast

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : gateway.2wire.net



Ethernet adapter Local Area Connection 4:



Connection-specific DNS Suffix . : gateway.2wire.net

Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

Physical Address. . . . . . . . . : 00-17-31-CD-35-0C

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.1.37

Subnet Mask . . . . . . . . . . . : 255.255.0.0

Default Gateway . . . . . . . . . : 172.16.0.1

DHCP Server . . . . . . . . . . . : 172.16.0.1

DNS Servers . . . . . . . . . . . : 4.2.2.2

4.2.2.3

Lease Obtained. . . . . . . . . . : Tuesday, July 27, 2010 4:49:11 PM

Lease Expires . . . . . . . . . . : Tuesday, July 27, 2010 5:49:11 PM


(((((((((((((((((((( DNS-Fake Request Testing and Flush ))))))))))))))))))))

... Requests made were successful


Windows IP Configuration



Successfully flushed the DNS Resolver Cache.



(((((((((((((((((((( Speed-test - Ping ))))))))))))))))))))


Pinging yahoo.com [69.147.125.65] with 32 bytes of data:



Reply from 69.147.125.65: bytes=32 time=223ms TTL=48

Reply from 69.147.125.65: bytes=32 time=113ms TTL=48

Reply from 69.147.125.65: bytes=32 time=253ms TTL=48

Reply from 69.147.125.65: bytes=32 time=124ms TTL=48



Ping statistics for 69.147.125.65:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 113ms, Maximum = 253ms, Average = 178ms



Pinging GeekPolice.net [64.202.189.170] with 32 bytes of data:



Reply from 64.202.189.170: bytes=32 time=93ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117

Reply from 64.202.189.170: bytes=32 time=40ms TTL=117

Reply from 64.202.189.170: bytes=32 time=41ms TTL=117



Ping statistics for 64.202.189.170:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 40ms, Maximum = 93ms, Average = 53ms



Pinging facebook.com [69.63.181.11] with 32 bytes of data:



Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=18ms TTL=243

Reply from 69.63.181.11: bytes=32 time=19ms TTL=243

Reply from 69.63.181.11: bytes=32 time=140ms TTL=243



Ping statistics for 69.63.181.11:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 18ms, Maximum = 140ms, Average = 48ms



Pinging microsoft.com [207.46.232.182] with 32 bytes of data:



Request timed out.

Request timed out.

Request timed out.

Request timed out.



Ping statistics for 207.46.232.182:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


********************
EOF

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by DragonMaster Jay on Wed 28 Jul 2010, 2:29 pm

Please download OTS by OldTimer and save it to your Desktop.

Note: You must be logged on to the system with an account that has Administrator privileges to run this program.
  • Close ALL OTHER PROGRAMS.
  • Double-click on OTS to start the program (if you are running on Vista then right-click the program and
    choose Run as Administrator).
  • At the top, tick on Scan All Users section and Include MD5.
  • At File Age set it to 90 Days
  • In the Processes, Modules, Services, Drivers, and Registry
    section, please set on Safe List.
  • In the Files Created Within and Files Modified Within section, set it to File Age
  • At the bottom, tick on all Safe List and Use Company Name WhiteList option
  • Under Additional Scans, tick on the "Extras" button and then click the checkboxes in front of the following items to select them:
      Reg - Disabled MS Config Items
      Reg - Drivers32
      Reg - Ext
      Reg - IE
      Explorer Bar
      Reg - NetSvcs
      Reg - Safeboot Minimal
      Reg - Safeboot Network
      File - Lop Check
      File - Purity Scan
  • Do NOT change any other settings.
  • Then, in the Custom Scans box, place this in:

    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.exe /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\System32\*.sys
    %systemroot%\System32\drivers\*.dll
    %systemroot%\System32\drivers\*.ini
    %systemroot%\System32\drivers\*.exe
    %SYSTEMDRIVE%\*.*
    %PROGRAMFILES%\*.
    %appdata%\*.*


  • Now click the Run Scan button on the toolbar.
  • Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.


[You must be registered and logged in to see this link.] - Get $30 off Kaspersky products.

~DMJ
GeekPolice Academy Manager


Donations/Contributions

DragonMaster Jay

Manager | Tech Officer
Manager | Tech Officer

Posts : 13451
Joined : 2009-09-07
Operating System : Windows 7 Ultimate

View user profile http://www.twitter.com/jaypfoutz

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed 28 Jul 2010, 10:23 pm

Computer Name: ERIC
Current User Name: HP_Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: On
Skip Microsoft Files: Off
File Age = 90 Days

[Processes - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
applemobiledeviceservice.exe -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
psunmain.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
psanhost.exe -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
askupgrade.exe -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
askservice.exe -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
psiservice_2.exe -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
aluschedulersvc.exe -> C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
arservice.exe -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)

[Modules - Safe List]
ots.exe -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTS.exe -> [2010/07/28 03:08:03 | 000,641,536 | ---- | M | MD5 = F8652ABB8D613AFCF8CD47FE669F62F5] (OldTimer Tools)
msscript.ocx -> C:\WINDOWS\system32\msscript.ocx -> [2008/04/13 17:10:20 | 000,110,592 | ---- | M | MD5 = DE5160912F4483F37704BE65C315B545] (Microsoft Corporation)

[Win32 Services - Safe List]
(F6E68549) F6E68549 [On_Demand | Stopped] -> C:\WINDOWS\System32\F6E68549.exe -> File not found
(9258704E) 9258704E [On_Demand | Stopped] -> C:\WINDOWS\System32\9258704E.exe -> File not found
(441CC720) 441CC720 [On_Demand | Stopped] -> C:\WINDOWS\System32\441CC720.exe -> File not found
(3D1AB9A9) 3D1AB9A9 [On_Demand | Stopped] -> C:\WINDOWS\System32\3D1AB9A9.exe -> File not found
(Apple Mobile Device) Apple Mobile Device [Auto | Running] -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -> [2010/06/10 21:03:08 | 000,144,176 | ---- | M | MD5 = 2E3E53A6AEF23E24F402C7855B9B1542] (Apple Inc.)
(NanoServiceMain) Panda Cloud Antivirus Service [Auto | Running] -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -> [2010/04/30 13:47:30 | 000,136,448 | ---- | M | MD5 = 9799191F31740EB7979C3B012AA6BA5B] (Panda Security, S.L.)
(XobniService) XobniService [Disabled | Stopped] -> C:\Program Files\Xobni\XobniService.exe -> [2009/11/13 11:09:34 | 000,046,824 | ---- | M | MD5 = E2CE4AE31E86161384EB045FD9ED3002] (Xobni Corporation)
(ASKUpgrade) ASKUpgrade [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -> [2009/04/02 12:47:04 | 000,234,888 | ---- | M | MD5 = 367621CB272A8D9E7D910388916D5737] ()
(ASKService) ASKService [Auto | Running] -> C:\Program Files\AskBarDis\bar\bin\AskService.exe -> [2009/04/02 12:47:02 | 000,464,264 | ---- | M | MD5 = 7B44F870FC2DA172C5367D9E3F96F553] ()
(PSI_SVC_2) Protexis Licensing V2 [Auto | Running] -> C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -> [2008/07/23 13:54:10 | 000,185,632 | ---- | M | MD5 = D21DFAA93CD6AEF397C033A718C0FFF5] (Protexis Inc.)
(LiveUpdate) LiveUpdate [Disabled | Stopped] -> C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -> [2006/07/25 18:03:42 | 002,119,360 | ---- | M | MD5 = FB466FAA799EACE5075FC1DE269F0066] (Symantec Corporation)
(Automatic LiveUpdate Scheduler) Automatic LiveUpdate Scheduler [Auto | Running] -> C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe -> [2006/07/25 18:03:42 | 000,100,032 | ---- | M | MD5 = 7768CE75C5CBF0D8F441CE2BBD806B7F] (Symantec Corporation)
(ARSVC) ARSVC [Auto | Running] -> C:\WINDOWS\arservice.exe -> [2005/08/02 23:19:16 | 000,058,880 | ---- | M | MD5 = 9A0D9B2E263BEDE80FB79DDBAD240EC1] (Microsoft)
(Pml Driver HPZ12) Pml Driver HPZ12 [Disabled | Stopped] -> C:\WINDOWS\system32\HPZipm12.exe -> [2005/03/14 19:05:02 | 000,069,632 | ---- | M | MD5 = A38B3CE68E7F126190CDE4AA3FDF050F] (HP)

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed 28 Jul 2010, 10:23 pm

[Driver Services - Safe List]
(rootrepeal) rootrepeal [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\rootrepeal.sys -> File not found
(RkPavproc1) RkPavproc1 [Kernel | On_Demand | Stopped] -> C:\WINDOWS\System32\drivers\RkPavproc1.sys -> File not found
(Cdrom) CD-ROM Driver [Kernel | System | Stopped] -> C:\WINDOWS\System32\DRIVERS\cdrom.sys -> File not found
(atksgt) atksgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\atksgt.sys -> [2010/07/08 02:10:46 | 000,278,984 | ---- | M | MD5 = 3C4B9850A2631C2263507400D029057B] ()
(lirsgt) lirsgt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\lirsgt.sys -> [2010/07/08 02:10:46 | 000,025,416 | ---- | M | MD5 = 4127E8B6DDB4090E815C1F8852C277D3] ()
(PSINAflt) PSINAflt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINAflt.sys -> [2010/05/27 18:39:32 | 000,141,384 | ---- | M | MD5 = 469943FB4398DF5662DD5D06193C0BB0] (Panda Security, S.L.)
(PSINProt) PSINProt [Kernel | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProt.sys -> [2010/05/12 10:58:12 | 000,110,920 | ---- | M | MD5 = 47345C84B45003D4B5975CDA5F026787] (Panda Security, S.L.)
(PSINKNC) PSINKNC [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\PSINKNC.sys -> [2010/05/04 08:36:54 | 000,129,928 | ---- | M | MD5 = 51B0BAB73EC899399E5D6034105D6F21] (Panda Security, S.L.)
(PSINProc) PSINProc [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINProc.sys -> [2010/04/30 13:46:52 | 000,111,624 | ---- | M | MD5 = D3730032F61FCA2D2AE6A2DAF90347B1] (Panda Security, S.L.)
(PSINFile) PSINFile [File_System | Auto | Running] -> C:\WINDOWS\system32\drivers\PSINFile.sys -> [2010/04/30 13:46:52 | 000,097,032 | ---- | M | MD5 = B573F1EE01046612576907BB08AD8E6F] (Panda Security, S.L.)
(nv) nv [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nv4_mini.sys -> [2010/04/03 15:55:31 | 010,232,128 | ---- | M | MD5 = 30913CBF518396912E54C2C9F1DD0F09] (NVIDIA Corporation)
(NuidFltr) NUID filter driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\nuidfltr.sys -> [2009/05/09 01:14:20 | 000,014,736 | ---- | M | MD5 = CF7E041663119E09D2E118521ADA9300] (Microsoft Corporation)
(sptd) sptd [Kernel | Boot | Running] -> C:\WINDOWS\System32\Drivers\sptd.sys -> [2009/02/18 00:05:03 | 000,717,296 | ---- | M | Unable to obtain MD5] ()
(IntcAzAudAddService) Service for Realtek HD Audio (WDM) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\RtkHDAud.sys -> [2009/02/11 12:40:40 | 005,028,352 | ---- | M | MD5 = 14B48553BE78472D2BD3A518658A1710] (Realtek Semiconductor Corp.)
(nvgts) nvgts [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\nvgts.sys -> [2008/08/18 19:54:00 | 000,145,952 | ---- | M | MD5 = EA98BFE4931BD13D747D647C1859796E] (NVIDIA Corporation)
(npkcrypt) npkcrypt [Kernel | On_Demand | Stopped] -> C:\Documents and Settings\HP_Administrator\Desktop\Lineage II\system\npkcrypt.sys -> [2008/04/29 16:04:33 | 000,023,217 | ---- | M | MD5 = FD9666A8EB88E713C18E2E90F6E746D0] (INCA Internet Co., Ltd.)
(eeCtrl) Symantec Eraser Control driver [Kernel | System | Running] -> C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -> [2008/04/17 11:54:54 | 000,385,072 | ---- | M | MD5 = E89CC1363CB7F5320AE3B41C1333D0C3] (Symantec Corporation)
(usbaudio) USB Audio Driver (WDM) [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\USBAUDIO.sys -> [2008/04/13 12:45:12 | 000,060,032 | ---- | M | MD5 = E919708DB44ED8543A7C017953148330] (Microsoft Corporation)
(IrBus) Infrared bus filter driver for eHome remote controls [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\irbus.sys -> [2008/04/13 11:45:34 | 000,046,592 | ---- | M | MD5 = B43B36B382AEA10861F7C7A37F9D4AE2] (Microsoft Corporation)
(HDAudBus) Microsoft UAA Bus Driver for High Definition Audio [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hdaudbus.sys -> [2008/04/13 09:36:05 | 000,144,384 | ---- | M | MD5 = 573C7D0A32852B48F3058CFD8026F511] (Windows (R) Server 2003 DDK provider)
(BANTExt) Belarc SMBios Access [Kernel | System | Running] -> C:\WINDOWS\System32\Drivers\BANTExt.sys -> [2008/02/27 13:49:00 | 000,003,840 | ---- | M | MD5 = 5D7BE7B19E827125E016325334E58FF1] ()
(hcwPP2) Hauppauge WinTV PVR PCI II ([23|25|26]xxx) [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\hcwPP2.sys -> [2006/04/13 16:47:38 | 000,168,064 | ---- | M | MD5 = 55E4DA7C8CBBA1F2D71720FCA7A5C086] (Hauppauge Computer Works, Inc.)
(nvnetbus) NVIDIA Network Bus Enumerator [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\nvnetbus.sys -> [2006/03/03 14:31:04 | 000,013,056 | ---- | M | MD5 = 5E3F6AD5CAD0F12D3CCCD06FD964087A] (NVIDIA Corporation)
(NVENETFD) NVIDIA nForce Networking Controller Driver [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\NVENETFD.sys -> [2006/03/03 14:31:02 | 000,034,176 | ---- | M | MD5 = 22EEDB34C4D7613A25B10C347C6C4C21] (NVIDIA Corporation)
(Ps2) Ps2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\PS2.sys -> [2005/12/12 17:27:00 | 000,019,072 | ---- | M | MD5 = 390C204CED3785609AB24E9C52054A84] (Hewlett-Packard Company)
(HSXHWBS2) HSXHWBS2 [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSXHWBS2.sys -> [2005/12/06 11:20:50 | 000,241,664 | ---- | M | MD5 = 1F5C64B0C6B2E2F48735A77AE714CCB8] (Conexant Systems, Inc.)
(winachsx) winachsx [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_CNXT.sys -> [2005/12/06 11:20:42 | 000,670,208 | ---- | M | MD5 = 11EC1AFCEB5C917CE73D3C301FF4291E] (Conexant Systems, Inc.)
(HSX_DP) HSX_DP [Kernel | On_Demand | Running] -> C:\WINDOWS\system32\drivers\HSX_DP.sys -> [2005/12/06 11:20:40 | 000,936,448 | ---- | M | MD5 = A7F8C9228898A1E871D2AE7082F50AC3] (Conexant Systems, Inc.)
(ftsata2) ftsata2 [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\ftsata2.sys -> [2005/06/29 17:03:18 | 000,175,104 | ---- | M | MD5 = 22399D3CE5840C6082844679CCA5D2FC] (Promise Technology, Inc.)
(iaStor) Intel RAID Controller [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\iaStor.sys -> [2005/06/17 06:33:40 | 000,872,064 | ---- | M | MD5 = 9A65E42664D1534B68512CAAD0EFE963] (Intel Corporation)
(AmdK8) AMD Processor Driver [Kernel | System | Running] -> C:\WINDOWS\system32\drivers\AmdK8.sys -> [2005/03/09 14:53:00 | 000,036,352 | ---- | M | MD5 = 59301936898AE62245A6F09C0ABA9475] (Advanced Micro Devices)
(rtl8139) Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver [Kernel | On_Demand | Stopped] -> C:\WINDOWS\system32\drivers\RTL8139.sys -> [2004/08/03 14:31:34 | 000,020,992 | ---- | M | MD5 = D507C1400284176573224903819FFDA3] (Realtek Semiconductor Corporation)
(bb-run) Promise driver accelerator [Kernel | Boot | Running] -> C:\WINDOWS\system32\DRIVERS\bb-run.sys -> [2003/11/05 07:45:12 | 000,017,408 | ---- | M | MD5 = 7270D070173B20AC9487EA16BB08B45F] (Promise Technology, Inc.)

[Registry - Safe List]
< Internet Explorer Settings [HKEY_LOCAL_MACHINE\] > -> ->
HKEY_LOCAL_MACHINE\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Local Page" -> %SystemRoot%\system32\blank.htm ->
HKEY_LOCAL_MACHINE\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_LOCAL_MACHINE\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
< Internet Explorer Settings [HKEY_USERS\.DEFAULT\] > -> ->
HKEY_USERS\.DEFAULT\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\.DEFAULT\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-18\] > -> ->
HKEY_USERS\S-1-5-18\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: Main\"Start Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-18\: "ProxyEnable" -> 0 ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > -> ->
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Page_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Default_Search_URL" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Search Page" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Main\"Secondary Start Pages" -> [binary data] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: Search\"SearchAssistant" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"" -> [You must be registered and logged in to see this link.] ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: SearchURL\"provider" -> gogl ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyEnable" -> 0 ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\: "ProxyOverride" -> ;*.local ->
< FireFox Settings [Prefs.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\prefs.js ->
browser.search.useDBForOrder -> true ->
browser.startup.homepage -> "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official" ->
extensions.enabledItems -> [You must be registered and logged in to see this link.]:1.0 ->
keyword.URL -> "http://search.yahoo.com/search?fr=panda&type=panda1_0yatb&p=" ->
< FireFox Settings [User.js] > -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\FireFox\Profiles\7x8fv31u.default\user.js ->
< FireFox Extensions [HKLM] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
HKLM\software\mozilla\Firefox\extensions -> ->
HKLM\software\mozilla\Firefox\extensions\\widgetruntime@surfsecret.com -> C:\Program Files\Panda Security\Panda ID Protect\Firefox [C:\PROGRAM FILES\PANDA SECURITY\PANDA ID PROTECT\FIREFOX] -> [2010/07/27 02:20:55 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions -> ->
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components -> C:\Program Files\Mozilla Firefox\components [C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS] -> [2010/07/27 16:55:23 | 000,000,000 | ---D | M]
HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins -> C:\Program Files\Mozilla Firefox\plugins [C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS] -> [2010/07/27 16:55:22 | 000,000,000 | ---D | M]
< FireFox Extensions [User Folders] > ->
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions -> [2008/09/01 01:08:29 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
Microsoft .NET Framework Assistant -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} -> [2010/04/27 13:53:02 | 000,000,000 | ---D | M]
-> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\extensions\personas@christopher.beard -> [2010/05/13 20:57:03 | 000,000,000 | ---D | M]
< FireFox SearchPlugins [User Folders] > ->
youtube-video-search.xml -> C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\7x8fv31u.default\searchplugins\youtube-video-search.xml -> [2008/12/13 20:46:11 | 000,002,109 | ---- | M | MD5 = EB368E78ECC13C7DD221CC2E14425CA3] ()
< FireFox Extensions [Program Folders] > ->
-> C:\Program Files\Mozilla Firefox\extensions -> [2010/07/27 16:52:59 | 000,000,000 | ---D | M]
~[Filtered]~
Reset Hosts
127.0.0.1 localhost
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
< Internet Explorer ToolBars [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\ToolBar ->
"{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}" [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Toolbar\ ->
ShellBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{3041D03E-FD4B-44E0-B742-2D9B88305F98}" [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
WebBrowser\"{C4069E3A-68F1-403E-B40E-20066696354B}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
WebBrowser\"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< Run [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"Alcmtr" -> C:\WINDOWS\ALCMTR.EXE [ALCMTR.EXE] -> [2008/06/19 08:20:52 | 000,057,344 | ---- | M | MD5 = EA31039E691C6F8F5469649526EEA5FB] (Realtek Semiconductor Corp.)
"AlwaysReady Power Message APP" -> C:\WINDOWS\arpwrmsg.exe [ARPWRMSG.EXE] -> [2005/08/02 23:19:16 | 000,077,312 | ---- | M | MD5 = B596347A26DC054EBB44EB3BC8E95B0A] (Microsoft)
"AppleSyncNotifier" -> C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe] -> [2010/03/16 21:58:34 | 000,047,392 | ---- | M | MD5 = FD89A30C8A9FF4929ABC5039E6A527A4] (Apple Inc.)
"HPBootOp" -> C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe ["C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run] -> [2006/02/15 22:34:58 | 000,249,856 | ---- | M | MD5 = A789B145F17FA5C2326907F4872FE173] (Hewlett-Packard Company)
"HPHUPD08" -> c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe [c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe] -> [2005/06/01 23:35:56 | 000,049,152 | ---- | M | MD5 = 4F113169A2DE985D043A5530987AD6D0] (Hewlett-Packard)
"HPSUreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\HPSULastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"IMEKRMIG6.1" -> C:\WINDOWS\ime\imkr6_1\imekrmig.exe [C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE] -> [2004/08/09 14:00:00 | 000,044,032 | ---- | M | MD5 = E6BB63BBE1BED01769CA87F4DAC286C8] (Microsoft Corporation)
"IMJPMIG8.1" -> C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE ["C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32] -> [2004/08/09 14:00:00 | 000,208,952 | ---- | M | MD5 = 7BBE4CF421AECC7F0226EDD75F12079F] (Microsoft Corporation)
"Mqoganapiqifep" -> C:\WINDOWS\iwufazeqeq.DLL [rundll32.exe "C:\WINDOWS\iwufazeqeq.dll",Startup] -> File not found
"MSPY2002" -> C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe [C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC] -> [2004/08/09 14:00:00 | 000,059,392 | ---- | M | MD5 = 1B17E09C1223F6D17336D2DD7A1AF4F4] ()
"NvCplDaemon" -> C:\WINDOWS\System32\NvCpl.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup] -> [2010/04/03 19:23:16 | 013,670,504 | ---- | M | MD5 = 8FFC8E6236073D462CAD9EDABFD3E0E4] (NVIDIA Corporation)
"NvMediaCenter" -> C:\WINDOWS\System32\NvMcTray.DLL [RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit] -> [2010/04/03 19:23:16 | 000,110,696 | ---- | M | MD5 = 2EF47B25843130B9E05AD487D667374D] (NVIDIA Corporation)
"PHIME2002A" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PHIME2002ASync" -> C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE [C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC] -> [2004/08/09 14:00:00 | 000,455,168 | ---- | M | MD5 = 024DC0F68DF5FD6AE9DD82DFBAF479D6] (Microsoft Corporation)
"PMLreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\pmlreset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"PSUNMain" -> C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe ["C:\Program Files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar] -> [2010/05/14 15:06:30 | 000,406,848 | ---- | M | MD5 = 6E89A16E4A3E5FD19AD5B74DA023B671] (Panda Security, S.L.)
"RBreset" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe cmd /c c:\hp\drivers\hpsu\RBLastRunReset.bat] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"Recguard" -> C:\WINDOWS\SMINST\Recguard.exe [C:\WINDOWS\SMINST\RECGUARD.EXE] -> [2005/07/22 22:14:00 | 000,237,568 | ---- | M | MD5 = F3EAEA279F09A7779C18793C87640794] ()
"SetDefaultPrinter" -> c:\hp\bin\cloaker.exe [c:\hp\bin\cloaker.exe c:\windows\system32\cmd.exe /c c:\hp\bin\defaultprinter\SetDefaultPrinter.cmd] -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
"TkBellExe" -> C:\Program Files\Common Files\Real\Update_OB\realsched.exe ["C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot] -> [2006/06/17 21:44:35 | 000,180,269 | ---- | M | MD5 = 1AC2C58B587C70DE64582AD41EE79FBA] (RealNetworks, Inc.)
< RunOnceEx [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx ->
"Flags" -> Reg Error: Invalid data type. [Reg Error: Invalid data type.] -> File not found
"Title" -> [UnHackMe Rootkit Check] -> File not found
< Run [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Run ->
"SmartRAM" -> C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe ["C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m] -> [2010/01/22 14:12:12 | 000,200,280 | ---- | M | MD5 = 9DB4FC143600770F183C8796DDD56101] (IObit)
< Admin Startup Folder > -> C:\Documents and Settings\Admin\Start Menu\Programs\Startup ->
< Administrator Startup Folder > -> C:\Documents and Settings\Administrator\Start Menu\Programs\Startup ->
< All Users Startup Folder > -> C:\Documents and Settings\All Users\Start Menu\Programs\Startup ->
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe -> [2008/04/23 03:38:16 | 000,029,696 | ---- | M | MD5 = DFCB9ADE94A4F8A7C42EEF41101A30AD] (Adobe Systems Incorporated)
< asdf Startup Folder > -> C:\Documents and Settings\asdf\Start Menu\Programs\Startup ->
< Default User Startup Folder > -> C:\Documents and Settings\Default User\Start Menu\Programs\Startup ->
C:\Documents and Settings\Default User\Start Menu\Programs\Startup\Pin.lnk -> C:\hp\bin\cloaker.exe -> [1999/11/06 23:11:14 | 000,027,136 | ---- | M | MD5 = 6380625DD0480ED60960A149A087C848] (Hewlett-Packard Co.)
< Eric Startup Folder > -> C:\Documents and Settings\Eric\Start Menu\Programs\Startup ->
< Guest Startup Folder > -> C:\Documents and Settings\Guest\Start Menu\Programs\Startup ->
< Guest.ERIC Startup Folder > -> C:\Documents and Settings\Guest.ERIC\Start Menu\Programs\Startup ->
< HP_Administrator Startup Folder > -> C:\Documents and Settings\HP_Administrator\Start Menu\Programs\Startup ->
< Software Policy Settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Infodelivery\Restrictions
\Infodelivery\Restrictions\"NoUpdateCheck" -> [1] -> File not found
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Main
\Main\"DEPOff" -> [1] -> File not found
< CurrentVersion Policy Settings - Explorer [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"HonorAutoRunSetting" -> [1] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
\"NoResolveSearch" -> [1] -> File not found
< CurrentVersion Policy Settings - System [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
\"InstallVisualStyle" -> C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles [C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles] -> [2004/08/10 02:39:00 | 001,347,728 | ---- | M | MD5 = 1B272DBF6C5CCEB5DC2BB488271DDF6D] (Microsoft)
\"InstallTheme" -> C:\WINDOWS\Resources\Themes\Royale.Theme [C:\WINDOWS\Resources\Themes\Royale.theme] -> [2004/07/28 01:03:28 | 000,001,293 | ---- | M | MD5 = 48A47B0E32E3B9314C2C774EDB6BBC10] ()
< CurrentVersion Policy Settings [HKEY_USERS\.DEFAULT] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-18] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-19] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-20] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
\"NoDriveTypeAutoRun" -> [145] -> File not found
\"LinkResolveIgnoreLinkInfo" -> [0] -> File not found
< CurrentVersion Policy Settings [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
< Internet Explorer Menu Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Menu Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\MenuExt\ ->
E&xport to Microsoft Excel -> C:\Program Files\Microsoft Office\Office12\EXCEL.EXE [res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000] -> [2010/04/24 08:25:04 | 018,352,488 | ---- | M | MD5 = 86075C2A59A89A4A9E7427525513AFD6] (Microsoft Corporation)
< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\ ->
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Button: Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{2670000A-7350-4f3c-8081-5663EE0C6C49}:{48E73304-E1D6-4330-914C-F5F514E3486C} [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Menu: S&end to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
{92780B25-18CC-41C8-B9BE-3C9C571A8263}:{FF059E31-CC5A-4E2E-BF3B-96E929D65503} [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Button: Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Button: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
{E2D4D26B-0180-43a4-B05F-462D6D54C789}:C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm [Menu: Internet Connection Help] -> [2008/08/05 16:00:15 | 000,000,706 | ---- | M | MD5 = 7CB21E1F67A80EAC34B2C10F88F1ED7E] ()
< Internet Explorer Extensions [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Extensions [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\Software\Microsoft\Internet Explorer\Extensions\ ->
CmdMapping\"{08B0E5C0-4FCB-11CF-AAA5-00401C608501}" [HKLM] -> [Reg Error: Value error.] -> File not found
CmdMapping\"{2670000A-7350-4f3c-8081-5663EE0C6C49}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll [Send to OneNote] -> [2009/02/26 19:45:52 | 000,603,040 | ---- | M | MD5 = 79F7DB36E67B9E8365FA824AD96DF400] (Microsoft Corporation)
CmdMapping\"{92780B25-18CC-41C8-B9BE-3C9C571A8263}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL [Research] -> [2009/03/06 04:04:56 | 000,039,464 | ---- | M | MD5 = AEF204E782BFA2C8448CB43A58960744] (Microsoft Corporation)
CmdMapping\"{E2D4D26B-0180-43a4-B05F-462D6D54C789}" [HKLM] -> [Internet Connection Help] -> File not found
< Internet Explorer Plugins [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Plugins\ ->
< Default Prefix > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\URL\DefaultPrefix
"" -> [You must be registered and logged in to see this link.]
< Trusted Sites Domains [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4 domain(s) found. ->
trymedia.com .[http] -> Trusted sites ->
trymedia.com .[https] -> Trusted sites ->
< Trusted Sites Ranges [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\.DEFAULT\] > -> HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-18\] > -> HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 0 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-20\] > -> HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Trusted Sites Domains [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\ -> [Key] 4822 domain(s) found. ->
< Trusted Sites Ranges [HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\] > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ ->
HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\ -> [Key] 0 range(s) found. ->
< Downloaded Program Files > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\ ->
{6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [HKLM] -> [You must be registered and logged in to see this link.] [MUWebControl Class] ->
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> [You must be registered and logged in to see this link.] [Reg Error: Value error.] ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\ ->
DhcpNameServer -> 172.16.0.1 ->
< Name Servers [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Adapters\ ->
{17D5309F-1A7F-46BD-BD33-546410D32A2D}\\DhcpNameServer -> 172.16.0.1 (NVIDIA nForce Networking Controller) ->
{892900FC-9814-4488-99C0-81491C1EE93D}\\DhcpNameServer -> 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 (HP EN1207D-TX PCI 10/100 Fast Ethernet Adapter) ->
< Winlogon settings [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon ->
*Shell* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell ->
Explorer.exe -> C:\WINDOWS\explorer.exe -> [2008/04/13 17:12:19 | 001,033,728 | ---- | M | MD5 = 12896823FB95BFB3DC9B46BCAEDC9923] (Microsoft Corporation)
*MultiFile Done* -> ->
< ShellExecuteHooks [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks ->
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}" [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Stub Execution Hook] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
< Domain Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List ->
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
< Standard Profile Authorized Applications List > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List ->
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe [C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager] -> [2010/06/13 13:23:13 | 000,172,032 | ---- | M | MD5 = 7C795C05B5DC8079071AB1EB89DF28D8] (Nexon)
"C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe" -> C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe [C:\Documents and Settings\HP_Administrator\My Documents\Downloads\Serial.Loaris.Trojan.Remover.1.1.8.1.exe:*:Enabled:hl3uJCg 7kGvRtQ0f 8Hxju80GSN] -> File not found
"C:\Nexon\DFO\DFO.exe" -> C:\Nexon\DFO\DFO.exe [C:\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online] -> File not found
"C:\Program Files\Darkeden\darkeden.exe" -> C:\Program Files\Darkeden\darkeden.exe [C:\Program Files\Darkeden\darkeden.exe:*:Enabled:DarkEden] -> [2009/05/17 19:04:49 | 004,833,381 | ---- | M | MD5 = ED7ECDFA1B9C01F07EA29D3B1C8E1F79] (Softon)
"C:\Program Files\DISC\DISCover.exe" -> C:\Program Files\DISC\DISCover.exe [C:\Program Files\DISC\DISCover.exe:*:Enabled:DISCover Drop & Play System] -> [2006/03/16 02:12:40 | 001,077,248 | ---- | M | MD5 = 5F4F51DCDDEED4CD994937572B9D9253] (Digital Interactive Systems Corporation)
"C:\Program Files\DISC\DiscStreamHub.exe" -> C:\Program Files\DISC\DiscStreamHub.exe [C:\Program Files\DISC\DiscStreamHub.exe:*:Enabled:DISCover Stream Hub] -> [2006/03/16 02:11:54 | 000,057,344 | ---- | M | MD5 = 35FD73BA6356094ABCB61F0A2C555595] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\DISC\myFTP.exe" -> C:\Program Files\DISC\myFTP.exe [C:\Program Files\DISC\myFTP.exe:*:Enabled:DISCover FTP] -> [2006/03/16 02:11:50 | 000,094,208 | ---- | M | MD5 = 227B4BF7B10BFF468CD710786416E3AC] (Digital Interactive Systems Corporation, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" -> C:\Program Files\FrostWire\FrostWire.exe [C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire] -> [2008/09/03 15:39:00 | 000,114,688 | ---- | M | MD5 = 4939D0506630168E691C7D389435A773] (FrostWire Group)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe] -> [2005/09/21 04:25:22 | 000,151,635 | ---- | M | MD5 = 0CE9412D1E52DBA51CA19CD9F042A1C4] (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe [C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe] -> [2006/01/24 02:03:00 | 000,057,344 | ---- | M | MD5 = 9F52382401170537C00A7AD014C82FF4] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe [C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe] -> [2006/01/24 01:40:30 | 000,225,280 | ---- | M | MD5 = 632420CEEFA48B445185D6B6330AA8A6] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe [C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe] -> [2006/01/24 01:40:04 | 000,040,960 | ---- | M | MD5 = 216470386C9BAAEFBFF58EA72848C602] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hposid01.exe [C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe] -> [2006/01/24 01:35:14 | 000,081,920 | ---- | M | MD5 = 41D4BAF0D93D70E90DBA3FF59AF42F02] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe [C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe] -> [2006/01/24 02:09:36 | 000,172,032 | ---- | M | MD5 = 43F77B33F7C076ABD39C4AEEE1818669] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" -> C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe [C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe] -> [2006/01/24 01:38:52 | 000,438,272 | ---- | M | MD5 = 3D39C5FC503B3E3C5C3C89E1C51EBA5C] (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe] -> [2006/02/09 23:41:28 | 000,573,440 | ---- | M | MD5 = 5D6F0A491239FBA43B21F845F9C19E41] ( )
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" -> C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe [C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe] -> [2006/02/09 23:43:36 | 000,110,592 | R--- | M | MD5 = EE4B17A5E3F939F128266846FED3975F] (Hewlett-Packard)
"C:\Program Files\iTunes\iTunes.exe" -> C:\Program Files\iTunes\iTunes.exe [C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes] -> [2010/07/16 07:41:54 | 010,358,568 | ---- | M | MD5 = C1D9C273B3439FD2563362D782B272DA] (Apple Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" -> C:\Program Files\Java\jre6\bin\java.exe [C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary] -> [2010/04/24 02:57:41 | 000,145,184 | ---- | M | MD5 = 43F7CA0473BB0FC9DD44ECF328B8D1FA] (Sun Microsystems, Inc.)
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE" -> C:\Program Files\Microsoft Office\Office12\GROOVE.EXE [C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove] -> [2009/02/14 06:03:18 | 000,337,264 | ---- | M | MD5 = 47B90FCFE1B89BCEE4458BAD3C1C5C63] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" -> C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE [C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote] -> [2009/02/26 15:24:50 | 001,001,840 | ---- | M | MD5 = 96F0A88B100A4E2914F1272E35714128] (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE [C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook] -> [2009/08/17 22:54:54 | 012,957,536 | ---- | M | MD5 = A4C6626DD0833249DFC8224014965E07] (Microsoft Corporation)
"C:\Program Files\ooVoo\ooVoo.exe" -> C:\Program Files\ooVoo\ooVoo.exe [C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo] -> [2010/05/25 11:05:18 | 019,360,560 | ---- | M | MD5 = D5FFBDCB888E1CC4577974C3E59735FF] (ooVoo LLC)
"C:\Program Files\Opera\opera.exe" -> C:\Program Files\Opera\opera.exe [C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser] -> [2009/11/20 20:01:18 | 000,832,296 | ---- | M | MD5 = A5F6A9A70592C33F451ACB0708266174] (Opera Software)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" -> C:\Program Files\Pando Networks\Media Booster\PMB.exe [C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster] -> [2010/05/21 16:31:05 | 002,938,552 | ---- | M | MD5 = 9781B8F5F92663AC4FA0C1E750EFD105] ()
"C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe" -> C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe [C:\Program Files\Steam\steamapps\crucifix676\team fortress 2\hl2.exe:*:Enabled:hl2] -> [2010/07/11 17:32:04 | 000,103,760 | ---- | M | MD5 = 9A74442EB6A59D7713FF2CF49B2736C5] ()
"C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe" -> C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe [C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe:*:Enabled:Updates from HP] -> [2006/06/17 22:02:58 | 000,036,903 | ---- | M | MD5 = 84A6C6456F86ED03B79DB55BCBCDB2BD] (Hewlett-Packard)
"C:\Program Files\Ventrilo\Ventrilo.exe" -> C:\Program Files\Ventrilo\Ventrilo.exe [C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe] -> [2009/04/22 22:11:32 | 001,675,776 | ---- | M | MD5 = 9DA1F1163C7B5DA29EEC2FF3A731EEA9] (Flagship Industries, Inc.)
"C:\Program Files\Vuze\Azureus.exe" -> C:\Program Files\Vuze\Azureus.exe [C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze] -> [2010/01/13 11:42:06 | 000,232,896 | ---- | M | MD5 = BAF503FEDF00C58C123B100CDA7A7D4F] (Vuze Inc.)
"C:\Program Files\Xfire\Xfire.exe" -> C:\Program Files\Xfire\Xfire.exe [C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire] -> [2009/11/05 19:14:36 | 003,152,272 | ---- | M | MD5 = C50C04CEDE8102679D8B0265C9DE3EDE] (Xfire Inc.)
"C:\Riot Games\League of Legends\air\LolClient.exe" -> C:\Riot Games\League of Legends\air\LolClient.exe [C:\Riot Games\League of Legends\air\LolClient.exe:*:Enabled:League of Legends Lobby] -> [2010/05/22 14:50:54 | 000,081,408 | ---- | M | MD5 = 34F3AF061D6D7470FC17699B90884FA6] ()
"C:\Riot Games\League of Legends\game\League of Legends.exe" -> C:\Riot Games\League of Legends\game\League of Legends.exe [C:\Riot Games\League of Legends\game\League of Legends.exe:*:Enabled:League of Legends Game Client] -> [2010/07/27 17:11:08 | 007,397,376 | ---- | M | MD5 = 6673DEBE1199E7E646B37511B3EB3328] ()
< SafeBoot AlternateShell [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot ->
< CDROM Autorun Setting [HKEY_LOCAL_MACHINE]> -> HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom ->
"AutoRun" -> 1 ->

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by crucifix676 on Wed 28 Jul 2010, 10:24 pm

"DisplayName" -> CD-ROM Driver ->
"ImagePath" -> [system32\DRIVERS\cdrom.sys] -> File not found
< Drives with AutoRun files > -> ->
C:\AUTOEXEC.BAT [PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | PATH=%PATH%;C:\PROGRA~1\COMMON~1\MUVEET~1\030625 | ] -> C:\AUTOEXEC.BAT [ NTFS ] -> [2006/06/17 21:59:03 | 000,000,100 | ---- | M | MD5 = E7EB038D6FFE32C75E0509E5212358E1] ()
D:\AUTOEXEC.BAT [] -> D:\AUTOEXEC.BAT [ FAT32 ] -> [2001/07/27 15:07:38 | 000,000,000 | -HS- | M | MD5 = D41D8CD98F00B204E9800998ECF8427E] ()
D:\Autorun.inf [[AUTORUN] | ShellExecute=Info.exe protect.ed 480 480 | ] -> D:\Autorun.inf [ FAT32 ] -> [2004/04/30 07:01:14 | 000,000,053 | -HS- | M | MD5 = 8ABA234578AFF1B6CCB8C245503E03F1] ()
< MountPoints2 [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2 ->
\{74730cf3-2ece-11de-98c0-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\"" -> [AutoRun] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\"" -> [Auto&Play] -> File not found
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command
\{74730cf3-2ece-11de-98c0-001731cd350c}\Shell\AutoRun\command\"" -> K:\LaunchU3.exe [K:\LaunchU3.exe -a] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\AutoRun\command\"" -> [] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\explore\Command\"" -> [RECYCLER\INFO.exe] -> File not found
\{b3a315f3-4a7a-11de-98e7-001731cd350c}
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command
\{b3a315f3-4a7a-11de-98e7-001731cd350c}\Shell\open\Command\"" -> [RECYCLER\INFO.exe] -> File not found
< Registry Shell Spawning - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command ->
comfile [open] -> "%1" %* ->
exefile [open] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found

[Registry - Additional Scans - Safe List]
< Disabled MSConfig Services [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\services ->
"avg9wd" -> ->
"LiveUpdate" -> ->
"XobniService" -> ->
< Disabled MSConfig Registry Items [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ ->
AVG9_TRAY hkey=HKLM key=SOFTWARE\Microsoft\Windows\CurrentVersion\Run -> C:\PROGRA~1\AVG\AVG9\avgtray.exe -> File not found
< Disabled MSConfig State [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\state ->
"bootini" -> 0 ->
"services" -> 2 ->
"startup" -> 2 ->
"system.ini" -> 0 ->
"win.ini" -> 0 ->
< Drivers32 [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32 ->
"msacm.iac2" -> C:\WINDOWS\system32\iac25_32.ax [C:\WINDOWS\system32\iac25_32.ax] -> [2008/04/13 17:12:42 | 000,199,680 | ---- | M | MD5 = 877C90686858D899B042BBA45E9B7F2C] (Intel Corporation)
"msacm.l3acm" -> C:\WINDOWS\system32\l3codeca.acm [C:\WINDOWS\system32\l3codeca.acm] -> [2010/01/29 07:43:39 | 000,307,260 | ---- | M | MD5 = F3946B534CC197CBFFD9A2ECFD1F556F] (Fraunhofer Institut Integrierte Schaltungen IIS)
"msacm.sl_anet" -> C:\WINDOWS\System32\sl_anet.acm [sl_anet.acm] -> [2008/04/13 17:10:50 | 000,086,016 | ---- | M | MD5 = 0DBB250A89E2E1C9281009AC269F0805] (Sipro Lab Telecom Inc.)
"msacm.trspch" -> C:\WINDOWS\System32\tssoft32.acm [tssoft32.acm] -> [2004/08/09 21:00:00 | 000,008,192 | ---- | M | MD5 = E8CD0D7E169ECCE2D4FD829DAAB786ED] (DSP GROUP, INC.)
"MSVideo8" -> C:\WINDOWS\System32\vfwwdm32.dll [VfWWDM32.dll] -> [2008/04/13 17:12:08 | 000,053,760 | ---- | M | MD5 = E2A57AC21705D3A05BB89BE201FA5C0C] (Microsoft Corporation)
"vidc.cvid" -> C:\WINDOWS\System32\iccvid.dll [iccvid.dll] -> [2008/04/13 17:11:54 | 000,080,384 | ---- | M | MD5 = 7E86D471EF8DED7B9D15106002120271] (Radius Inc.)
"vidc.iv31" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv32" -> C:\WINDOWS\System32\ir32_32.dll [ir32_32.dll] -> [2004/08/09 21:00:00 | 000,199,168 | ---- | M | MD5 = 43ECA1576906BA76FB3E329A338A3CAE] ()
"vidc.iv41" -> C:\WINDOWS\System32\ir41_32.ax [ir41_32.ax] -> [2008/04/13 17:12:42 | 000,848,384 | ---- | M | MD5 = 948E1498C6438625247F94534AAA82FE] (Intel Corporation)
"vidc.iv50" -> C:\WINDOWS\System32\ir50_32.dll [ir50_32.dll] -> [2008/04/13 17:11:55 | 000,755,200 | ---- | M | MD5 = 5F10DC19D92CCF6B719B494572F4F74B] (Intel Corporation)
"vidc.LEAD" -> C:\WINDOWS\System32\LCodcCMP.dll [LCODCCMP.DLL] -> [2002/04/24 18:42:18 | 000,364,544 | ---- | M | MD5 = 021C3E651ACDB0C71498259C208FCCAC] (LEAD Technologies, Inc.)
"VIDC.XFR1" -> C:\WINDOWS\System32\xfcodec.dll [xfcodec.dll] -> [2009/11/05 19:14:42 | 000,041,872 | ---- | M | MD5 = DB614EBCA3231C2773181075BA96F8A5] ()
< Ext (PreApproved) - [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\ ->
{02BCC737-B171-4746-94C9-0D8A0B2C0089} [HKLM] -> C:\Program Files\Microsoft Office\Office12\IEAWSDC.DLL [Microsoft Office Template and Media Control] -> [2008/10/25 06:18:50 | 000,172,880 | ---- | M | MD5 = E6BC6BA065287D7B6C22D9231E80AF3B] ()
{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{075A24FD-4418-4841-9C3A-55CD5FFDE375} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxGameControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{07B06095-5687-4D13-9E32-12B4259C9813} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld UploadCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{0D012ABD-CEED-11D2-9C76-00105AA73033} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveDocumentShareTool.dll [Groove DocumentShareView] -> [2009/02/14 06:03:38 | 003,070,832 | ---- | M | MD5 = ECA43292F8C283A96756A95DAA2BF93B] (Microsoft Corporation)
{31261F21-2B16-45EE-BEAB-07C4CFA18B65} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{3FD37ABB-F90A-4DE5-AA38-179629E64C2F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Spreadsheet Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{4063BE15-3B08-470D-A0D5-B37161CFFD69} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [QuickTime Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{444785F1-DE89-4295-863A-D46C3A781394} [HKLM] -> C:\Program Files\Unity\WebPlayer\loader\UnityWebPluginAX.ocx [UnityWebPlayer Control] -> [2009/01/12 11:22:56 | 000,508,656 | ---- | M | MD5 = B30F43E9E5ABF7B4B74AAD4D7A444E7C] (Unity Technologies ApS)
{56A58823-AE99-11D5-B90B-0050DACD1F75} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveCommonComponents.dll [Groove Data List Display] -> [2009/02/14 06:03:28 | 002,687,336 | ---- | M | MD5 = 9E1E3647CDE6AF66D3CD634624A99365] (Microsoft Corporation)
{5852F5ED-8BF4-11D4-A245-0080C6F74284} [HKLM] -> C:\Program Files\Java\jre6\bin\wsdetect.dll [isInstalled Class] -> [2010/04/24 02:57:45 | 000,108,320 | ---- | M | MD5 = 1C9FADA9BB66DFFC55E3628AD505931F] (Sun Microsystems, Inc.)
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{62B4D041-4667-40B6-BB50-4BC0A5043A73} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Export Database Launcher] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{65BCBEE4-7728-41A0-97BE-14E1CAE36AAE} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSLIST.DLL [Microsoft Office List 12.0] -> [2009/03/06 03:01:06 | 002,335,648 | ---- | M | MD5 = 573689497BF82AD0FEAF4581AB6E4042] (Microsoft Corporation)
{68979310-D979-4CCA-AB57-83BEFB03E0D3} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8075631E-5146-11D5-A672-00B0D022E945} [HKLM] -> C:\Program Files\Microsoft Office\Office12\INLAUNCH.DLL [SharepointOpenXMLDocuments] -> [2009/03/06 04:26:06 | 000,065,400 | ---- | M | MD5 = E34C3EAC482B0FE3913E23FC2E85424C] (Microsoft Corporation)
{8AD9C840-044E-11D1-B3E9-00805F499D93} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{9203C2CB-1DC1-482D-967E-597AFF270F0D} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint OpenDocuments Class] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{9E21141C-E51F-4fc1-949E-757AF5EFF420} [HKLM] -> C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll [CNxMachineControl Object] -> [2010/06/13 13:23:13 | 000,126,976 | ---- | M | MD5 = 6138AFA7A62BFCBE84ED024861E5DADD] (Nexon)
{9F9C4924-C3F3-4459-A396-9E9E0D8B83D1} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADE3E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientEventSubscription Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE3F-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientMiscApis Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE40-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCommentThread Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE42-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientComment Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE43-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSBrowserUI Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE98-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWS Post Data] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADE9E-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [SharePoint Spreadsheet Launcher] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB3-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [Web Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB7-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionServers Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEB8-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSClientCollaboration Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDA-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussion] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDB-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.Discussions] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDC-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServer] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDD-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE.DiscussionServers] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEDE-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OSE Global Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEE0-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSCLT.DLL [OWSDiscussionBar Class] -> [2008/11/21 02:34:20 | 000,798,584 | ---- | M | MD5 = 7A61912304B78F99CB1E6E311FEFF253] (Microsoft Corporation)
{BDEADEF2-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint OpenDocuments Class] -> File not found
{BDEADEF4-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> Reg Error: Key error. [SharePoint Stssync Handler] -> File not found
{BDEADEF5-C265-11D0-BCED-00A0C90AB50F} [HKLM] -> C:\Program Files\Microsoft Office\Office12\OWSSUPP.DLL [SharePoint Stssync Handler] -> [2009/03/06 04:23:08 | 000,140,168 | ---- | M | MD5 = 29598106730A792694FA91E1184E5501] (Microsoft Corporation)
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{C9712B19-838B-45A5-ABF2-9A315DDDED50} [HKLM] -> C:\Program Files\Microsoft Office\Office12\AUTHZAX.DLL [Microsoft Office 12 Authorization Control] -> [2008/10/25 06:18:46 | 000,054,152 | ---- | M | MD5 = 96ED72080E20A360AB0D2597D1AC4EF6] (Microsoft Corporation)
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll [Java Plug-in 1.6.0_07] -> [2008/06/10 04:27:02 | 000,132,496 | ---- | M | MD5 = 7C83A2809E13950359189767AC9D5DB8] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC} [HKLM] -> C:\Program Files\Java\jre6\bin\npjpi160_20.dll [Java Plug-in 1.6.0_20] -> [2010/04/24 02:57:44 | 000,136,992 | ---- | M | MD5 = E06930C34F16C8AD24AD79502F40026A] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0000-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-DEC7-0000-0001-ABCDEFFEDCBA} [HKLM] -> C:\WINDOWS\system32\deployJava1.dll [Deployment Toolkit] -> [2010/04/24 02:57:40 | 000,411,368 | ---- | M | MD5 = B8F7C6CA5F8E97249853DBE1DADD1FBC] (Sun Microsystems, Inc.)
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBC} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{CB927D12-4FF7-4A9E-A169-56E4B8A75598} [HKLM] -> C:\Program Files\QuickTime\QTPlugin.ocx [Behavior Object] -> [2010/03/17 23:28:24 | 000,800,048 | ---- | M | MD5 = AD99EC8908185A02307CF071EF7BD9CF] (Apple Inc.)
{CDEC13B2-0B3C-400E-B909-E27EE89C6799} [HKLM] -> C:\Program Files\Microsoft Office\Office12\STSUPLD.DLL [STSUpld CopyCtl Class] -> [2006/10/26 19:59:30 | 000,227,128 | ---- | M | MD5 = 40A2F9DBE7434EB9B866D4B67FCA6C5B] (Microsoft Corporation)
{D719897A-B07A-4C0C-AEA9-9B663A28DFCB} [HKLM] -> C:\Program Files\iTunes\ITDetector.ocx [iTunesDetector Class] -> [2010/07/16 07:41:50 | 000,111,912 | ---- | M | MD5 = 1E0420B5062B4D4E1C13C931CE5084BE] (Apple Inc.)
{DFEAF541-F3E1-4c24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E01D1C6A-4F40-11D3-8958-00105A272DCF} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveTextTools.dll [Groove Text View] -> [2009/02/14 06:03:54 | 001,161,568 | ---- | M | MD5 = 53BABBB23E0A507C79D2FB488EABBBD9] (Microsoft Corporation)
{E543A17A-F212-49C0-B63D-BF09B460250E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\oisctrl.dll [OISClientLauncher Class] -> [2009/03/06 04:23:50 | 000,022,432 | ---- | M | MD5 = EA9E5B8D043D01851977B6D4C4C8F2A8] (Microsoft Corporation)
{E7339A62-0E31-4A5E-BA3D-F2FEDFBF8BE5} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Portal\PortalConnectCore.dll [PersonalSite Class] -> [2008/10/26 05:42:16 | 000,482,656 | ---- | M | MD5 = 2569192656E36C43D807DC37D5335919] ()
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
< Ext (Settings) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\ ->
{BDD307C3-7BC0-4542-9F8F-A9611FE6C1BF} [HKLM] -> C:\WINDOWS\system32\proctexe.ocx [Additive Surface] -> [2008/04/13 17:10:35 | 000,081,920 | ---- | M | MD5 = CF645DD270F3A7DBA0AB0B282FFA4526] (Intel Corporation)
< Ext (Stats) - [HKEY_CURRENT_USER] > -> HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\ ->
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [HKLM] -> C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [Adobe PDF Reader Link Helper] -> [2006/12/18 04:16:42 | 000,059,032 | ---- | M | MD5 = 4EA3A6CD9D20584FFAFDB1E47DBF0E20] (Adobe Systems Incorporated)
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{201F27D4-3704-41D6-89C1-AA35E39143ED} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2318C2B1-4965-11D4-9B18-009027A5CD4F} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2670000A-7350-4F3C-8081-5663EE0C6C49} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{2D360201-FFF5-11D1-8D03-00A0C959BC0A} [HKLM] -> C:\Program Files\Common Files\Microsoft Shared\Triedit\dhtmled.ocx [DHTML Edit Control Safe for Scripting for IE5] -> [2009/07/27 15:27:12 | 000,128,512 | ---- | M | MD5 = AB2618C157C8D7BC89BA3402C6E52638] (Microsoft Corporation)
{3041D03E-FD4B-44E0-B742-2D9B88305F98} [HKLM] -> C:\Program Files\AskBarDis\bar\bin\askBar.dll [Ask Toolbar] -> File not found
{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{5F5F9FB8-878E-4455-95E0-F64B2314288A} [HKLM] -> C:\WINDOWS\system32\ijjiPlugin2.dll [ijjiPlugin2 Class] -> [2008/06/12 00:01:48 | 000,058,800 | ---- | M | MD5 = C9E022659AB6AA3573753BFE2DF7652B] (NHN USA Corp.)
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} [HKLM] -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [Groove GFS Browser Helper] -> [2009/02/12 15:19:32 | 002,217,848 | ---- | M | MD5 = A6B5A41C0ED007AB6C43CAD899E533D8] (Microsoft Corporation)
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [HKLM] -> Reg Error: Key error. [Reg Error: Value error.] -> File not found
{92780B25-18CC-41C8-B9BE-3C9C571A8263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A3BC75A2-1F87-4686-AA43-5347D756017C} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{A8F38D8D-E480-4D52-B7A2-731BB6995FDD} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AA58ED58-01DD-4D91-8333-CF10577473F7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{AAAE832A-5FFF-4661-9C8F-369692D1DCB9} [HKLM] -> C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll [hpWebHelper Class] -> [2008/08/05 16:00:15 | 000,217,088 | ---- | M | MD5 = A0EF773AA00AFAF320E7404304EC5220] (TODO: )
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} [HKLM] -> C:\Program Files\Panda Security\Panda Security Toolbar\PandaSecurityDx.dll [Panda Security Toolbar] -> [2010/06/15 06:46:12 | 000,086,696 | ---- | M | MD5 = 26430378D083C787340EC434D0AF78C1] ()
{BF0118D4-63FF-4138-9327-F3028FB1A578} [HKLM] -> C:\WINDOWS\web\wallpaper\welcome\AWhelper.dll [Helper Class] -> File not found
{C4069E3A-68F1-403E-B40E-20066696354B} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{C901354A-DFBC-4297-9BC2-22D499A916D5} [HKLM] -> C:\WINDOWS\Downloaded Program Files\ijjisetup1010.dll [ijjiSetupCtrl1010 Class] -> [2008/06/12 00:01:50 | 000,112,048 | ---- | M | MD5 = B50757D650D5279DF72522C245E9C666] ()
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D0943516-5076-4020-A3B5-AEFAF26AB263} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{D27CDB6E-AE6D-11CF-96B8-444553540000} [HKLM] -> C:\WINDOWS\system32\Macromed\Flash\Flash10b.ocx [Shockwave Flash Object] -> [2009/02/02 19:07:18 | 003,866,528 | R--- | M | Unable to obtain MD5] (Adobe Systems, Inc.)
{DFEAF541-F3E1-4C24-ACAC-99C30715084A} [HKLM] -> c:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll [Microsoft Silverlight] -> [2010/05/23 23:30:20 | 001,013,760 | ---- | M | MD5 = 2CB7C019A1AB8EA3D281C9606D097331] ( Microsoft Corporation)
{E2D4D26B-0180-43A4-B05F-462D6D54C789} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E2E2DD38-D088-4134-82B7-F2BA38496583} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{E9DA06F1-632C-462F-98B3-AF74B47DA727} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B231-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F1FF080D-12A3-439A-A2EF-4BA95A3148E8} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
{F31D1897-7EFD-4647-8687-E05894E382AB} [HKLM] -> C:\WINDOWS\system32\runclose.ocx [Runclose Control] -> [2003/04/07 13:22:14 | 000,045,056 | ---- | M | MD5 = 79A35CB5078C385AFCC0F8E7B79B9866] (Hewlett-Packard Company)
{F8160836-0C11-4CA4-AD87-944542C7BCBD} [HKLM] -> C:\WINDOWS\system32\PubPlugin.dll [PubPlugin Class] -> [2008/04/23 15:02:12 | 000,157,152 | ---- | M | MD5 = 34E6B5C841396089053F129E6B904DBF] (NHN Corporation)
{FB5F1910-F110-11D2-BB9E-00C04F795683} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.] -> File not found
< File Associations - Select to Repair > -> HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\ ->
.bat [@ = batfile] -> "%1" %* ->
.cmd [@ = cmdfile] -> "%1" %* ->
.com [@ = comfile] -> "%1" %* ->
.exe [@ = exefile] -> "%1" %* ->
.pif [@ = piffile] -> "%1" %* ->
.scr [@ = scrfile] -> "%1" /S ->
< File Associations - Select to Repair > -> HKEY_USERS\S-1-5-21-2239381086-1206112939-3159093799-1008\SOFTWARE\Classes\\ ->
.exe [@ = exefile] -> Reg Error: Key error. -> File not found
.html [@ = FirefoxHTML] -> C:\Program Files\Mozilla Firefox\firefox.exe -> [2010/07/22 19:06:53 | 000,910,296 | ---- | M | MD5 = BACCDA841C689D1CBA941F478E8ED24B] (Mozilla Corporation)
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost > -> ->
*netsvcs* -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs ->
6to4 -> -> File not found
Ias -> -> File not found
Iprip -> -> File not found
Irmon -> -> File not found
NWCWorkstation -> -> File not found
Nwsapagent -> -> File not found
WmdmPmSp -> -> File not found

crucifix676

Newbie Surfer
Newbie Surfer

Posts : 49
Joined : 2010-06-23
Operating System : Windows XP

View user profile

Back to top Go down

Re: Google Redirecting Malware

Post by Sponsored content Today at 11:02 pm


Sponsored content


Back to top Go down

Page 3 of 4 Previous  1, 2, 3, 4  Next

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum