Google redirect virus + strange fan noise

View previous topic View next topic Go down

Google redirect virus + strange fan noise

Post by IJG on 18th September 2010, 8:54 pm

I received a virus a few days ago and I cannot get rid of it. So far I've used ComboFix, Spyware Doctor, Avira, Malwarebytes and SuperAntiSpyware. These tools have made it so that the redirects don't happen very often, but the virus is still there. In addition the fan on my laptop now makes a very odd noise when it really starts to work; This started happening the same time my computer got infected, so I'm assuming it's related.



OTL logfile created on: 9/18/2010 3:40:59 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Ian\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.86 Gb Total Space | 142.46 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.83 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive E: | 641.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEON
Current User Name: Ian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/09/18 15:40:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\Downloads\OTL.com
PRC - [2010/09/16 18:15:18 | 001,287,120 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2010/09/16 16:57:45 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/09/16 16:57:44 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/04/19 23:17:17 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
PRC - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe


========== Modules (SafeList) ==========

MOD - [2010/09/18 15:40:42 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Ian\Desktop\Downloads\OTL.com
MOD - [2010/02/26 08:16:18 | 000,154,160 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\smum32.dll
MOD - [2010/02/02 10:13:54 | 000,451,856 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\TFEngine\TFWAH.dll
MOD - [2009/10/30 11:18:16 | 000,147,024 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\PCTGMhk.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/19 03:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - [2010/04/19 23:17:17 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/15 12:50:36 | 001,142,224 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010/03/11 12:09:22 | 000,366,840 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2010/02/24 09:28:09 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/02/02 10:13:54 | 000,070,928 | ---- | M] (PC Tools) [On_Demand | Running] -- C:\Program Files\Spyware Doctor\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2010/01/22 09:56:24 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/10/24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/10/25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/03/05 14:30:06 | 000,110,592 | ---- | M] (Hewlett-Packard Development Company, L.P.) [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe -- (Com4Qlb)
SRV - [2005/01/31 09:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [File_System | Boot | Stopped] -- C:\Windows\System32\DRIVERS\Lbd.sys -- (Lbd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Ian\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/16 18:13:32 | 000,063,360 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2010/09/16 18:13:30 | 000,218,592 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/05 09:17:56 | 000,233,136 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\Windows\System32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2010/02/02 10:13:54 | 000,059,664 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/02/02 10:13:54 | 000,051,984 | --S- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/02/02 10:13:54 | 000,033,552 | --S- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 00:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 12:35:05 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/12/03 16:12:00 | 007,606,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008/06/20 16:37:38 | 000,200,112 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/03/04 10:32:00 | 000,188,416 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDRT32.sys -- (CnxtHdAudService)
DRV - [2008/01/22 00:06:45 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/12/19 19:27:34 | 000,041,456 | ---- | M] (Cyberlink Corp.) [Kernel | Auto | Running] -- C:\Program Files\HP\QuickPlay\000.fcl -- ({22D78859-9CE9-4B77-BF18-AC83E81A9263})
DRV - [2007/07/11 14:30:22 | 000,007,168 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqRemHid.sys -- (HpqRemHid)
DRV - [2007/07/10 10:27:56 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/06/20 07:29:56 | 000,984,064 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2007/06/20 07:28:34 | 000,208,896 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2007/06/20 07:28:22 | 000,660,480 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2007/06/18 21:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/05/30 19:40:42 | 000,735,232 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/03/22 02:02:04 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/03/06 22:15:58 | 001,059,112 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007/02/24 18:42:22 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2007/02/16 17:50:32 | 000,012,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/01/23 20:40:20 | 000,042,496 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/11/02 03:30:53 | 000,464,384 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/10/18 22:10:57 | 001,380,864 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "[You must be registered and logged in to see this link.]
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/08 09:56:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/09/16 16:57:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/09/16 16:57:47 | 000,000,000 | ---D | M]

[2008/06/17 18:10:22 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Extensions
[2010/09/18 15:34:49 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions
[2010/06/24 18:19:29 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/05/20 16:49:12 | 000,000,000 | ---D | M] (WeatherBug) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\{3EC9C995-8072-4fc0-953E-4F30620D17F3}
[2009/07/19 19:29:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\2020Player@2020Technologies.com
[2009/10/07 14:14:34 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\en-US@dictionaries.addons.mozilla.org
[2010/07/26 16:43:09 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\support@ancestry.com
[2010/05/08 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions
[2008/12/15 09:40:22 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/03/12 22:32:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/05/08 22:16:30 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\firefox@tvunetworks.com
[2008/05/13 19:02:18 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\justintvpublisher@justin.tv
[2008/05/19 12:26:15 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\moveplayer@movenetworks.com
[2008/03/12 22:30:34 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\piclens@cooliris.com
[2009/01/27 17:38:16 | 000,000,000 | ---D | M] -- C:\Users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\dhj38eov.default\extensions\staged-xpis
[2010/09/17 15:15:05 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/09/17 14:59:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (TwcToolbarBhoApp Class) - {AA1F9DDB-E605-4ba6-81D4-E427DEE012AD} - C:\Windows\System32\TwcToolbarBho.dll ()
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [Vjiuzjr] C:\Users\Ian\AppData\Roaming\KBDINMART.DLL ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : The Weather Channel - {2E5E800E-6AC0-411E-940A-369530A35E43} - Reg Error: Value error. File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKCU\..Trusted Domains: adecco.com ([*.xpert] http in Trusted sites)
O15 - HKCU\..Trusted Domains: adecco.com ([ak3.xpert] * in Trusted sites)
O15 - HKCU\..Trusted Domains: adecco.com ([ak3.xpert] https in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} [You must be registered and logged in to see this link.] (SysData Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Ian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Ian\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/12/06 00:36:21 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2005/09/11 11:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O32 - AutoRun File - [2003/08/28 19:02:12 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2003/08/28 19:02:13 | 000,000,059 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/17 15:04:24 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/09/17 15:04:19 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Local\temp
[2010/09/17 14:36:55 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/09/17 14:10:38 | 000,000,000 | ---D | C] -- C:\ComboFix(0)
[2010/09/17 01:33:24 | 000,000,000 | ---D | C] -- C:\122429784e7c926d8d86cc
[2010/09/16 21:55:22 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\Malwarebytes
[2010/09/16 21:55:04 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/09/16 21:55:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/09/16 21:54:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/09/16 21:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/16 19:33:18 | 000,059,664 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfSysMon.sys
[2010/09/16 19:33:17 | 000,051,984 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfFsMon.sys
[2010/09/16 19:33:17 | 000,033,552 | --S- | C] (PC Tools) -- C:\Windows\System32\drivers\TfNetMon.sys
[2010/09/16 17:57:46 | 001,652,688 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDCore.dll
[2010/09/16 17:57:46 | 000,165,840 | ---- | C] (Threat Expert Ltd.) -- C:\Windows\PCTBDRes.dll
[2010/09/16 17:57:46 | 000,149,456 | ---- | C] (PC Tools) -- C:\Windows\SGDetectionTool.dll
[2010/09/16 17:49:22 | 000,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2010/09/16 17:49:22 | 000,100,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2010/09/16 17:49:18 | 000,218,592 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/16 17:49:18 | 000,088,040 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2010/09/16 17:49:11 | 000,063,360 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/16 17:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2010/09/16 17:48:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2010/09/16 17:48:51 | 000,000,000 | ---D | C] -- C:\Users\Ian\AppData\Roaming\PC Tools
[2010/09/16 17:48:51 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2010/09/16 17:10:06 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\tdsskiller
[2010/09/14 14:48:17 | 000,317,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MP4SDECD.DLL
[2010/09/14 02:19:04 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Windows
[2010/09/14 02:19:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/09/14 02:18:55 | 000,000,000 | -H-D | C] -- C:\Users\Public\Documents\Server
[2010/09/10 14:10:11 | 000,000,000 | ---D | C] -- C:\Users\Ian\Desktop\New CD
[2010/09/08 08:07:35 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2010/09/04 11:11:29 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Elicia Org Change Class
[2010/09/03 15:03:07 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Entrep Biz
[2010/08/24 18:05:34 | 000,000,000 | ---D | C] -- C:\Users\Ian\Documents\Wedding
[2010/08/23 17:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/08/23 17:26:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[3 C:\Users\Ian\Desktop\*.tmp files -> C:\Users\Ian\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/09/18 15:53:47 | 003,407,872 | -HS- | M] () -- C:\Users\Ian\ntuser.dat
[2010/09/18 15:43:01 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000UA.job
[2010/09/18 15:23:58 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/18 15:23:57 | 000,068,907 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010/09/18 15:23:57 | 000,068,907 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010/09/18 15:23:45 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/09/18 11:35:33 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/18 11:23:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 11:23:04 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/09/18 08:20:59 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/09/18 08:20:49 | 2146,312,192 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/17 18:38:27 | 000,524,288 | -HS- | M] () -- C:\Users\Ian\NTUSER.DAT{14811e44-fed8-11dd-abe1-001b24ef09e3}.TMContainer00000000000000000001.regtrans-ms
[2010/09/17 18:38:27 | 000,065,536 | -HS- | M] () -- C:\Users\Ian\NTUSER.DAT{14811e44-fed8-11dd-abe1-001b24ef09e3}.TM.blf
[2010/09/17 18:36:56 | 001,967,935 | -H-- | M] () -- C:\Users\Ian\AppData\Local\IconCache.db
[2010/09/17 14:59:48 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/09/17 14:59:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/09/16 21:55:08 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010/09/16 19:43:05 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000Core.job
[2010/09/16 18:13:32 | 000,063,360 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2010/09/16 18:13:30 | 000,218,592 | ---- | M] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2010/09/16 17:49:16 | 000,001,759 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/09/16 11:43:52 | 000,000,314 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForIan.job
[2010/09/14 15:44:24 | 000,002,609 | ---- | M] () -- C:\Users\Ian\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2010/09/14 12:05:47 | 000,000,120 | ---- | M] () -- C:\Users\Ian\AppData\Local\Etidacupodovuje.dat
[2010/09/14 02:20:41 | 000,000,000 | ---- | M] () -- C:\Users\Ian\AppData\Local\Isajazukohoma.bin
[2010/09/14 02:19:45 | 000,155,648 | RHS- | M] () -- C:\Users\Ian\AppData\Roaming\KBDINMART.dll
[2010/09/12 21:01:51 | 000,128,000 | ---- | M] () -- C:\Users\Ian\Documents\Elicia's Bills.xls
[2010/09/12 03:00:16 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\Driver Robot.job
[2010/09/01 17:46:58 | 000,000,680 | ---- | M] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2010/08/26 23:34:42 | 009,577,472 | ---- | M] () -- C:\Users\Ian\Documents\eg.doc
[2010/08/25 23:45:08 | 004,433,920 | ---- | M] () -- C:\Users\Ian\Documents\danyele.doc
[2010/08/22 21:17:59 | 000,703,388 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/08/22 21:17:59 | 000,604,502 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/08/22 21:17:59 | 000,104,170 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/08/21 07:27:05 | 000,014,336 | ---- | M] () -- C:\Users\Ian\Documents\Birthday's Calendar.xls
[3 C:\Users\Ian\Desktop\*.tmp files -> C:\Users\Ian\Desktop\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/09/16 21:55:08 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes.lnk
[2010/09/16 17:57:47 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2010/09/16 17:57:46 | 001,152,444 | ---- | C] () -- C:\Windows\UDB.zip
[2010/09/16 17:57:46 | 000,000,882 | ---- | C] () -- C:\Windows\RegSDImport.xml
[2010/09/16 17:57:46 | 000,000,879 | ---- | C] () -- C:\Windows\RegISSImport.xml
[2010/09/16 17:57:46 | 000,000,131 | ---- | C] () -- C:\Windows\IDB.zip
[2010/09/16 17:49:22 | 000,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2010/09/16 17:49:18 | 000,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2010/09/16 17:49:18 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2010/09/16 17:49:16 | 000,001,759 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2010/09/16 17:49:11 | 000,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2010/09/14 02:19:45 | 000,155,648 | RHS- | C] () -- C:\Users\Ian\AppData\Roaming\KBDINMART.dll
[2010/09/01 17:51:21 | 000,068,907 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/09/01 17:51:21 | 000,068,907 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/08/26 19:38:43 | 000,000,900 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000UA.job
[2010/08/26 19:38:42 | 000,000,848 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000Core.job
[2010/08/25 23:45:06 | 004,433,920 | ---- | C] () -- C:\Users\Ian\Documents\danyele.doc
[2010/08/14 19:02:59 | 000,000,120 | ---- | C] () -- C:\Users\Ian\AppData\Local\Etidacupodovuje.dat
[2010/08/14 19:02:59 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\Isajazukohoma.bin
[2010/08/14 19:00:53 | 000,000,024 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\bawuho.dat
[2010/04/23 16:27:07 | 000,000,020 | ---- | C] () -- C:\Windows\Ulead32.ini
[2009/11/28 03:11:53 | 000,006,520 | ---- | C] () -- C:\ProgramData\N360BUOptions.ini
[2009/10/19 23:55:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{60701f61-bc00-11de-9579-001b24ef09e3}.TMContainer00000000000000000002.regtrans-ms
[2009/10/19 23:55:26 | 000,524,288 | -HS- | C] () -- C:\ProgramData\ntuser.dat{60701f61-bc00-11de-9579-001b24ef09e3}.TMContainer00000000000000000001.regtrans-ms
[2009/10/19 23:55:26 | 000,262,144 | ---- | C] () -- C:\ProgramData\ntuser.dat
[2009/10/19 23:55:26 | 000,065,536 | -HS- | C] () -- C:\ProgramData\ntuser.dat{60701f61-bc00-11de-9579-001b24ef09e3}.TM.blf
[2009/10/19 23:55:26 | 000,005,120 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG1
[2009/10/19 23:55:26 | 000,000,000 | -H-- | C] () -- C:\ProgramData\ntuser.dat.LOG2
[2009/08/04 17:17:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/12/19 16:32:35 | 000,000,013 | -H-- | C] () -- C:\ProgramData\˜113.›sys
[2008/10/30 11:50:47 | 000,000,324 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\wklnhst.dat
[2008/04/29 10:22:57 | 000,000,680 | ---- | C] () -- C:\Users\Ian\AppData\Local\d3d9caps.dat
[2008/01/26 12:50:22 | 000,053,763 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\nvModes.001
[2008/01/25 22:15:50 | 000,053,763 | ---- | C] () -- C:\Users\Ian\AppData\Roaming\nvModes.dat
[2008/01/22 00:18:25 | 000,022,528 | ---- | C] () -- C:\Users\Ian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/01/22 00:16:02 | 000,262,144 | ---- | C] () -- C:\Windows\System32\TwcToolbarIe7.dll
[2008/01/22 00:16:02 | 000,073,728 | ---- | C] () -- C:\Windows\System32\TwcToolbarBho.dll
[2008/01/20 22:51:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2008/01/20 20:22:02 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\QSwitch.txt
[2008/01/20 20:22:02 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\DSwitch.txt
[2008/01/20 20:22:02 | 000,000,000 | ---- | C] () -- C:\Users\Ian\AppData\Local\AtStart.txt
[2007/12/18 05:29:44 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2007/12/06 00:51:03 | 000,004,227 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 06:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 18:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[1999/01/22 14:46:56 | 000,065,536 | ---- | C] () -- C:\Windows\System32\MSRTEDIT.DLL

========== Alternate Data Streams ==========

@Alternate Data Stream - 206 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 114 bytes -> C:\ProgramData\TEMP:0F8F5844
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:A8ADE5D8
< End of report >

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 18th September 2010, 8:54 pm

OTL Extras logfile created on: 9/18/2010 3:41:02 PM - Run 1
OTL by OldTimer - Version 3.2.12.1 Folder = C:\Users\Ian\Desktop\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 47.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 65.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 220.86 Gb Total Space | 142.46 Gb Free Space | 64.50% Space Free | Partition Type: NTFS
Drive D: | 12.02 Gb Total Space | 1.83 Gb Free Space | 15.25% Space Free | Partition Type: NTFS
Drive E: | 641.28 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: LEON
Current User Name: Ian
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- Reg Error: Value error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1631256447-1096756712-1728063686-1000]
"EnableNotifications" = 1
"EnableNotificationsRef" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{622B20DC-F456-49FE-A6DC-A34B346D1AD6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{70A2FA82-129A-4BD2-AA44-9DE0B41A0168}" = lport=2869 | protocol=6 | dir=in | app=system |
"{FD9DDB0D-DA14-489F-9DA0-99B30BD9B9B9}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D10022-3ABB-4902-8CC1-4F139C285F00}" = protocol=17 | dir=in | app=c:\users\ian\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{03D7A8EF-782F-48A8-846C-190B9905A4B1}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{0B1931C0-E436-4575-B1C4-573721AEBDC0}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe |
"{0DAACE13-D63E-433D-AC25-107DCB329CF3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{129FEFA9-0272-419C-89BC-7E71EA634C5D}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{15F9A471-8027-46D7-B87D-3B00E00613F1}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{1A9034FB-2A66-4057-A0F7-315ED0A95D9B}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe |
"{202033A4-06A5-40F5-93C6-AFC4B6D2FEAB}" = dir=in | app=e:\setup\hpznui01.exe |
"{3F1B096F-952E-4039-B48C-041E36FBF1BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{46058D6B-2121-4AE6-8BD5-E6A6A9BB8A92}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{4A802857-2AF0-4E9C-AF6D-CB1142BF7872}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe |
"{4E6B8A7D-6FF8-40DB-8EBC-E5C83A5A7CA3}" = protocol=6 | dir=in | app=c:\users\ian\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{5F1BB71C-2B26-404D-8B05-C6D02D21555E}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{6C9F16E9-EA31-4321-933D-B70D8A6F13DC}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpse.exe |
"{6FEB2B9E-69D1-461D-9952-A5D699279DA3}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{717F731D-69DF-4F40-9FC3-BADE0EA2C022}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe |
"{72D3C1A4-1A95-40AB-A238-7DD093A1AD12}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{793E3C32-9845-4AF5-8F26-490177445B75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe |
"{86E16E37-AE23-4604-B4A4-6F625D70882F}" = dir=in | app=c:\program files\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{89677B18-8E87-453F-89D3-2BE9D56C07A3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe |
"{97F4905F-59E2-4C5B-B26A-DE949DF8EE45}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{9B22924B-C76E-4D1F-9509-C7228B4666A1}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{9EAB4371-3295-4F6D-AD56-4067F6F448B6}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{A2B81A71-49EC-4C2C-B930-11C31640ACEC}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{A5B942AC-0D20-4B5F-8F56-A5399A8A75C1}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yserver.exe |
"{B53655B4-6403-4A16-BB77-041FD462C49C}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{B5C0BD71-6D35-421D-846E-7AF46852CC9C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe |
"{C485A96F-A8B8-4909-8ACD-72674FB3B5AF}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{C5057E9A-8E81-4FB2-AE8C-79712F057FF1}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe |
"{D06C57EB-7239-4A60-8293-00B95A25E53A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqsudi.exe |
"{D719E852-249A-401F-A96A-AB6A58EE010C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe |
"{D9778C69-A22E-4913-88F7-3CEFDAECC583}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{D97AF760-5C7D-4561-90C2-47DE8B5E1845}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{E222255B-7938-473B-A652-9B1157971973}" = protocol=17 | dir=in | app=c:\users\ian\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{E6ED7CAF-ED9A-42DD-B295-E9F903A417F3}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{EC6DEBA8-B0A4-4260-940C-D6F66289478D}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{F34EC8A1-08E7-4227-921B-6B4236E3F149}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"{F64423E7-4ACA-4279-ADDD-3E06E23F299A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqpsapp.exe |
"{F6F023AD-DDCB-47B9-804B-C6443D41D9FD}" = protocol=6 | dir=in | app=c:\users\ian\appdata\local\google\google talk plugin\googletalkplugin.exe |
"{F83259FF-DBDB-4E50-8CFA-6B1071E1E315}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"TCP Query User{09922BE3-ADF4-48CF-B240-E3564355DB30}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe |
"TCP Query User{1F8F7F68-83E4-44C5-8738-F482876AEE6E}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{28AD52FC-E385-4313-B87A-0B11630050FA}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{5822AFCA-5671-4F90-A9B0-FA6F8B7DDF81}C:\users\ian\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\ian\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{671B0B99-38EE-4CDD-9C31-DE9778FD9CED}C:\program files\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"TCP Query User{834C6808-1B6D-4A1F-8CEE-58BDAB7F26A7}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{8BEEDD6C-6BCB-4B68-A07D-3BE57F27963B}C:\program files\hp\hp software update\hpwucli.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"TCP Query User{8C29F935-7C05-44F8-A28C-004D0D9CD773}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{977F0185-BECA-4887-9310-9EA71603D0A3}C:\program files\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{B14B8FF4-894B-4D96-82CF-F0CC7BBC21EB}C:\program files\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"TCP Query User{EADDC9B2-9DE4-4A30-83C3-7D157EF5990F}C:\program files\rhapsody\rhapsody.exe" = protocol=6 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"TCP Query User{F510EBA5-3E1E-470E-A304-77FBBD3DADD1}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{06F56931-33C3-492D-A501-B4DF87EA8B04}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{43E51C00-C0F1-4712-950A-2B597709C7BA}C:\program files\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\adv\sopadver.exe |
"UDP Query User{76047315-F125-4C2C-91ED-527C8D458AC0}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe |
"UDP Query User{8643818E-67E7-4441-9E07-245EE8EBA0CC}C:\program files\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"UDP Query User{91477896-3AD8-4D9C-9B70-121E85FC98C1}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{97DBEF96-A448-47DB-977E-85049C8B604F}C:\program files\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files\sopcast\sopcast.exe |
"UDP Query User{9D446AFA-8E91-4E57-85AA-15BD5960D355}C:\program files\rhapsody\rhapsody.exe" = protocol=17 | dir=in | app=c:\program files\rhapsody\rhapsody.exe |
"UDP Query User{AC25264A-4EF0-4C6F-8E81-73A4C364347C}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe |
"UDP Query User{D98E6BA8-5B80-41F6-BDF4-A424CFBE95C6}C:\program files\hp\hp software update\hpwucli.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp software update\hpwucli.exe |
"UDP Query User{E51B740C-1853-4DBB-AE1F-4ACB1BC4327B}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{F5837A6A-6B1C-4119-A760-123640382BDD}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"UDP Query User{F8DA010C-D4B0-4440-B459-125F99603CE0}C:\users\ian\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\ian\appdata\local\google\chrome\application\chrome.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{09633A5E-3089-41A8-9FF1-382171423C5D}" = PSSWCORE
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{15B8AFD9-92E9-4E86-96D9-83FAC510B82E}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1" = Driver Robot
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{22F761D1-8063-4170-ADF7-2D2F47834CA9}" = VideoToolkit01
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Driver Installation Program
"{2AFEAA03-2DFE-4519-A629-EDAB6541ABE9}" = HPSSupply
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E87C89F-293F-41a8-BB59-2A14CEAE15C7}" = PMB Updater
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31216452-5540-4C96-B754-94890A63D5AB}" = HP Help and Support
"{31E1050B-F69F-4A16-8F5A-E44D31901250}" = Ulead DVD DiskRecorder 2.1.1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32622F02-640A-4335-86FF-557325DC39D4}" = PS_AIO_04_C6300_Software_Min
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.30 E1
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{38EAC694-0D90-445F-8C17-8B50ADFE3162}" = Slingbox Flash Tour
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.6
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{4D49757C-367A-4333-BDB3-68966162B14E}" = HP User Guides 0087
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{68471BF2-F1F7-4C89-BBBA-400B94996596}" = ESU for Microsoft Vista
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70E1E357-E57C-4284-B04E-58196DC27BC1}" = PanoStandAlone
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7BD42C12-74D1-4804-B24D-D21E25D4E3CF}" = PS_AIO_04_C6300_ProductContext
"{7DC4A410-9986-4329-9E5D-687B2C42CA39}" = HP QuickTouch 1.00 C4
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EAB2384-C794-40ED-A9DD-3270A0D2BB76}" = Ulead VideoStudio 9.0 SE DVD
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend
"{99832252-D489-4276-B961-6D505CF0AFAA}" = PS_AIO_04_C6300_Software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{9EDC4EA1-558A-4297-9BCB-F36E572E6B1D}" = C6300_Help
"{9F4EE72A-C5C9-42ad-ABEF-427690843577}" = MarketResearch
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A93944F2-D2D4-4750-BFE7-9A288FEAF2CF}" = Apple Application Support
"{AA2E8A46-B45E-4aea-8A23-88AB57D04523}" = WebReg
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.4
"{AC76BA86-7AD7-5464-3428-800000000003}" = Spelling Dictionaries Support For Adobe Reader 8
"{ADE76679-8711-4B6E-8DCC-9FC3D4D44937}" = Songsmith
"{b02df929-29a7-4fd2-9a70-81a644b635f7}" = HP Total Care Advisor
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{BD0E2B92-3814-46F0-893B-4612EA010C7E}" = HP Customer Experience Enhancements
"{BF08AB1C-3357-4f20-A200-8EBB8EF27C59}" = BufferChm
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C8732DC3-1736-44b2-B741-2D636DE58605}" = HP Photosmart C6300 All-In-One Driver Software 11.0 Rel .4
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CBAE4F50-9FC9-4557-AB36-9826DF3C103C}" = HP Wireless Assistant
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}" = HP Active Support Library
"{D16B4BE6-8B10-422f-8034-96D1CA9483B5}" = GPBaseService
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D4250558-4DE6-4342-8865-D397FD66076B}" = C6300
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{D9354DD0-C69A-469A-8A48-B9AA15A74174}" = Space Quest Collection(TM)
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E535C94A-B87F-4182-BEA8-1E9322078D3E}" = Cards_Calendar_OrderGift_DoMorePlugout
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{EF9E56EE-0243-4BAD-88F4-5E7508AA7D96}" = Destination Component
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"{F7F3B252-E772-48AA-93EB-7964BC326067}" = MSCU for Microsoft Vista
"{F95F178B-56AD-4fab-87F8-FA81E66C7D68}" = Network
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Aleks 3.12" = Aleks 3.12
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"Eusing Free Registry Cleaner" = Eusing Free Registry Cleaner
"Hauppauge MCE2005 Software Encoder" = Hauppauge MCE XP/Vista Software Encoder (2.0.25149)
"HP Imaging Device Functions" = HP Imaging Device Functions 11.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 11.0
"HPOCR" = OCR Software by I.R.I.S. 11.0
"InstallShield_{004B0DCB-4C60-465B-8F01-44B0A4111187}" = SlingPlayer
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{F5577101-33CC-4711-8235-3A95BCD49DB0}" = EA Link
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox (3.6.10)" = Mozilla Firefox (3.6.10)
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SopCast" = SopCast 3.2.4
"Spyware Doctor" = Spyware Doctor 7.0
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"The Weather Channel Toolbar" = The Weather Channel Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent hp Master Uninstall" = My HP Games
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Facebook Plug-In" = Facebook Plug-In
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/23/2009 4:01:38 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:00:59 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:18 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:25 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:30 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:34 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:37 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:41 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/24/2009 4:01:45 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

Error - 12/25/2009 4:00:58 AM | Computer Name = Leon | Source = MsiInstaller | ID = 1024
Description =

[ System Events ]
Error - 9/18/2010 3:04:10 AM | Computer Name = Leon | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/18/2010 3:04:26 AM | Computer Name = Leon | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/18/2010 3:05:35 AM | Computer Name = Leon | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =

Error - 9/18/2010 8:20:57 AM | Computer Name = Leon | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:51:43 AM on 9/18/2010 was unexpected.

Error - 9/18/2010 8:22:31 AM | Computer Name = Leon | Source = Service Control Manager | ID = 7000
Description =

Error - 9/18/2010 8:23:11 AM | Computer Name = Leon | Source = Service Control Manager | ID = 7022
Description =

Error - 9/18/2010 8:23:12 AM | Computer Name = Leon | Source = Service Control Manager | ID = 7022
Description =

Error - 9/18/2010 8:23:12 AM | Computer Name = Leon | Source = Service Control Manager | ID = 7001
Description =

Error - 9/18/2010 8:23:12 AM | Computer Name = Leon | Source = Service Control Manager | ID = 7026
Description =

Error - 9/18/2010 11:23:02 AM | Computer Name = Leon | Source = DCOM | ID = 10010
Description =


< End of report >

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 19th September 2010, 12:02 am

Hi

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 19th September 2010, 4:34 am

DragonMaster Jay wrote:Hi

Please visit this webpage for a tutorial on downloading and running ComboFix:

[You must be registered and logged in to see this link.]

See the area: Using ComboFix, and when done, post the log back here.

ComboFix stated that my system was in infected and then cleaned on this run, but I'm not quite sure the infection is gone. Below is the log:

ComboFix 10-09-17.04 - Ian 09/19/2010 0:03.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.1414 [GMT -4:00]
Running from: c:\users\Ian\Desktop\Downloads\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ERDNT\cache\userinit.exe

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 04:14 . 2010-09-19 04:18 -------- d-----w- c:\users\Ian\AppData\Local\temp
2010-09-19 04:14 . 2010-09-19 04:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-19 04:14 . 2010-09-19 04:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-19 04:14 . 2010-09-19 04:14 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-18 20:10 . 2010-09-18 20:10 -------- d-----w- c:\users\Ian\AppData\Local\Threat Expert
2010-09-17 18:10 . 2010-09-17 18:15 -------- d-----w- C:\ComboFix(0)
2010-09-17 05:33 . 2010-09-17 05:33 -------- d-----w- C:\122429784e7c926d8d86cc
2010-09-17 01:55 . 2010-09-17 01:55 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes
2010-09-17 01:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 01:55 . 2010-09-17 01:55 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 01:54 . 2010-09-17 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 23:33 . 2010-02-02 14:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-16 23:33 . 2010-02-02 14:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-16 23:33 . 2010-02-02 14:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-16 21:57 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-16 21:57 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-16 21:57 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-16 21:57 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-16 21:57 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-16 21:57 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-09-16 21:49 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-16 21:49 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-16 21:49 . 2010-09-16 22:13 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-16 21:49 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-16 21:49 . 2010-09-16 22:13 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-16 21:48 . 2010-09-16 21:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-16 21:48 . 2010-09-19 03:50 -------- d-----w- c:\program files\Spyware Doctor
2010-09-16 21:48 . 2010-09-16 23:33 -------- d-----w- c:\programdata\PC Tools
2010-09-16 21:48 . 2010-09-16 21:48 -------- d-----w- c:\users\Ian\AppData\Roaming\PC Tools
2010-09-14 18:48 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 18:48 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 18:48 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 18:48 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 06:19 . 2010-09-14 17:41 -------- d-----w- c:\programdata\Update
2010-09-08 12:07 . 2010-09-08 12:07 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-08-23 21:26 . 2010-08-23 21:27 -------- d-----w- c:\program files\QuickTime
2010-08-23 21:26 . 2010-08-23 21:26 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 03:57 . 2010-09-01 21:51 68907 ----a-w- c:\programdata\nvModes.dat
2010-09-18 20:10 . 2009-05-24 22:49 -------- d-----w- c:\users\Ian\AppData\Roaming\HPAppData
2010-09-16 18:17 . 2010-08-17 16:25 63488 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-16 18:17 . 2010-08-17 16:24 117760 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-15 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 18:00 . 2010-07-09 08:17 -------- d-----w- c:\users\Ian\AppData\Roaming\Uxyxa
2010-09-14 16:05 . 2010-08-14 23:02 120 ----a-w- c:\users\Ian\AppData\Local\Etidacupodovuje.dat
2010-09-14 06:20 . 2010-08-14 23:02 0 ----a-w- c:\users\Ian\AppData\Local\Isajazukohoma.bin
2010-09-14 06:19 . 2010-09-14 06:19 155648 --sha-r- c:\users\Ian\AppData\Roaming\KBDINMART.dll
2010-09-14 06:19 . 2010-09-14 06:19 155648 --sha-r- c:\users\Ian\AppData\Roaming\KBDINMART.dll
2010-09-10 07:04 . 2009-01-21 04:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 21:03 . 2010-08-17 16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-01 21:50 . 2007-12-18 09:48 -------- d-----w- c:\programdata\NVIDIA
2010-09-01 21:46 . 2008-04-29 14:22 680 ----a-w- c:\users\Ian\AppData\Local\d3d9caps.dat
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-18 14:00 . 2008-01-22 04:06 -------- d-----w- c:\program files\Google
2010-08-17 17:52 . 2010-08-17 05:09 -------- d-----w- c:\programdata\STOPzilla!
2010-08-17 17:50 . 2009-06-28 21:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 17:50 . 2009-06-28 21:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 17:45 . 2008-01-21 00:21 89880 ----a-w- c:\users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 17:43 . 2007-12-06 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 16:25 . 2010-08-17 16:25 52224 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-17 16:24 . 2010-08-17 16:24 -------- d-----w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2010-08-17 16:24 . 2010-08-17 16:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-17 11:12 . 2008-01-26 02:15 53763 ----a-w- c:\users\Ian\AppData\Roaming\nvModes.dat
2010-08-17 05:36 . 2010-08-16 16:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
2010-08-17 05:34 . 2010-08-17 03:25 -------- d-----w- c:\program files\XoftSpySE6
2010-08-17 05:11 . 2010-08-17 05:14 1129120 ----a-w- c:\programdata\STOPzilla!\vdb\vbcorent.dll
2010-08-17 03:25 . 2010-08-17 03:25 -------- d-----w- c:\programdata\XoftSpySE
2010-08-17 01:18 . 2007-12-18 09:43 -------- d-----w- c:\programdata\WildTangent
2010-08-15 03:09 . 2010-08-15 03:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\HPAppData
2010-08-14 23:00 . 2010-08-14 23:00 24 ----a-w- c:\users\Ian\AppData\Roaming\bawuho.dat
2010-08-12 07:07 . 2007-12-06 04:24 -------- d-----w- c:\program files\Microsoft Works
2010-07-26 20:40 . 2010-07-26 20:40 -------- d-----w- c:\program files\MFInstall
2010-07-13 22:50 . 2010-04-15 01:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 21:19 . 2010-07-13 21:19 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-13 21:19 . 2010-07-13 21:19 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-13 21:18 . 2010-07-13 21:18 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-13 21:18 . 2010-07-13 21:18 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-13 21:07 . 2010-04-15 01:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-13 21:07 . 2010-04-15 01:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-26 06:05 . 2010-08-11 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 20:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 20:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 20:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 16:17 . 2010-06-24 16:17 531 ----a-w- c:\windows\eReg.dat
2010-06-21 13:37 . 2010-08-11 20:32 2037760 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"Vjiuzjr"="c:\users\Ian\AppData\Roaming\KBDINMART.dll" [2010-09-14 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 19:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 22:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 23:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-07 21:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 07:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1631256447-1096756712-1728063686-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 135664]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-09-16 63360]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-09-16 218592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-12-19 41456]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-12 c:\windows\Tasks\Driver Robot.job
- c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe [2010-05-25 13:06]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:50]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:50]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000Core.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 23:38]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000UA.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 23:38]

2010-09-16 c:\windows\Tasks\HPCeeScheduleForIan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-06 19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: adecco.com\*.xpert
Trusted Zone: adecco.com\ak3.xpert
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Ian\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(3604)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-19 00:29:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 04:29
ComboFix2.txt 2010-09-17 19:04
ComboFix3.txt 2010-09-16 16:25
ComboFix4.txt 2010-09-16 16:08
ComboFix5.txt 2010-09-19 04:01

Pre-Run: 151,954,767,872 bytes free
Post-Run: 152,849,801,216 bytes free

- - End Of File - - 1FAA6775495A53BC71F0278CDCE2A89B

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 19th September 2010, 9:40 am

Re-running ComboFix to remove infections:

  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the codebox below into it:
    Code:
    Killall::

    DirLook::
    c:\programdata\Update

    FileLook::
    c:\windows\eReg.dat

    Folder::
    c:\windows\system32\%APPDATA%
    c:\users\Ian\AppData\Roaming\Uxyxa
    c:\program files\Driver Robot
    c:\windows\system32\TVUAx

    File::
    c:\users\Ian\AppData\Local\Etidacupodovuje.dat
    c:\users\Ian\AppData\Local\Isajazukohoma.bin
    c:\users\Ian\AppData\Roaming\KBDINMART.dll
    c:\windows\Tasks\Driver Robot.job

    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Vjiuzjr"=-

    Firefox::
    FF - plugin: c:\windows\system32\TVUAx\npTVUAx.dll

    Reboot::
  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 19th September 2010, 4:56 pm

Ran ComboFix using the code you provided:

ComboFix 10-09-17.04 - Ian 09/19/2010 12:05:54.8.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2046.999 [GMT -4:00]
Running from: c:\users\Ian\Desktop\Downloads\ComboFix.exe
Command switches used :: c:\users\Ian\Desktop\Downloads\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\users\Ian\AppData\Local\Etidacupodovuje.dat"
"c:\users\Ian\AppData\Local\Isajazukohoma.bin"
"c:\users\Ian\AppData\Roaming\KBDINMART.dll"
"c:\windows\Tasks\Driver Robot.job"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Driver Robot
c:\program files\Driver Robot\1.2.0.5\_ctypes.pyd
c:\program files\Driver Robot\1.2.0.5\_hashlib.pyd
c:\program files\Driver Robot\1.2.0.5\_imaging.pyd
c:\program files\Driver Robot\1.2.0.5\_imagingft.pyd
c:\program files\Driver Robot\1.2.0.5\_multiprocessing.pyd
c:\program files\Driver Robot\1.2.0.5\_socket.pyd
c:\program files\Driver Robot\1.2.0.5\_ssl.pyd
c:\program files\Driver Robot\1.2.0.5\aggdraw.pyd
c:\program files\Driver Robot\1.2.0.5\DriverRobot.exe
c:\program files\Driver Robot\1.2.0.5\htmlayout.dll
c:\program files\Driver Robot\1.2.0.5\kill_process.dll
c:\program files\Driver Robot\1.2.0.5\lib.dll
c:\program files\Driver Robot\1.2.0.5\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest
c:\program files\Driver Robot\1.2.0.5\Microsoft.VC90.CRT\msvcr90.dll
c:\program files\Driver Robot\1.2.0.5\pyexpat.pyd
c:\program files\Driver Robot\1.2.0.5\python26.dll
c:\program files\Driver Robot\1.2.0.5\scheduler.dll
c:\program files\Driver Robot\1.2.0.5\select.pyd
c:\program files\Driver Robot\1.2.0.5\settings.json
c:\program files\Driver Robot\1.2.0.5\unicodedata.pyd
c:\program files\Driver Robot\1.2.0.5\unins000.dat
c:\program files\Driver Robot\1.2.0.5\unins000.exe
c:\users\Ian\AppData\Roaming\Uxyxa
c:\users\Ian\AppData\Roaming\Uxyxa\gyge.tmp
c:\windows\system32\%APPDATA%
c:\windows\system32\TVUAx
c:\windows\system32\TVUAx\libcurl.dll
c:\windows\system32\TVUAx\libeay32.dll
c:\windows\system32\TVUAx\libexpatw.dll
c:\windows\system32\TVUAx\msvcp71.dll
c:\windows\system32\TVUAx\msvcr71.dll
c:\windows\system32\TVUAx\npTVUAx.dll
c:\windows\system32\TVUAx\ssleay32.dll
c:\windows\system32\TVUAx\zlib1.dll

.
((((((((((((((((((((((((( Files Created from 2010-08-19 to 2010-09-19 )))))))))))))))))))))))))))))))
.

2010-09-19 16:39 . 2010-09-19 16:45 -------- d-----w- c:\users\Ian\AppData\Local\temp
2010-09-19 16:39 . 2010-09-19 16:39 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-19 16:39 . 2010-09-19 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-19 16:39 . 2010-09-19 16:39 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-09-18 20:10 . 2010-09-18 20:10 -------- d-----w- c:\users\Ian\AppData\Local\Threat Expert
2010-09-17 18:10 . 2010-09-17 18:15 -------- d-----w- C:\ComboFix(0)
2010-09-17 05:33 . 2010-09-17 05:33 -------- d-----w- C:\122429784e7c926d8d86cc
2010-09-17 01:55 . 2010-09-17 01:55 -------- d-----w- c:\users\Ian\AppData\Roaming\Malwarebytes
2010-09-17 01:55 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 01:55 . 2010-09-17 01:55 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 01:54 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 01:54 . 2010-09-17 01:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-16 23:33 . 2010-02-02 14:13 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-09-16 23:33 . 2010-02-02 14:13 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-09-16 23:33 . 2010-02-02 14:13 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-09-16 21:57 . 2010-01-22 13:55 767952 ----a-w- c:\windows\BDTSupport.dll
2010-09-16 21:57 . 2010-01-22 13:56 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-09-16 21:57 . 2010-01-22 13:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-09-16 21:57 . 2010-01-22 13:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-09-16 21:57 . 2009-10-28 05:36 1152444 ----a-w- c:\windows\UDB.zip
2010-09-16 21:57 . 2008-11-26 16:08 131 ----a-w- c:\windows\IDB.zip
2010-09-16 21:49 . 2010-02-05 13:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-09-16 21:49 . 2010-02-05 13:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-09-16 21:49 . 2010-09-16 22:13 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-09-16 21:49 . 2009-11-23 17:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-09-16 21:49 . 2010-09-16 22:13 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-09-16 21:48 . 2010-09-16 21:58 -------- d-----w- c:\program files\Common Files\PC Tools
2010-09-16 21:48 . 2010-09-19 15:47 -------- d-----w- c:\program files\Spyware Doctor
2010-09-16 21:48 . 2010-09-16 23:33 -------- d-----w- c:\programdata\PC Tools
2010-09-16 21:48 . 2010-09-16 21:48 -------- d-----w- c:\users\Ian\AppData\Roaming\PC Tools
2010-09-14 18:48 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-14 18:48 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-14 18:48 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-14 18:48 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-14 06:19 . 2010-09-14 17:41 -------- d-----w- c:\programdata\Update
2010-08-23 21:26 . 2010-08-23 21:27 -------- d-----w- c:\program files\QuickTime
2010-08-23 21:26 . 2010-08-23 21:26 -------- d-----w- c:\programdata\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-19 15:57 . 2008-04-29 14:22 680 ----a-w- c:\users\Ian\AppData\Local\d3d9caps.dat
2010-09-19 15:39 . 2010-09-01 21:51 68907 ----a-w- c:\programdata\nvModes.dat
2010-09-18 20:10 . 2009-05-24 22:49 -------- d-----w- c:\users\Ian\AppData\Roaming\HPAppData
2010-09-16 18:17 . 2010-08-17 16:25 63488 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-16 18:17 . 2010-08-17 16:24 117760 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-15 07:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-14 16:05 . 2010-08-14 23:02 120 ----a-w- c:\users\Ian\AppData\Local\Etidacupodovuje.dat
2010-09-14 06:20 . 2010-08-14 23:02 0 ----a-w- c:\users\Ian\AppData\Local\Isajazukohoma.bin
2010-09-14 06:19 . 2010-09-14 06:19 155648 --sha-r- c:\users\Ian\AppData\Roaming\KBDINMART.dll
2010-09-14 06:19 . 2010-09-14 06:19 155648 --sha-r- c:\users\Ian\AppData\Roaming\KBDINMART.dll
2010-09-10 07:04 . 2009-01-21 04:29 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-07 21:03 . 2010-08-17 16:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-01 21:50 . 2007-12-18 09:48 -------- d-----w- c:\programdata\NVIDIA
2010-08-31 16:11 . 2010-08-31 16:11 3401880 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
2010-08-31 15:55 . 2010-08-31 15:55 275096 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
2010-08-31 15:39 . 2010-08-31 15:39 3734536 ----a-w- c:\users\Ian\AppData\Roaming\Mozilla\plugins\Google Talk Plugin Extras\d3dx9_36.dll
2010-08-18 14:00 . 2008-01-22 04:06 -------- d-----w- c:\program files\Google
2010-08-17 17:52 . 2010-08-17 05:09 -------- d-----w- c:\programdata\STOPzilla!
2010-08-17 17:50 . 2009-06-28 21:27 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-08-17 17:50 . 2009-06-28 21:27 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-17 17:45 . 2008-01-21 00:21 89880 ----a-w- c:\users\Ian\AppData\Local\GDIPFONTCACHEV1.DAT
2010-08-17 17:43 . 2007-12-06 03:09 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 16:25 . 2010-08-17 16:25 52224 ----a-w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-08-17 16:24 . 2010-08-17 16:24 -------- d-----w- c:\users\Ian\AppData\Roaming\SUPERAntiSpyware.com
2010-08-17 16:24 . 2010-08-17 16:24 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-08-17 11:12 . 2008-01-26 02:15 53763 ----a-w- c:\users\Ian\AppData\Roaming\nvModes.dat
2010-08-17 05:36 . 2010-08-16 16:04 -------- d-----w- c:\users\Administrator\AppData\Roaming\Sammsoft
2010-08-17 05:34 . 2010-08-17 03:25 -------- d-----w- c:\program files\XoftSpySE6
2010-08-17 05:11 . 2010-08-17 05:14 1129120 ----a-w- c:\programdata\STOPzilla!\vdb\vbcorent.dll
2010-08-17 03:25 . 2010-08-17 03:25 -------- d-----w- c:\programdata\XoftSpySE
2010-08-17 01:18 . 2007-12-18 09:43 -------- d-----w- c:\programdata\WildTangent
2010-08-15 03:09 . 2010-08-15 03:09 -------- d-----w- c:\users\Administrator\AppData\Roaming\HPAppData
2010-08-14 23:00 . 2010-08-14 23:00 24 ----a-w- c:\users\Ian\AppData\Roaming\bawuho.dat
2010-08-12 07:07 . 2007-12-06 04:24 -------- d-----w- c:\program files\Microsoft Works
2010-07-26 20:40 . 2010-07-26 20:40 -------- d-----w- c:\program files\MFInstall
2010-07-13 22:50 . 2010-04-15 01:50 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-13 21:19 . 2010-07-13 21:19 56765 ----a-w- c:\programdata\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-13 21:19 . 2010-07-13 21:19 57715 ----a-w- c:\programdata\DivX\Player\Uninstaller.exe
2010-07-13 21:18 . 2010-07-13 21:18 84054 ----a-w- c:\programdata\DivX\TransferWizard\Uninstaller.exe
2010-07-13 21:18 . 2010-07-13 21:18 54153 ----a-w- c:\programdata\DivX\DFXPlugin\Uninstaller.exe
2010-07-13 21:07 . 2010-04-15 01:46 1062184 ----a-w- c:\programdata\DivX\Setup\Resource.dll
2010-07-13 21:07 . 2010-04-15 01:46 895256 ----a-w- c:\programdata\DivX\Setup\DivXSetup.exe
2010-06-26 06:05 . 2010-08-11 20:32 916480 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:02 . 2010-08-11 20:32 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:02 . 2010-08-11 20:32 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 04:25 . 2010-08-11 20:32 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-24 16:17 . 2010-06-24 16:17 531 ----a-w- c:\windows\eReg.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

--- c:\windows\eReg.dat ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 531
Created time: 2010-06-24 16:17
Modified time: 2010-06-24 16:17
MD5: C177D84C98C3BDC719E27CA046F0A842
SHA1: A0B10F5920530DDD9DDB4301F104688D5065B4AC

---- Directory of c:\programdata\Update ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-06-17 40368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-12-03 13556256]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-12-03 92704]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-17 06:24 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPADVISOR]
2007-10-02 00:10 1783136 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2008-08-20 14:54 150016 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpWirelessAssistant]
2007-09-13 16:47 480560 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OnScreenDisplay]
2007-09-04 21:54 554320 ----a-w- c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PMBVolumeWatcher]
2010-03-24 19:42 599328 ----a-w- c:\program files\Sony\PMB\PMBVolumeWatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl]
2007-09-19 22:31 202032 ----a-w- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QPService]
2007-12-19 23:27 468264 ----a-w- c:\program files\HP\QuickPlay\QPService.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 09:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-10-11 09:17 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-09-07 21:03 2424560 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPStart]
2007-09-15 08:29 102400 ----a-w- c:\program files\Synaptics\SynTP\SynTPStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]
2007-08-17 07:13 218408 ------w- c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-08 23:53 311296 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1631256447-1096756712-1728063686-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 135664]
R3 pctplsg;pctplsg;c:\windows\System32\drivers\pctplsg.sys [2010-09-16 63360]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2010-02-02 33552]
R3 ThreatFire;ThreatFire;c:\program files\Spyware Doctor\TFEngine\TFService.exe service [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-09-16 218592]
S0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2010-02-02 51984]
S0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2010-02-02 59664]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi.sys [2010-02-05 233136]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};c:\program files\HP\QuickPlay\000.fcl [2007-12-19 41456]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:50]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-14 00:50]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000Core.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 23:38]

2010-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1631256447-1096756712-1728063686-1000UA.job
- c:\users\Ian\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 23:38]

2010-09-16 c:\windows\Tasks\HPCeeScheduleForIan.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-06 19:58]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
Trusted Zone: adecco.com\*.xpert
Trusted Zone: adecco.com\ak3.xpert
FF - ProfilePath - c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\users\Ian\AppData\Local\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\Firefox\Profiles\8exwcpal.b****\extensions\support@ancestry.com\plugins\npImgCtl.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\Ian\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-{1A36CF15-DF66-4756-9482-A9ABF3DDACE6}_is1 - c:\program files\Driver Robot\1.2.0.5\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-09-19 12:44
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(824)
c:\program files\Hewlett-Packard\HP Advisor\Pillars\Market\MLDeskBand.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Completion time: 2010-09-19 12:55:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-09-19 16:55
ComboFix2.txt 2010-09-19 04:29
ComboFix3.txt 2010-09-17 19:04
ComboFix4.txt 2010-09-16 16:25
ComboFix5.txt 2010-09-19 15:59

Pre-Run: 152,594,006,016 bytes free
Post-Run: 152,461,598,720 bytes free

- - End Of File - - F9DB327B040F797B070F595A8C6FEC40

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 20th September 2010, 9:17 am

Please go to: [You must be registered and logged in to see this link.]




  • Click the Browse button and search for the following file: c:\windows\eReg.dat
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.

If it says already scanned -- click "reanalyze now"

Please post the results in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 20th September 2010, 4:11 pm

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
eReg.dat
Submission date:
2010-09-20 16:07:22 (UTC)
Current status:
queued (#5) queued analysing finished
Result:
0/ 41 (0.0%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2010.09.20.00 2010.09.20 -
AntiVir 8.2.4.58 2010.09.20 -
Antiy-AVL 2.0.3.7 2010.09.20 -
Authentium 5.2.0.5 2010.09.20 -
Avast 4.8.1351.0 2010.09.20 -
Avast5 5.0.594.0 2010.09.20 -
AVG 9.0.0.851 2010.09.20 -
BitDefender 7.2 2010.09.20 -
CAT-QuickHeal 11.00 2010.09.20 -
ClamAV 0.96.2.0-git 2010.09.20 -
Comodo 6143 2010.09.20 -
DrWeb 5.0.2.03300 2010.09.20 -
Emsisoft 5.0.0.37 2010.09.20 -
eTrust-Vet 36.1.7866 2010.09.20 -
F-Prot 4.6.2.117 2010.09.19 -
F-Secure 9.0.15370.0 2010.09.20 -
Fortinet 4.1.143.0 2010.09.20 -
GData 21 2010.09.20 -
Ikarus T3.1.1.88.0 2010.09.20 -
Jiangmin 13.0.900 2010.09.20 -
K7AntiVirus 9.63.2561 2010.09.20 -
Kaspersky 7.0.0.125 2010.09.20 -
McAfee 5.400.0.1158 2010.09.20 -
McAfee-GW-Edition 2010.1C 2010.09.20 -
Microsoft 1.6201 2010.09.20 -
NOD32 5465 2010.09.20 -
Norman 6.06.06 2010.09.20 -
nProtect 2010-09-20.02 2010.09.20 -
Panda 10.0.2.7 2010.09.20 -
PCTools 7.0.3.5 2010.09.20 -
Prevx 3.0 2010.09.20 -
Rising 22.66.00.03 2010.09.20 -
Sophos 4.57.0 2010.09.20 -
Sunbelt 6900 2010.09.20 -
SUPERAntiSpyware 4.40.0.1006 2010.09.20 -
TheHacker 6.7.0.0.025 2010.09.20 -
TrendMicro 9.120.0.1004 2010.09.20 -
TrendMicro-HouseCall 9.120.0.1004 2010.09.20 -
VBA32 3.12.14.0 2010.09.20 -
ViRobot 2010.9.20.4051 2010.09.20 -
VirusBuster 12.65.16.0 2010.09.20 -
Additional information
Show all
MD5 : c177d84c98c3bdc719e27ca046f0a842
SHA1 : a0b10f5920530ddd9ddb4301f104688d5065b4ac
SHA256: c74e6a41e1142768db6f1a75b191b7c085766461eedcae6d6e767f56a2a212e8

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 21st September 2010, 9:04 am

Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 22nd September 2010, 4:58 pm

DragonMaster Jay wrote:Please download MBRCheck.exe by a_d_13 from one of the links provided below and save it to your desktop.

  • Double-click on MBRCheck.exe to run it.
  • It will open a black window...please do not fix anything (if it gives you an option).
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • A log named MBRCheck_date_time.txt (i.e. MBRCheck_07.21.10_10.22.51.txt) will appear on the desktop.
  • Please copy and paste the contents of that log in your next reply.

Found an infection according to the log

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0000001c

Kernel Drivers (total 168):
0x81E4D000 \SystemRoot\system32\ntkrnlpa.exe
0x81E1A000 \SystemRoot\system32\hal.dll
0x80603000 \SystemRoot\system32\kdcom.dll
0x8060A000 \SystemRoot\system32\PSHED.dll
0x8061B000 \SystemRoot\system32\BOOTVID.dll
0x80623000 \SystemRoot\system32\CLFS.SYS
0x80664000 \SystemRoot\system32\CI.dll
0x80744000 \SystemRoot\system32\drivers\Wdf01000.sys
0x807C0000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x807CD000 \SystemRoot\system32\drivers\fltmgr.sys
0x8280B000 \SystemRoot\system32\drivers\acpi.sys
0x82851000 \SystemRoot\system32\drivers\WMILIB.SYS
0x8285A000 \SystemRoot\system32\drivers\msisadrv.sys
0x82862000 \SystemRoot\system32\drivers\pci.sys
0x82889000 \SystemRoot\System32\drivers\partmgr.sys
0x82898000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x8289B000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x828A5000 \SystemRoot\system32\drivers\volmgr.sys
0x828B4000 \SystemRoot\System32\drivers\volmgrx.sys
0x828FE000 \SystemRoot\system32\drivers\pciide.sys
0x82905000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x82913000 \SystemRoot\System32\drivers\mountmgr.sys
0x82923000 \SystemRoot\system32\drivers\atapi.sys
0x8292B000 \SystemRoot\system32\drivers\ataport.SYS
0x82949000 \SystemRoot\system32\drivers\fileinfo.sys
0x82959000 \SystemRoot\system32\drivers\PCTCore.sys
0x82992000 \SystemRoot\system32\drivers\TfFsMon.sys
0x829A3000 \SystemRoot\system32\drivers\TfSysMon.sys
0x82A0F000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82A80000 \SystemRoot\system32\drivers\ndis.sys
0x82B8B000 \SystemRoot\system32\drivers\msrpc.sys
0x82BB6000 \SystemRoot\system32\drivers\NETIO.SYS
0x87C07000 \SystemRoot\System32\drivers\tcpip.sys
0x87CF1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87E0B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87F1B000 \SystemRoot\system32\drivers\wd.sys
0x87F23000 \SystemRoot\system32\drivers\volsnap.sys
0x87F5C000 \SystemRoot\System32\Drivers\spldr.sys
0x87F64000 \SystemRoot\System32\Drivers\mup.sys
0x87F73000 \SystemRoot\System32\drivers\ecache.sys
0x87F9A000 \SystemRoot\system32\drivers\disk.sys
0x87FAB000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87FCC000 \SystemRoot\system32\drivers\crcdisk.sys
0x87FF5000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x87E00000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x87D0C000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87D1C000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87E09000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x87D20000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x87D30000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x87D37000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87D40000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x87D43000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x87D4D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x87D8B000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8BC0C000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8BD0D000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8BD9A000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8BDAA000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8BDB8000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8BDD2000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8BDE1000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x87D9A000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x829B4000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8BDF5000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8C40A000 \SystemRoot\system32\DRIVERS\athr.sys
0x8C607000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8CD49000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8CDEA000 \SystemRoot\System32\drivers\watchdog.sys
0x8C4C3000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8CDF6000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8C4D6000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8C4E1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8CDFB000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8C511000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8C51C000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8C524000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8C553000 \SystemRoot\system32\DRIVERS\storport.sys
0x8C594000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C59F000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8C5B6000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8C5C1000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8C5E4000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x87DEB000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x829CC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x829E1000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8CDFD000 \SystemRoot\system32\DRIVERS\swenum.sys
0x8D003000 \SystemRoot\system32\DRIVERS\ks.sys
0x8D02D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8D037000 \SystemRoot\system32\DRIVERS\umbus.sys
0x8D044000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8D04D000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8D082000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8D093000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8D0C6000 \SystemRoot\system32\drivers\portcls.sys
0x8D0F3000 \SystemRoot\system32\drivers\drmk.sys
0x8D118000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8D40B000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8D50E000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8D5C3000 \SystemRoot\system32\drivers\modem.sys
0x8D5D0000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8D156000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8D5E7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8D5F0000 \SystemRoot\System32\Drivers\Null.SYS
0x8D5F7000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D177000 \SystemRoot\System32\drivers\vga.sys
0x8D183000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D400000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D1A4000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D1AC000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D1B7000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1C5000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8D1CE000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D809000 \??\C:\Windows\System32\drivers\pctgntdi.sys
0x8D840000 \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys
0x8D85D000 \SystemRoot\system32\DRIVERS\smb.sys
0x8D871000 \SystemRoot\system32\drivers\afd.sys
0x8D8B9000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D8EB000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8D8F4000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D90A000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8D918000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8D92B000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8D931000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8D953000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8D959000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8D995000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8D99F000 \SystemRoot\System32\Drivers\dfsc.sys
0x8D9B6000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8D9D8000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8D9DA000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8D9F0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8D1E4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8D800000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x81810000 \SystemRoot\System32\win32k.sys
0x8D1EF000 \SystemRoot\System32\drivers\Dxapi.sys
0x87FD5000 \SystemRoot\system32\DRIVERS\monitor.sys
0x81A30000 \SystemRoot\System32\TSDDD.dll
0x81A50000 \SystemRoot\System32\cdd.dll
0x99E0A000 \SystemRoot\system32\drivers\luafv.sys
0x99E25000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x99E42000 \SystemRoot\system32\drivers\spsys.sys
0x99EF2000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x99F02000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x99F2C000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x99F36000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x99F49000 \SystemRoot\system32\drivers\HTTP.sys
0x99FB6000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x99FD3000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9C408000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9C41D000 \SystemRoot\system32\drivers\mrxdav.sys
0x9C43E000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9C45D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9C496000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9C4AE000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9C4D5000 \SystemRoot\System32\DRIVERS\srv.sys
0x9C53B000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0x9C53D000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9DC06000 \SystemRoot\system32\drivers\peauth.sys
0x9DCE4000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9DCEE000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9DCFA000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9DD02000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0x9DD1F000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0x9DD26000 \??\C:\Windows\System32\drivers\pctplsg.sys
0x9DD36000 \SystemRoot\system32\drivers\MSPQM.sys
0x9DD38000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0x77810000 \Windows\System32\ntdll.dll

Processes (total 65):
0 System Idle Process
4 System
452 C:\Windows\System32\smss.exe
560 C:\Windows\System32\csrss.exe
612 C:\Windows\System32\wininit.exe
624 C:\Windows\System32\csrss.exe
656 C:\Windows\System32\services.exe
672 C:\Windows\System32\lsass.exe
680 C:\Windows\System32\lsm.exe
812 C:\Windows\System32\svchost.exe
848 C:\Windows\System32\winlogon.exe
916 C:\Windows\System32\nvvsvc.exe
944 C:\Windows\System32\svchost.exe
1004 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1100 C:\Windows\System32\svchost.exe
1168 C:\Windows\System32\audiodg.exe
1196 C:\Windows\System32\svchost.exe
1212 C:\Windows\System32\SLsvc.exe
1260 C:\Windows\System32\svchost.exe
1380 C:\Windows\System32\svchost.exe
1560 C:\Windows\System32\spoolsv.exe
1588 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1600 C:\Windows\System32\svchost.exe
1876 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1888 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1936 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2008 C:\Windows\System32\svchost.exe
2024 C:\Windows\System32\svchost.exe
396 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
1156 C:\Windows\System32\svchost.exe
1280 C:\Windows\System32\svchost.exe
1464 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
2104 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
2116 C:\Program Files\Spyware Doctor\pctsAuxs.exe
2144 C:\Program Files\Spyware Doctor\pctsSvc.exe
2220 C:\Windows\System32\svchost.exe
2256 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2296 C:\Windows\System32\svchost.exe
2332 C:\Windows\System32\SearchIndexer.exe
2392 C:\Windows\System32\drivers\XAudio.exe
2412 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2616 C:\Windows\System32\taskeng.exe
2892 C:\Windows\System32\rundll32.exe
3856 C:\Windows\System32\taskeng.exe
3864 C:\Windows\System32\dwm.exe
3880 C:\Program Files\Spyware Doctor\pctsTray.exe
3908 C:\Windows\explorer.exe
2820 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2900 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
3024 C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
3108 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3148 C:\Windows\System32\rundll32.exe
3932 C:\Program Files\Windows Media Player\wmpnscfg.exe
3076 C:\Windows\System32\SearchProtocolHost.exe
3308 C:\Program Files\Mozilla Firefox\firefox.exe
3440 C:\Windows\System32\svchost.exe
3392 C:\Program Files\Windows Media Player\wmpnetwk.exe
2680 C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
4680 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
4840 C:\Program Files\Mozilla Firefox\plugin-container.exe
5512 C:\Users\Ian\Desktop\Downloads\MBRCheck.exe
5692 C:\Windows\System32\SearchFilterHost.exe
5888 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`37514000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice:

Done!

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 22nd September 2010, 9:11 pm

Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 22nd September 2010, 11:08 pm

DragonMaster Jay wrote:Fix using MBRCheck.exe

Run MBRCheck.exe again by double-clicking on it.
  • Wait until you see the following line: Enter 'Y' and hit ENTER for more options, or 'N' to exit:
  • Enter 'Y' and then press Enter.
  • When asked: 'Enter your choice:', select option 2 (Restore the MBR of a physical disk with a standard boot code) and press the Enter key.
  • Now the program will ask: 'Enter the physical disk number to fix (0-99, -1 to cancel)'
  • Enter 0 and press the Enter key.
  • The program will show Available MBR codes followed by a list of operating systems as shown below:
    Available MBR codes:
    [ 0] Default (Windows XP)
    [ 1] Windows XP
    [ 2] Windows Server 2003
    [ 3] Windows Vista
    [ 4] Windows 2008
    [ 5] Windows 7
    [-1] Cancel
    Please select the MBR code to write to this drive:
  • Please select your version of Windows from the list and enter the corresponding number and then press Enter.
  • When prompted for confirmation: "Do you want to fix the MBR code?". Type the full word Yes (not Y or the fix will not work) and press Enter.
  • Left-click on the title bar (where program name and path is written).
  • From the menu chose Edit -> Select All.
  • Press the Enter key to copy selected text.
  • Open Notepad, paste that text into it and save to your desktop as MBRCheck.txt.
  • When complete, you should see Done! Press ENTER to exit.... Press Enter on the keyboard.
  • Reboot your computer to complete the fix and copy/paste MBRCheck.txt in your next reply.
  • If your computer does not restart on its own, please restart it manually.

Important Note: The Master Boot Record contains the Partition Table for the hard disk and a a little executable code for the boot start. While fixing the [You must be registered and logged in to see this link.] is generally safe, there is a small risk of damaging the MBR, which may cause the computer to not boot up or it may corrupt a partition.

The following are signs of a damaged MBR:
  • Invalid Partition Table
  • Missing Operating System
  • Error loading operating system


If it is the worst case scenario, and your computer cannot boot, please take note of the following:

Please have your Windows CD available, which will allow recovering the boot code via the Windows Recovery Console in case of any problems or install the [You must be registered and logged in to see this link.] before proceeding with the above fix. Then, if any problems occur, the links below explain how to use and repair the MBR:

If you do not have a Windows CD available, please let me know. You will need access to a computer that can burn CDs.

My computer now barely stays on for 10 min before shutting itself down. This began a day ago.

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 32-bit
Base Board Manufacturer: Quanta
BIOS Manufacturer: Hewlett-Packard
System Manufacturer: Hewlett-Packard
System Product Name: HP Pavilion dv6700 Notebook PC
Logical Drives Mask: 0x0200001c

Kernel Drivers (total 167):
0x81E07000 \SystemRoot\system32\ntkrnlpa.exe
0x821C0000 \SystemRoot\system32\hal.dll
0x80404000 \SystemRoot\system32\kdcom.dll
0x8040B000 \SystemRoot\system32\PSHED.dll
0x8041C000 \SystemRoot\system32\BOOTVID.dll
0x80424000 \SystemRoot\system32\CLFS.SYS
0x80465000 \SystemRoot\system32\CI.dll
0x80545000 \SystemRoot\system32\drivers\Wdf01000.sys
0x805C1000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x805CE000 \SystemRoot\system32\drivers\fltmgr.sys
0x80601000 \SystemRoot\system32\drivers\acpi.sys
0x80647000 \SystemRoot\system32\drivers\WMILIB.SYS
0x80650000 \SystemRoot\system32\drivers\msisadrv.sys
0x80658000 \SystemRoot\system32\drivers\pci.sys
0x8067F000 \SystemRoot\System32\drivers\partmgr.sys
0x8068E000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x80691000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x8069B000 \SystemRoot\system32\drivers\volmgr.sys
0x806AA000 \SystemRoot\System32\drivers\volmgrx.sys
0x806F4000 \SystemRoot\system32\drivers\pciide.sys
0x806FB000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x80709000 \SystemRoot\System32\drivers\mountmgr.sys
0x80719000 \SystemRoot\system32\drivers\atapi.sys
0x80721000 \SystemRoot\system32\drivers\ataport.SYS
0x8073F000 \SystemRoot\system32\drivers\fileinfo.sys
0x8074F000 \SystemRoot\system32\drivers\PCTCore.sys
0x80788000 \SystemRoot\system32\drivers\TfFsMon.sys
0x80799000 \SystemRoot\system32\drivers\TfSysMon.sys
0x82800000 \SystemRoot\System32\Drivers\ksecdd.sys
0x82871000 \SystemRoot\system32\drivers\ndis.sys
0x8297C000 \SystemRoot\system32\drivers\msrpc.sys
0x829A7000 \SystemRoot\system32\drivers\NETIO.SYS
0x82A06000 \SystemRoot\System32\drivers\tcpip.sys
0x82AF0000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x87C0E000 \SystemRoot\System32\Drivers\Ntfs.sys
0x87D1E000 \SystemRoot\system32\drivers\wd.sys
0x87D26000 \SystemRoot\system32\drivers\volsnap.sys
0x87D5F000 \SystemRoot\System32\Drivers\spldr.sys
0x87D67000 \SystemRoot\System32\Drivers\mup.sys
0x87D76000 \SystemRoot\System32\drivers\ecache.sys
0x87D9D000 \SystemRoot\system32\drivers\disk.sys
0x87DAE000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x87DCF000 \SystemRoot\system32\drivers\crcdisk.sys
0x87C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x82B0B000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x82B14000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x87DF8000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x87DFC000 \SystemRoot\system32\DRIVERS\HpqRemHid.sys
0x82B24000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x82B34000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82B3B000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x87C0B000 \SystemRoot\system32\DRIVERS\nvsmu.sys
0x82B44000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x82B4E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x82B8C000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x8B008000 \SystemRoot\system32\DRIVERS\nvmfdx32.sys
0x8B109000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x8B196000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x8B1A6000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x8B1B4000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x8B1CE000 \SystemRoot\system32\DRIVERS\rimmptsk.sys
0x8B1DD000 \SystemRoot\system32\DRIVERS\rimsptsk.sys
0x82B9B000 \SystemRoot\system32\DRIVERS\rixdptsk.sys
0x829E2000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B1F1000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys
0x8B404000 \SystemRoot\system32\DRIVERS\athr.sys
0x8B60D000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x8BD4F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x8BDF0000 \SystemRoot\System32\drivers\watchdog.sys
0x8B4BD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x8B600000 \SystemRoot\system32\DRIVERS\HpqKbFiltr.sys
0x8B4D0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x8B4DB000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x8B605000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x8B50B000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x8B516000 \SystemRoot\system32\DRIVERS\serscan.sys
0x8B51E000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x8B54D000 \SystemRoot\system32\DRIVERS\storport.sys
0x8B58E000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8B599000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x8B5B0000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x8B5BB000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x8B5DE000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x82BEC000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x807AA000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x8B5ED000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8B607000 \SystemRoot\system32\DRIVERS\swenum.sys
0x807BF000 \SystemRoot\system32\DRIVERS\ks.sys
0x8B1F4000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x807E9000 \SystemRoot\system32\DRIVERS\umbus.sys
0x807F6000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x8C206000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x8C23B000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x8C24C000 \SystemRoot\system32\drivers\CHDRT32.sys
0x8C27F000 \SystemRoot\system32\drivers\portcls.sys
0x8C2AC000 \SystemRoot\system32\drivers\drmk.sys
0x8C2D1000 \SystemRoot\system32\DRIVERS\HSXHWAZL.sys
0x8C60A000 \SystemRoot\system32\DRIVERS\HSX_DPV.sys
0x8C70D000 \SystemRoot\system32\DRIVERS\HSX_CNXT.sys
0x8C7C2000 \SystemRoot\system32\drivers\modem.sys
0x8C7CF000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8C30F000 \SystemRoot\System32\Drivers\usbvideo.sys
0x8C7E6000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x8C7EF000 \SystemRoot\System32\Drivers\Null.SYS
0x8C7F6000 \SystemRoot\System32\Drivers\Beep.SYS
0x8C330000 \SystemRoot\System32\drivers\vga.sys
0x8C33C000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8C600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8C35D000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8C365000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8C370000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8C37E000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x8C387000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8C39D000 \??\C:\Windows\System32\drivers\pctgntdi.sys
0x8C3D4000 \ArcName\multi(0)disk(0)rdisk(0)partition(1)\Windows\system32\drivers\PctWfpFilter.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\smb.sys
0x8CA14000 \SystemRoot\system32\drivers\afd.sys
0x8CA5C000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CA8E000 \SystemRoot\system32\drivers\ws2ifsl.sys
0x8CA97000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CAAD000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CABB000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8CACE000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8CAD4000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0x8CAF6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0x8CAFC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CB38000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8CB42000 \SystemRoot\System32\Drivers\dfsc.sys
0x8CB59000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x8CB7B000 \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys
0x8CB7D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x8CB93000 \SystemRoot\System32\Drivers\crashdmp.sys
0x8CBA0000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8CBAB000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x95260000 \SystemRoot\System32\win32k.sys
0x8CBB3000 \SystemRoot\System32\drivers\Dxapi.sys
0x8CBBD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x95480000 \SystemRoot\System32\TSDDD.dll
0x954A0000 \SystemRoot\System32\cdd.dll
0x8CBCC000 \SystemRoot\system32\drivers\luafv.sys
0x8CBE7000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x9A609000 \SystemRoot\system32\drivers\spsys.sys
0x9A6B9000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x9A6C9000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x9A6F3000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x9A6FD000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9A710000 \SystemRoot\system32\drivers\HTTP.sys
0x9A77D000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A79A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x9A7B3000 \SystemRoot\System32\drivers\mpsdrv.sys
0x9A7C8000 \SystemRoot\system32\drivers\mrxdav.sys
0x87DD8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9BE06000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9BE3F000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9BE57000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9BE7E000 \SystemRoot\System32\DRIVERS\srv.sys
0x9BEE4000 \SystemRoot\System32\Drivers\MCSTRM.SYS
0x9BEE6000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0x9BEEA000 \SystemRoot\system32\drivers\peauth.sys
0x9BFC8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9BFD2000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9BFDE000 \SystemRoot\system32\DRIVERS\xaudio.sys
0x9E602000 \??\C:\Program Files\HP\QuickPlay\000.fcl
0x9E61F000 \??\C:\Program Files\Spyware Doctor\PCTSDInj32.sys
0x9E626000 \??\C:\Windows\System32\drivers\pctplsg.sys
0x9E636000 \??\C:\Windows\system32\drivers\TfNetMon.sys
0x77090000 \Windows\System32\ntdll.dll

Processes (total 70):
0 System Idle Process
4 System
432 C:\Windows\System32\smss.exe
500 C:\Windows\System32\csrss.exe
552 C:\Windows\System32\wininit.exe
564 C:\Windows\System32\csrss.exe
596 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
624 C:\Windows\System32\lsm.exe
756 C:\Windows\System32\svchost.exe
824 C:\Windows\System32\nvvsvc.exe
848 C:\Windows\System32\winlogon.exe
888 C:\Windows\System32\svchost.exe
924 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1008 C:\Windows\System32\svchost.exe
1028 C:\Windows\System32\svchost.exe
1096 C:\Windows\System32\audiodg.exe
1120 C:\Windows\System32\svchost.exe
1136 C:\Windows\System32\SLsvc.exe
1192 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1548 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1564 C:\Windows\System32\svchost.exe
1836 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1848 C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
1868 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
1936 C:\Windows\System32\svchost.exe
204 C:\Windows\System32\svchost.exe
352 C:\Program Files\Sony\PMB\PMBDeviceInfoProvider.exe
440 C:\Windows\System32\svchost.exe
476 C:\Windows\System32\svchost.exe
472 C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
1668 C:\Program Files\CyberLink\Shared Files\RichVideo.exe
1884 C:\Program Files\Spyware Doctor\pctsAuxs.exe
304 C:\Program Files\Spyware Doctor\pctsSvc.exe
504 C:\Windows\System32\svchost.exe
2080 C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
2156 C:\Windows\System32\svchost.exe
2184 C:\Windows\System32\SearchIndexer.exe
2236 C:\Windows\System32\drivers\XAudio.exe
2268 C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
2664 C:\Windows\System32\rundll32.exe
3396 C:\Windows\System32\taskeng.exe
3404 C:\Windows\System32\dwm.exe
3464 C:\Windows\explorer.exe
3480 C:\Windows\System32\taskeng.exe
3988 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
2444 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1528 C:\Windows\System32\rundll32.exe
1212 C:\Program Files\Spyware Doctor\pctsTray.exe
2824 C:\Program Files\Windows Sidebar\sidebar.exe
2856 C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
3476 C:\Program Files\Mozilla Firefox\firefox.exe
1700 C:\Windows\System32\svchost.exe
1308 C:\Program Files\Spyware Doctor\TFEngine\TFService.exe
5176 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
5368 C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
2392 C:\Program Files\Mozilla Firefox\plugin-container.exe
156 C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
5592 C:\Windows\servicing\TrustedInstaller.exe
5672 C:\Windows\System32\VSSVC.exe
2148 C:\Windows\System32\SearchProtocolHost.exe
5020 C:\Windows\System32\svchost.exe
3100 C:\Users\Administrator\Downloads\MBRCheck.exe
3868 C:\Windows\System32\SearchFilterHost.exe
3004 C:\Windows\System32\wuauclt.exe
5220 C:\Windows\System32\msiexec.exe
5320

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000037`37514000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Unknown MBR code
SHA1: D94F393960D1CD66C2071F2D7260A5196DF105AC


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Options:
[1] Dump the MBR of a physical disk to file.
[2] Restore the MBR of a physical disk with a standard boot code.
[3] Exit.

Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): 0Available MBR codes:
[ 0] Default (Windows Vista)
[ 1] Windows XP
[ 2] Windows Server 2003
[ 3] Windows Vista
[ 4] Windows 2008
[ 5] Windows 7
[-1] Cancel

Please select the MBR code to write to this drive: 3
Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: YES
Successfully wrote new MBR code!
Please reboot your computer to complete the fix.


Done!

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 23rd September 2010, 9:10 pm

Oh not good.

Place the Vista disc in the drive (if you have one), and boot from it.

You need to access Startup Repair.

Let me know if it finds anything bad.

It may be a hardware issue, too.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by IJG on 24th September 2010, 5:35 pm

DragonMaster Jay wrote:Oh not good.

Place the Vista disc in the drive (if you have one), and boot from it.

You need to access Startup Repair.

Let me know if it finds anything bad.

It may be a hardware issue, too.

It's not looking good. I don't think I have a Vista disc. Last night I tried to boot up and Windows just wouldn't start. When I tried to reboot, the system actually went into Startup Repair on its own and said that it couldn't fix the issue. But I can access Windows again, albeit for only a few minutes. When it shuts down I notice a smell coming from the fan area that smells a bit like burnt plastic, although the laptop is only warm.

IJG
Novice
Novice

Posts Posts : 8
Joined Joined : 2010-09-18
OS OS : vista
Points Points : 22868
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Google redirect virus + strange fan noise

Post by Dr Jay on 25th September 2010, 2:09 am

It is a hardware issue. If you do not know how to service the laptop, I will say to take it to a hardware shop (computer repair shop) immediately, and tell them you have an emergency issue of burning inside the case.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 14317
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 303008
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum