GeekPolice
Welcome to GeekPolice.net!

From "wow" to "whoa" - we're teaching practical technology and helping others with tech support. Join our family here!

You are viewing the forum as a "Guest" which doesn't give you member privileges to ask questions or post comments.

Take 30 seconds to register or log in below and unlock the limitations of this website to discover new computer knowledge!

problem when clicking on links in firefox...redirected to a different page.

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Go down

problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Mar 30, 2011 11:13 am


lately, when I search for a topic and then click on a link provided (in google) I am redirected to a different page. also, in firefox, random pages will open in a new tab all on their own. they are always spam type pages. I have run AVG, super anti-spyware, and maleware bites anti maleware but can't get rid of it. hijack this is included below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:25 AM, on 3/30/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9fb9d112482d4) (gupdate1c9fb9d112482d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 8716 bytes


any disasters you see, please feel free to comment.

thanks,
Jeremy

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed Mar 30, 2011 2:38 pm

Hello Jeremy,

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end! If your computer starts running better, doesn´t mean it is clean yet!

====================

For the next step we need to uninstall AVG antivirus, because it will interfere with our tools. Use the uninstaller below.
Do not worry, about being temporarily unprotected (it hasn´t helped preventing this infection, has it?). We will reinstall it later.

  • Please download AppRemover by OPSWAT from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Double-click AppRemover.exe.
  • Unselect Enable anonymous usage statistics
  • Click Next>>
  • Make sure Remove security Application is selected and click Next>> to start a scan of installed security software.
  • Click Next>>
  • Select AVG and click Next>>
  • AppRemover will start the uninstall process. This may take a few minutes.
  • Once completed you may be prompted to restart your system. Please do so.


====================

With AVG out of the way, we can now use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop.

Doubleclick ComboFix.exe to run the tool. Please post its log back here.


Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Mar 30, 2011 4:36 pm

I followed your directions and ran appremover. now I'm trying to run combofix for the first time and I keep getting a warning that AVG is still on the computer. I re-booted and ran appremover one more time, AVG didn't show up on the scan, but malwarebytes anti-malware did (the first time it showed up too). so I uninstalled this program as well, just in case. I tried combofix again, same result (re:avg). I downloaded combofix again and ran the 2nd version of this and still got the avg message.


jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu Mar 31, 2011 6:44 am

*sigh*

AVG is not a bad antivirus, but it is a pain in the behind to remove.

Have you tried to click the "Applications not found? Try this" option in AppRemover? This option (with a green exclamation Mark (!) will show up after the scan for security applications.

If that does not work, lets try another tool

====================

Download and install Revo Uninstaller from [You must be registered and logged in to see this link.].

  • Run Revo Uninstaller
  • Find the program you want to uninstall (AVG), click it and click the Uninstall button
  • When prompted for an uninstall mode choose Advanced
  • Follow the prompts to uninstall the program and related registry entries


Hopefully you get combofix running.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu Mar 31, 2011 12:28 pm

I tried the "Applications not found? Try this" option in AppRemover. AVG did not show up on the list. I tried REVO Uninstaller, and again, AVG did not show up on the installed applications list. since first running appremover, there has been no evidence of avg on my pc. it hasn't shown up on the add/remove programs list, the icons are gone...but something, somewhere must be holding on. I tried to re-install AVG in order to try uninstalling it again, but the installation failed, twice. oh boy, computers are fun.

here's some additional info about my PC:
C: 75.4GB total space/45GB free space contains operating system and no real important saved info.
E: internal drive 114GB total/45GB free contains my documents, photos etc...
G: external drive 931GBtotal/411GBfree back up of C, E, and H.
H: external drive 298GBtotal/205GB free contains music

This machine is about 6 years old and I have never reformatted...Is this a reasonable option, considering all my vital info is on different drives and backed up? Maybe I'm ahead of myself...? (I'm due for a new machine, but when this one works, it does what I need it to...and it usually works.)

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu Mar 31, 2011 8:34 pm

We do not give up yet. My teachers have shown me another tool you can use. Lets see if that is more successful.

The below will take care of AVG.

Note: Make sure you only delete AVG products.

Remove AVG Anti-Virus WMI Registration
  1. Click on the Start menu.
  2. Select Run...
  3. Type wbemtest and click OK
  4. Click Connect
  5. Type (or copy/paste) root/SecurityCenter in the NameSpace box
  6. Click Connect
  7. Click on Query
  8. Type in or copy / paste SELECT * FROM AntiVirusProduct and click on Apply

If there is more than one result, it means there is more than one Antivirus program installed.
Double click on each result to view the properties for that Antivirus product.
Identify the product(s) installed and DELETE any records for AVG Anti-Virus
Click Close and Exit out. Please let me know if this worked for you?



Try Combofix after this, please. Bring me some good news Smile

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 2:50 am

I followed the steps outlined above for WMI tester and there were zero results from the query. I tried combofix again and got the same AVG message...

I have a large hammer, just say the word...

eta: I'm just kidding about the hammer. just trying to keep things light. I appreciate your help!!

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Sat Apr 02, 2011 2:53 pm

Use your large hammer on whoever invented AVG.
I give up. With combofix that is. We try two other tools that will deal with your infection.

====================
  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your Desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).


====================
Please download OTL by OldTimer from [You must be registered and logged in to see this link.] and save it to your Desktop.
  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
/md5start
atapi.sys
explorer.exe
iastor.sys
userinit.exe
winlogon.exe
/md5stop
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need to use two posts to get it all.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 3:38 pm

tdsskiller report:

2011/04/02 11:35:09.0187 3816 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 11:35:09.0531 3816 ================================================================================
2011/04/02 11:35:09.0531 3816 SystemInfo:
2011/04/02 11:35:09.0531 3816
2011/04/02 11:35:09.0562 3816 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/02 11:35:09.0562 3816 Product type: Workstation
2011/04/02 11:35:09.0562 3816 ComputerName: MY-A2A4159540F8
2011/04/02 11:35:09.0562 3816 UserName: Jeremy C
2011/04/02 11:35:09.0562 3816 Windows directory: C:\WINDOWS
2011/04/02 11:35:09.0562 3816 System windows directory: C:\WINDOWS
2011/04/02 11:35:09.0562 3816 Processor architecture: Intel x86
2011/04/02 11:35:09.0562 3816 Number of processors: 1
2011/04/02 11:35:09.0562 3816 Page size: 0x1000
2011/04/02 11:35:09.0562 3816 Boot type: Normal boot
2011/04/02 11:35:09.0562 3816 ================================================================================
2011/04/02 11:35:10.0078 3816 Initialize success
2011/04/02 11:35:17.0046 3000 ================================================================================
2011/04/02 11:35:17.0046 3000 Scan started
2011/04/02 11:35:17.0046 3000 Mode: Manual;
2011/04/02 11:35:17.0046 3000 ================================================================================
2011/04/02 11:35:18.0609 3000 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/02 11:35:18.0828 3000 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/02 11:35:19.0093 3000 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/02 11:35:19.0281 3000 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/02 11:35:19.0406 3000 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/02 11:35:19.0640 3000 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/02 11:35:20.0453 3000 ALCXWDM (34fc779e3ce6964546e02596acc8ff48) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/02 11:35:21.0906 3000 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/04/02 11:35:22.0093 3000 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/02 11:35:22.0265 3000 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/02 11:35:22.0546 3000 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/02 11:35:22.0843 3000 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/02 11:35:23.0187 3000 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/02 11:35:23.0421 3000 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/04/02 11:35:23.0765 3000 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/04/02 11:35:23.0921 3000 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/04/02 11:35:24.0031 3000 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/04/02 11:35:24.0156 3000 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/02 11:35:24.0390 3000 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/02 11:35:24.0703 3000 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/02 11:35:24.0890 3000 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/02 11:35:25.0062 3000 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2011/04/02 11:35:25.0281 3000 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/02 11:35:26.0640 3000 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/02 11:35:26.0828 3000 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/02 11:35:27.0062 3000 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/02 11:35:27.0234 3000 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/02 11:35:27.0484 3000 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/02 11:35:27.0890 3000 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/02 11:35:28.0234 3000 EUBAKUP (3e5ddbd7405ad6f59f0646a15c754079) C:\WINDOWS\system32\drivers\eubakup.sys
2011/04/02 11:35:28.0484 3000 EuDisk (155666649521732bd4cc1a10823515f0) C:\WINDOWS\system32\DRIVERS\EuDisk.sys
2011/04/02 11:35:28.0703 3000 EUDSKACS (1acc054dfcc3a53cdbc8cfd6b111346f) C:\WINDOWS\system32\drivers\eudskacs.sys
2011/04/02 11:35:28.0875 3000 EUFS (a0dea491ac141207b348013725651044) C:\WINDOWS\system32\drivers\eufs.sys
2011/04/02 11:35:29.0093 3000 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/02 11:35:29.0328 3000 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/02 11:35:29.0453 3000 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/02 11:35:29.0671 3000 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/02 11:35:29.0781 3000 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/02 11:35:29.0984 3000 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/02 11:35:30.0140 3000 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/02 11:35:30.0312 3000 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/02 11:35:30.0453 3000 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/02 11:35:30.0750 3000 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/02 11:35:31.0078 3000 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/02 11:35:31.0515 3000 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/02 11:35:31.0718 3000 ialm (afa7c99d211a2aff21a287bc4264cde6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/02 11:35:31.0937 3000 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/02 11:35:32.0281 3000 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/02 11:35:32.0468 3000 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/02 11:35:32.0625 3000 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/02 11:35:32.0843 3000 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/02 11:35:32.0984 3000 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/02 11:35:33.0156 3000 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/02 11:35:33.0484 3000 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/02 11:35:33.0671 3000 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/02 11:35:33.0859 3000 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/02 11:35:34.0156 3000 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/02 11:35:34.0343 3000 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/02 11:35:34.0531 3000 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/02 11:35:35.0156 3000 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/02 11:35:35.0296 3000 mf (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/04/02 11:35:35.0453 3000 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/02 11:35:35.0734 3000 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/02 11:35:35.0890 3000 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/02 11:35:36.0078 3000 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/02 11:35:36.0218 3000 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/02 11:35:36.0656 3000 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/02 11:35:36.0796 3000 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/02 11:35:37.0140 3000 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/02 11:35:37.0328 3000 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/02 11:35:37.0515 3000 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/02 11:35:37.0734 3000 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/02 11:35:37.0921 3000 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/02 11:35:38.0046 3000 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/02 11:35:38.0203 3000 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/02 11:35:38.0359 3000 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/02 11:35:38.0546 3000 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/02 11:35:38.0718 3000 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/02 11:35:38.0890 3000 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/02 11:35:39.0109 3000 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/02 11:35:39.0328 3000 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/02 11:35:39.0562 3000 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/02 11:35:39.0734 3000 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/02 11:35:39.0921 3000 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/02 11:35:40.0312 3000 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/02 11:35:40.0593 3000 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/02 11:35:40.0875 3000 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/04/02 11:35:41.0031 3000 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/02 11:35:41.0171 3000 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/02 11:35:41.0296 3000 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/02 11:35:41.0453 3000 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/02 11:35:41.0593 3000 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/02 11:35:41.0781 3000 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/02 11:35:41.0921 3000 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/02 11:35:42.0234 3000 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/02 11:35:42.0421 3000 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/02 11:35:42.0578 3000 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/02 11:35:44.0296 3000 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/04/02 11:35:44.0500 3000 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/02 11:35:44.0765 3000 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/02 11:35:44.0906 3000 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/02 11:35:45.0125 3000 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/02 11:35:46.0078 3000 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/02 11:35:46.0234 3000 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/02 11:35:46.0437 3000 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/02 11:35:46.0625 3000 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/02 11:35:46.0765 3000 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/02 11:35:46.0937 3000 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/02 11:35:47.0296 3000 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/02 11:35:47.0515 3000 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/02 11:35:47.0828 3000 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/02 11:35:48.0000 3000 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/02 11:35:48.0125 3000 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/02 11:35:48.0296 3000 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/02 11:35:48.0562 3000 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/02 11:35:48.0828 3000 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/02 11:35:49.0046 3000 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/02 11:35:49.0328 3000 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/02 11:35:49.0734 3000 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/02 11:35:49.0953 3000 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/04/02 11:35:50.0281 3000 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/02 11:35:50.0515 3000 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/02 11:35:50.0796 3000 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/02 11:35:51.0125 3000 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/02 11:35:51.0328 3000 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/02 11:35:51.0484 3000 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/02 11:35:52.0203 3000 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/02 11:35:52.0500 3000 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/02 11:35:52.0656 3000 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/02 11:35:52.0875 3000 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/02 11:35:52.0984 3000 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/02 11:35:53.0359 3000 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/02 11:35:53.0625 3000 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/02 11:35:53.0937 3000 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/02 11:35:54.0093 3000 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/02 11:35:54.0296 3000 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/02 11:35:54.0437 3000 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/02 11:35:54.0625 3000 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/02 11:35:54.0796 3000 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/02 11:35:54.0953 3000 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/02 11:35:55.0171 3000 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/02 11:35:55.0312 3000 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/02 11:35:55.0437 3000 USB_RNDIS_XP (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/04/02 11:35:55.0656 3000 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/02 11:35:56.0015 3000 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/02 11:35:56.0296 3000 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
2011/04/02 11:35:56.0625 3000 VX6000 (23c729c7c2465c901f52979b0a43e0e4) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/04/02 11:35:56.0921 3000 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/02 11:35:57.0140 3000 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/02 11:35:57.0484 3000 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/02 11:35:58.0093 3000 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/02 11:35:58.0375 3000 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/02 11:35:58.0578 3000 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/02 11:35:58.0750 3000 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/02 11:35:59.0000 3000 X4HSX32 (28a27b68984b068567f109204ef74e0d) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
2011/04/02 11:35:59.0359 3000 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/02 11:35:59.0531 3000 ================================================================================
2011/04/02 11:35:59.0531 3000 Scan finished
2011/04/02 11:35:59.0531 3000 ================================================================================
2011/04/02 11:35:59.0578 0604 Detected object count: 1
2011/04/02 11:37:45.0578 0604 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/02 11:37:45.0578 0604 \HardDisk0 - ok
2011/04/02 11:37:45.0578 0604 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:20 pm

extras.txt:

OTL Extras logfile created on: 4/2/2011 11:40:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeremy C\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.10 Gb Free Space | 65.88% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 45.74 Gb Free Space | 39.95% Space Free | Partition Type: NTFS

Computer Name: MY-A2A4159540F8 | User Name: Jeremy C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"6881:TCP" = 6881:TCP:*:Enabled:utorrent
"6882:TCP" = 6882:TCP:*:Enabled:utorrent2
"6883:TCP" = 6883:TCP:*:Enabled:utorrent3
"59993:TCP" = 59993:TCP:*:Enabled:Azureus

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Grisoft\AVG Free\avginet.exe" = C:\Program Files\Grisoft\AVG Free\avginet.exe:*:Enabled:avginet.exe
"C:\Program Files\Grisoft\AVG Free\avgamsvr.exe" = C:\Program Files\Grisoft\AVG Free\avgamsvr.exe:*:Enabled:avgamsvr.exe
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader
"C:\Program Files\GameTap\bin\Release\gametap.exe" = C:\Program Files\GameTap\bin\Release\gametap.exe:*:Enabled:gametap -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\RedlightCenter\RedLightCenter\Redlightcenter.exe" = C:\Program Files\RedlightCenter\RedLightCenter\Redlightcenter.exe:*:Enabled:Redlightcenter
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe
"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\SecondLife\SLVoice.exe" = C:\Program Files\SecondLife\SLVoice.exe:*:Disabled:SLVoice
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird -- (Mozilla Messaging)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\pfs\callatl\rteng9.exe" = C:\pfs\callatl\rteng9.exe:*:Enabled:Adaptive Server Anywhere Network Server -- (iAnywhere Solutions, Inc.)
"C:\Program Files\VideoLAN\VLC\vlc.exe" = C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player -- ()
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Program Files\AVG\AVG9\avgupd.exe" = C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)
"C:\Program Files\AVG\AVG9\avgnsx.exe" = C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Azureus\Azureus.exe" = C:\Program Files\Azureus\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0D6D96F4-0CAF-4522-B05F-70A88EDECDFD}" = ArcSoft Print Creations
"{0F92D4CE-8D3C-48FE-89C9-5CB7C02F8FB0}" = Fisher-Price Leo and the Dinosaurs
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_Pro9000_II_series" = Canon Pro9000 II series Printer Driver
"{12E75B98-8463-4C1F-8DDA-F6CF31566A55}" = Google SketchUp Pro 6
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{188993D8-9B2B-475B-89DE-381419A9C1E4}" = Fisher-Price Clifford's Classroom
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1E04F83B-2AB9-4301-9EF7-E86307F79C72}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{206A595B-6ED6-4547-9293-C448139826EC}" = CallAtlanta
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{34E9641A-7DB3-4F08-961E-5069F533A0C1}" = Brother MFL-Pro Suite
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{43D2A1DD-69C9-4E86-8F51-4890A6263863}" = VTech® Photo Editor
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4ecaf021-478c-40c1-b777-3368a15f9966}" = Macromedia Flash Player
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6BCB7EAA-598C-4836-B7EA-3642E41AA222}" = Microsoft LifeCam
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B08D306-7266-4647-A926-2F78817ED1E0}" = Microsoft Corporation
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"{83682B4C-B98C-4BEB-97CC-8EAD2AF9E4C6}" = MyIdentityDefender Toolbar (CyberDefender Corporation)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8C5FAD77-F678-4758-A296-C12F08D179E0}" = Microsoft IntelliPoint 6.2
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9D18465E-8B80-4AC1-8ABB-B42978B171E3}" = HP Photo and Imaging 1.0 - Scanjet 2300c Series
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{AEF2D1F3-0696-11D5-8E6A-00C04F7FA234}" = PaperPort 8.0 SE
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B5F5F271-F80A-4963-BF29-43B16E5EB388}" = NetObjects Fusion 11.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C12D609B-EB71-411B-82C3-9BE6D40435D7}" = Google SketchUp LayOut 6
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C3DE07CB-036F-45BC-85BD-D6FFC5D33603}" = TurboTax 2008 wnyiper
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB16F6D9-EBC9-4BC6-B917-7AF53E99C067}" = LightScribe System Software 1.17.90.1
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03E7B00-CA85-4684-9321-1888873C34BD}" = ArcSoft PhotoImpression 6
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D1BB4446-AE9C-4256-9A7F-4D46604D2462}" = Adobe Setup
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D76D1828-BBA0-4BD9-8181-5ACC617DC5F2}" = Virtual Earth 3D (Beta)
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DBCC73BA-C69A-4BF5-B4BF-F07501EE7039}" = AnswerWorks 5.0 English Runtime
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EB459C2F-41CA-4222-B9CA-F8EBA40B8DAB}" = Google SketchUp 6 Exporters
"{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"{ED2A3C11-3EA8-4380-B59C-F2C1832731B0}" = Quicken 2009
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB4F9000-04FC-11E0-85D2-001AA037B01E}" = Google Earth Plug-in
"8461-7759-5462-8226" = Vuze
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.0 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_2ac78060bc5856b0c1cf873bb919b58" = Adobe Photoshop CS3
"Ask Toolbar_is1" = Vuze Toolbar
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.6 (Unicode)
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Azureus" = Azureus
"CAL" = Canon Camera Access Library
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon Internet Library for ZoomBrowser EX" = Canon Internet Library for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"Canon Pro9000 Mark II series User Registration" = Canon Pro9000 Mark II series User Registration
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"conduitEngine" = Conduit Engine
"CSCLIB" = Canon Camera Support Core Library
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DPP" = Canon Utilities Digital Photo Professional 3.8
"DzSoftPPSlideShowConv_is1" = PowerPoint Slide Show Converter 3.1
"EASEUS Todo Backup Home 2.0_is1" = EASEUS Todo Backup Home 2.0
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-PhotoPrint Pro" = Canon Utilities Easy-PhotoPrint Pro
"Edmark's Early Academic Software Series 3.1.1" = Edmark's Early Academic Software Series v3.1.1
"EOS Utility" = Canon Utilities EOS Utility
"EPSON Printer and Utilities" = EPSON Printer Software
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"ffdshow_is1" = ffdshow [rev 2527] [2008-12-19]
"foobar2000" = foobar2000 v0.9.6.3
"Google Chrome" = Google Chrome
"Graboid Video" = Graboid Video 1.73
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0F92D4CE-8D3C-48FE-89C9-5CB7C02F8FB0}" = Fisher-Price Leo and the Dinosaurs
"InstallShield_{188993D8-9B2B-475B-89DE-381419A9C1E4}" = Fisher-Price Clifford's Classroom
"InstallShield_{2A30052B-831C-41D3-8044-3C0388066350}" = Seagate Manager Installer
"InstallShield_{803805A4-A3F7-4504-8B19-9A63BC8A4551}" = Fisher-Price Computer Cool School
"InstallShield_{85DE22DE-CB29-4A0C-8930-09BC030F64BF}" = Fisher-Price Dora and Diego's Classroom
"InstallShield_{EBA4ECB6-8F08-4E3F-A1D1-6564931DFEAF}" = Fisher-Price Scooby-Doo's Classroom
"InterActual Player" = InterActual Player
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Magic ISO Maker v5.4 (build 0251)" = Magic ISO Maker v5.4 (build 0251)
"MagicDisc 2.5.79" = MagicDisc 2.5.79
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"Mozilla Thunderbird (3.1.7)" = Mozilla Thunderbird (3.1.7)
"MP4 to MP3 Converter" = MP4 to MP3 Converter
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Opera 11.01.1190" = Opera 11.01
"Original Data Security Tools" = Canon Utilities Original Data Security Tools
"PCI Desk" = PCI Desk Wallpaper
"PCI Screen Saver" = PCI Screen Saver
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureDC" = Canon Utilities RemoteCapture DC
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"Revo Uninstaller" = Revo Uninstaller 1.91
"Road Runner Install_is1" = Road Runner Install
"RoadRunnerMedic6.1_is1" = Road Runner Medic 6.1
"Shutterfly Plugin" = Shutterfly Plugin
"SmartDraw 2008" = SmartDraw 2008
"SmartDraw PDF Filter" = SmartDraw PDF Filter
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2007" = TurboTax Deluxe 2007
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 0.9.2
"Vuze_Remote Toolbar" = Vuze Remote Toolbar
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"WFTK" = Canon Utilities WFT Utility
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xilisoft DVD Ripper Platinum" = Xilisoft DVD Ripper Platinum 4
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Internet Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/1/2011 12:06:00 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 1:39:05 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 1:39:26 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 1:39:48 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 1:40:35 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 1:41:09 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 2:50:59 PM | Computer Name = MY-A2A4159540F8 | Source = Application Error | ID = 1004
Description = Faulting application svchost.exe, version 0.0.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/1/2011 10:51:57 PM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

Error - 4/1/2011 10:52:37 PM | Computer Name = MY-A2A4159540F8 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.2180, faulting
module mshtml.dll, version 8.0.6001.18928, fault address 0x000891e4.

Error - 4/2/2011 7:17:25 AM | Computer Name = MY-A2A4159540F8 | Source = MsiInstaller | ID = 11327
Description = Product: Microsoft Office 2000 Small Business -- Error 1327. Invalid
Drive: G:\

[ System Events ]
Error - 4/1/2011 10:40:15 PM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 4/1/2011 10:45:46 PM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7034
Description = The EASEUS Agent service terminated unexpectedly. It has done this
1 time(s).

Error - 4/2/2011 6:49:50 AM | Computer Name = MY-A2A4159540F8 | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 4/2/2011 6:50:14 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7003
Description = The AVGIDSAgent service depends on the following nonexistent service:
AVGIDSDriver

Error - 4/2/2011 6:50:14 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7000
Description = The iPodDrv service failed to start due to the following error: %%2

Error - 4/2/2011 6:50:14 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7023
Description = The Intel CPU service terminated with the following error: %%126

Error - 4/2/2011 6:50:14 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 4/2/2011 6:50:14 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7023
Description = The srv8D4 service terminated with the following error: %%127

Error - 4/2/2011 6:50:18 AM | Computer Name = MY-A2A4159540F8 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 4/2/2011 6:54:29 AM | Computer Name = MY-A2A4159540F8 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:21 pm

OTL.txt part 1:

OTL logfile created on: 4/2/2011 11:40:16 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeremy C\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free
4.00 Gb Paging File | 2.00 Gb Available in Paging File | 42.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.10 Gb Free Space | 65.88% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 45.74 Gb Free Space | 39.95% Space Free | Partition Type: NTFS

Computer Name: MY-A2A4159540F8 | User Name: Jeremy C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
PRC - [2011/03/20 09:07:52 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/03/20 09:07:50 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/01/22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2004/12/14 05:44:40 | 000,069,632 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/01 09:16:41 | 000,029,696 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp] -- (srv8D4)
SRV - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/02/16 10:39:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/10 11:44:49 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/23 10:00:52 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 08:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b82861b&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:16:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/03/20 09:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/26 23:51:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/11 19:10:20 | 000,000,000 | ---D | M]

[2011/02/28 09:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions
[2011/01/24 09:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/27 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions
[2011/03/01 13:20:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/28 09:54:55 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/28 09:54:56 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/03 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 18:36:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\FFEXT@FBBUTTON.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/12/02 18:35:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/02 18:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 01:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srv8D4 - \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp ()
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe - (Adobe Systems Incorporated)
MsConfig - StartUpFolder: C:^Documents and Settings^My Computer^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Active Desktop Calendar - hkey= - key= - File not found
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - File not found
MsConfig - StartUpReg: AV Care - hkey= - key= - File not found
MsConfig - StartUpReg: brastk - hkey= - key= - File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CyberDefender Registry Cleaner - hkey= - key= - File not found
MsConfig - StartUpReg: doubleTwist - hkey= - key= - File not found
MsConfig - StartUpReg: DriverCure - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus Photo R280 Series (Copy 1) - hkey= - key= - File not found
MsConfig - StartUpReg: FBSearch - hkey= - key= - File not found
MsConfig - StartUpReg: FPCCSMiddleware - hkey= - key= - C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\Scansoft\PaperPort\IndexSearch.exe ()
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: medicsp2 - hkey= - key= - C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: Monopod - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SmileboxTray - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: sysldtray - hkey= - key= - File not found
MsConfig - StartUpReg: system tool - hkey= - key= - File not found
MsConfig - StartUpReg: tmwdssur - hkey= - key= - File not found
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: VX6000 - hkey= - key= - C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: srv8D4 - \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp ()
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {03F998B2-0E00-11D3-A498-00104B6EB52E} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - Viewpoint Media Player
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5B428065-CE2B-CC7D-6974-1430E5E154F1} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9B398258-FFC0-D4F7-C9A1-D332B960E724} - Java (Sun)
ActiveX: {9BCC61B9-F03A-5098-4810-52C0C184341A} - DirectX
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {ACC563BC-4266-43f0-B6ED-9D38C4202C7E} -
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DB9D75DA-A2E8-FB40-4247-A6A345E31C34} - NetShow
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 11:34:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/04/02 11:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/03/31 11:11:10 | 000,546,816 | ---- | C] (TFTC) -- C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[2011/03/31 06:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Start Menu\Programs\Revo Uninstaller
[2011/03/31 06:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/31 06:15:13 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Jeremy C\Desktop\revosetup.exe
[2011/03/30 22:15:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/30 20:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/30 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/30 20:23:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Jeremy C\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/30 13:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/03/30 11:58:17 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeremy C\Desktop\AppRemover.exe
[2011/03/30 11:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/27 13:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/27 13:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/26 23:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Thunderbird
[2011/03/26 23:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Thunderbird
[2011/03/26 11:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/03/26 11:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/03/25 22:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/25 00:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/25 00:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/24 20:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/24 20:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/03/24 20:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/24 20:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/15 09:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/15 08:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/15 08:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/14 09:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Desktop\Resume etc
[2011/03/04 17:24:14 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12
[2011/03/04 11:03:34 | 000,000,000 | ---D | C] -- C:\Program Files\Lame For Audacity
[2011/03/04 09:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Application Data\Audacity
[2011/03/04 09:22:07 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/03/04 09:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Start Menu\Programs\HiJackThis
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/04/02 11:34:00 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/04/02 07:21:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/02 06:52:25 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/02 06:48:58 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/31 11:11:16 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\1385E.sys
[2011/03/31 11:11:10 | 000,546,816 | ---- | M] (TFTC) -- C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[2011/03/31 06:15:49 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\Revo Uninstaller.lnk
[2011/03/31 06:15:03 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Jeremy C\Desktop\revosetup.exe
[2011/03/30 20:23:32 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Jeremy C\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/30 20:21:37 | 004,310,058 | R--- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\ComboFix.exe
[2011/03/30 20:14:18 | 000,002,162 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/03/30 11:18:22 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeremy C\Desktop\AppRemover.exe
[2011/03/30 07:12:44 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\HiJackThis.lnk
[2011/03/29 22:36:52 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/03/29 22:36:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/29 11:10:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 21:45:39 | 000,025,261 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\166878_1776834749666_1503290023_3208419_4722233_n.jpg
[2011/03/21 10:28:55 | 000,076,056 | ---- | M] () -- C:\DC6810xp-001.raw
[2011/03/15 16:06:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/14 09:57:03 | 000,011,201 | ---- | M] () -- E:\My Documents\Professional References.pdf
[2011/03/14 09:55:03 | 000,009,000 | ---- | M] () -- E:\My Documents\cover letter.pdf
[2011/03/13 11:40:29 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:40:29 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/07 09:41:42 | 000,025,556 | ---- | M] () -- E:\My Documents\banjoclown3a.jpg
[2011/03/06 19:07:54 | 000,133,799 | ---- | M] () -- E:\My Documents\banjoclown3.jpg
[2011/03/04 21:13:30 | 000,061,494 | ---- | M] () -- E:\My Documents\banjoass.jpg
[2011/03/04 17:25:45 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/04 16:55:00 | 000,000,013 | ---- | M] () -- C:\Documents and Settings\Jeremy C\cvdm.err
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:23 pm

========== Files Created - No Company Name ==========

[2011/03/31 11:11:16 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\1385E.sys
[2011/03/31 06:15:49 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\Revo Uninstaller.lnk
[2011/03/30 20:21:43 | 004,310,058 | R--- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\ComboFix.exe
[2011/03/22 21:43:59 | 000,025,261 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\166878_1776834749666_1503290023_3208419_4722233_n.jpg
[2011/03/15 16:06:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/14 09:57:00 | 000,011,201 | ---- | C] () -- E:\My Documents\Professional References.pdf
[2011/03/14 09:54:49 | 000,009,000 | ---- | C] () -- E:\My Documents\cover letter.pdf
[2011/03/07 09:41:40 | 000,025,556 | ---- | C] () -- E:\My Documents\banjoclown3a.jpg
[2011/03/06 19:07:54 | 000,133,799 | ---- | C] () -- E:\My Documents\banjoclown3.jpg
[2011/03/04 21:13:27 | 000,061,494 | ---- | C] () -- E:\My Documents\banjoass.jpg
[2011/03/04 17:25:45 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/04 17:24:20 | 000,000,818 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox 4.0 Beta 12.lnk
[2011/03/04 09:22:07 | 000,002,453 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\HiJackThis.lnk
[2011/02/23 17:18:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/01/11 22:04:55 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 20:02:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/05 20:02:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/18 16:41:11 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/08/30 18:30:19 | 000,294,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/29 18:41:01 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/07/29 18:41:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/07/29 18:41:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/07/29 18:41:00 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/04/02 20:37:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/02 20:35:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/12 21:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/19 21:22:26 | 000,039,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/18 10:11:35 | 000,000,062 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/01 19:25:56 | 016,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/03/02 17:35:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009/02/15 21:59:53 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/15 09:23:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2009/01/03 10:25:50 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/04/23 22:48:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/23 22:48:55 | 000,002,556 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/13 22:21:20 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008/02/12 23:07:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/01/19 11:09:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/30 19:10:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/30 19:10:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/30 19:10:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/30 19:10:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/30 19:10:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/30 19:10:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/30 19:10:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/30 19:10:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/30 19:10:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/30 19:10:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/30 19:10:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/30 19:10:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/30 19:09:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2007/12/29 14:53:34 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/10 22:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/03/06 22:10:40 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/27 23:06:35 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/27 10:10:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/21 10:16:40 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/15 21:31:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/02/05 11:24:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/05 10:27:57 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2007/02/03 23:18:37 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/02 17:36:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/02 00:22:29 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2007/02/02 00:22:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/02 00:22:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2007/02/02 00:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/02/02 00:03:21 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/01 23:59:34 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2007/02/01 20:58:53 | 000,005,170 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/01 20:55:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/01 14:15:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 16:14:24 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/25 16:13:27 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 15:38:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/09/25 01:13:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/25 01:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/24 20:37:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/24 20:36:30 | 001,490,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/10 21:00:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07.BIN
[2002/08/12 09:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/03/21 20:22:41 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll

========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2010/12/02 18:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) Unable to obtain MD5 -- C:\WINDOWS\system32\deployJava1.dll
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2010/05/06 06:41:50 | 000,184,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iepeers.dll
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.exe /lockedfiles >
[2 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys >
[2011/03/31 11:11:16 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\1385E.sys
[2004/08/04 08:00:00 | 000,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/04 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2006/02/14 20:22:26 | 000,142,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys
[2004/08/04 08:00:00 | 000,036,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2004/08/04 08:00:00 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2004/08/04 08:00:00 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS
[2004/08/04 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/04 08:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/04 08:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys
[2004/08/04 08:00:00 | 000,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2003/03/13 20:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys
[2001/08/17 14:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys
[2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys
[2008/06/13 09:10:50 | 000,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2004/08/04 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2004/08/04 00:10:18 | 000,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\CCDECODE.sys
[2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2004/08/04 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/01/04 17:58:46 | 000,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2008/01/04 17:58:46 | 000,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys
[2004/08/04 08:00:00 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/04 08:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2004/08/04 08:00:00 | 000,049,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2004/08/04 08:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2004/08/04 08:00:00 | 000,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2004/08/04 08:00:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2004/08/04 08:00:00 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2004/08/04 08:00:00 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2004/08/04 08:00:00 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2004/08/03 23:07:40 | 000,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\DMusic.sys
[2004/08/03 23:08:00 | 000,060,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2004/08/03 23:07:58 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/04 08:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2004/08/04 08:00:00 | 000,071,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/04 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eubakup.sys
[2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\EuDisk.sys
[2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eudskacs.sys
[2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eufs.sys
[2004/08/04 08:00:00 | 000,143,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2004/08/04 08:00:00 | 000,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2004/08/04 08:00:00 | 000,034,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2004/08/04 08:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2006/08/21 05:14:58 | 000,128,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/04 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004/08/04 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2004/08/04 08:00:00 | 000,036,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2004/08/04 08:00:00 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2001/08/17 15:02:20 | 000,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2009/10/20 10:58:48 | 000,263,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2004/08/04 00:14:38 | 000,052,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2005/08/23 12:00:00 | 001,052,732 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2004/08/04 08:00:00 | 000,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2004/08/03 18:59:42 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2004/08/04 08:00:00 | 000,036,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2004/08/04 08:00:00 | 000,029,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/04 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2004/08/04 08:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2004/09/29 18:28:37 | 000,134,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2004/08/04 08:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2004/08/04 08:00:00 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2004/08/04 08:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2006/06/14 04:47:45 | 000,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2004/08/04 00:15:22 | 000,140,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/22 07:34:52 | 000,092,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2004/08/04 08:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys
[2004/08/04 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2004/08/04 08:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2004/08/03 23:58:34 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2004/08/04 08:00:00 | 000,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2007/12/18 05:51:35 | 000,179,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2010/02/24 08:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2004/08/04 08:00:00 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2004/08/04 08:00:00 | 000,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2004/08/03 22:58:42 | 000,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSKSSRV.sys
[2004/08/03 22:58:40 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPCLOCK.sys
[2004/08/03 22:58:42 | 000,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSPQM.sys
[2004/08/04 08:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2004/08/03 23:58:40 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MSTEE.sys
[2004/08/04 08:00:00 | 000,107,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2004/08/04 00:10:30 | 000,085,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NABTSFEC.sys
[2004/08/04 08:00:00 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/04 00:10:14 | 000,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\NdisIP.sys
[2004/08/04 08:00:00 | 000,009,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2004/08/04 08:00:00 | 000,012,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2004/08/04 08:00:00 | 000,091,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2004/08/04 08:00:00 | 000,038,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2004/08/04 08:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2004/08/04 08:00:00 | 000,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2004/08/04 08:00:00 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2004/08/04 08:00:00 | 000,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2007/02/09 07:10:35 | 000,574,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2007/08/31 12:58:20 | 000,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys
[2004/08/04 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/04 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2004/08/04 08:00:00 | 000,088,448 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2004/08/04 08:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2004/08/04 08:00:00 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2004/08/04 08:00:00 | 000,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/04 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2004/08/04 08:00:00 | 000,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2004/08/03 22:59:42 | 000,025,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2004/08/04 08:00:00 | 000,119,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2010/01/12 00:25:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2007/08/21 02:13:00 | 000,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys
[2004/08/03 23:15:50 | 000,145,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2004/08/04 08:00:00 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2004/08/04 08:00:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2008/01/04 17:58:46 | 000,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2004/08/04 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2004/08/04 08:00:00 | 000,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2004/08/04 08:00:00 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2004/08/04 08:00:00 | 000,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/04 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/04 08:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2006/05/05 05:47:57 | 000,174,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2004/08/03 23:01:16 | 000,196,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2005/06/10 00:09:46 | 000,139,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 18:59:38 | 000,057,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 08:28:49 | 000,202,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2004/08/04 08:00:00 | 000,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys
[2004/08/04 08:00:00 | 000,096,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2004/08/04 08:00:00 | 000,067,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2004/08/04 08:00:00 | 000,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2004/08/04 08:00:00 | 000,064,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2004/08/04 08:00:00 | 000,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2004/08/04 08:00:00 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2004/08/04 08:00:00 | 000,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2004/08/04 00:10:18 | 000,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\SLIP.sys
[2004/08/04 08:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2004/08/04 08:00:00 | 000,025,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcb.sys
[2001/11/05 10:23:20 | 000,038,739 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcc.sys
[2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcs.sys
[2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonypvs1.sys
[2006/06/14 04:47:46 | 000,006,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2004/08/04 08:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2009/12/31 12:14:12 | 000,352,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2004/08/03 23:08:04 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2004/08/04 00:10:14 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\StreamIP.sys
[2004/08/04 08:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2001/08/17 14:00:52 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2004/08/03 23:15:56 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2004/08/04 08:00:00 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 08:01:43 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2004/08/04 08:00:00 | 000,018,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2004/08/04 08:00:00 | 000,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2004/08/04 08:00:00 | 000,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2004/08/04 01:01:08 | 000,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 08:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2004/08/04 08:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2004/08/04 08:00:00 | 000,066,176 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2007/04/23 06:32:54 | 000,364,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2004/08/04 08:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2011/02/18 17:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2004/08/04 00:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys
[2004/08/04 08:00:00 | 000,023,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2004/08/04 08:00:00 | 000,023,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2004/08/04 00:08:48 | 000,031,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 08:00:00 | 000,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2004/08/04 08:00:00 | 000,026,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2004/08/04 08:00:00 | 000,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2004/08/04 08:00:00 | 000,016,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2004/08/04 08:00:00 | 000,142,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2004/08/04 00:01:26 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2004/08/03 23:58:46 | 000,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2004/08/04 00:08:48 | 000,026,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\USBSTOR.SYS
[2004/08/04 08:00:00 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2004/08/04 08:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2004/08/04 08:00:00 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2004/08/04 08:00:00 | 000,079,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2004/08/04 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX1000.sys
[2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys
[2008/08/04 17:22:22 | 000,036,240 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\system32\drivers\VX6KCamd.sys
[2004/08/04 08:00:00 | 000,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006/11/02 08:22:52 | 000,032,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2006/06/14 05:00:45 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 08:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 21:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2004/08/04 00:10:22 | 000,019,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WSTCODEC.SYS
[2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:30 pm

I'm trying to post the rest...

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:31 pm

< %systemroot%\system32\drivers\*.dll >
[2004/08/04 01:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2001/07/03 21:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< %SYSTEMDRIVE%\*.* >
[2010/01/22 22:24:24 | 000,051,740 | ---- | M] () -- C:\aaw7boot.log
[2006/09/25 16:14:35 | 000,001,056 | ---- | M] () -- C:\ALCSetup.log
[2006/09/25 16:14:36 | 000,000,189 | ---- | M] () -- C:\Audio.log
[2006/09/25 01:10:35 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/29 18:42:15 | 000,007,789 | ---- | M] () -- C:\avi_log.txt
[2011/03/29 22:36:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2009/08/10 20:22:18 | 000,000,412 | ---- | M] () -- C:\CD3rdPartyWrapper.log
[2006/09/25 01:10:35 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/05 12:00:57 | 000,015,333 | ---- | M] () -- C:\CybDefInstallInfo.log
[2011/03/21 10:28:55 | 000,076,056 | ---- | M] () -- C:\DC6810xp-001.raw
[2011/01/11 09:50:21 | 000,028,638 | ---- | M] () -- C:\drwtsn32.log
[2010/03/06 08:29:38 | 000,000,055 | ---- | M] () -- C:\DVDPATH.TXT
[2011/02/23 17:03:45 | 000,194,748 | -HS- | M] () -- C:\EASEUSLD.LDR
[2008/10/17 21:23:50 | 000,921,624 | ---- | M] () -- C:\img2-001.raw
[2006/09/25 01:10:35 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/03/23 21:28:19 | 000,002,320 | -H-- | M] () -- C:\IPH.PH
[2006/09/25 01:10:35 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 08:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/04/02 06:48:50 | 2137,505,792 | -HS- | M] () -- C:\pagefile.sys
[2011/03/04 00:37:30 | 000,000,553 | ---- | M] () -- C:\rkill.log
[2008/05/17 15:42:41 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/01/21 21:14:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2008/05/17 15:42:41 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/01/21 21:14:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2011/04/02 11:39:22 | 000,041,692 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_02.04.2011_11.35.09_log.txt
[2008/03/09 07:37:28 | 000,000,432 | ---- | M] () -- C:\temp.txt
[2007/03/08 23:22:53 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %PROGRAMFILES%\*. >
[2007/02/03 14:44:01 | 000,000,000 | ---D | M] -- C:\Program Files\360Share Pro
[2008/02/16 10:57:11 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2007/02/01 13:19:24 | 000,000,000 | ---D | M] -- C:\Program Files\Ahead
[2007/03/07 09:32:39 | 000,000,000 | ---D | M] -- C:\Program Files\Allume Systems
[2010/01/10 23:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Alwil Software
[2008/09/27 17:55:57 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2007/12/30 19:42:51 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2009/12/01 22:07:49 | 000,000,000 | ---D | M] -- C:\Program Files\AskBarDis
[2010/11/14 08:01:21 | 000,000,000 | ---D | M] -- C:\Program Files\Attainment
[2009/02/26 00:21:33 | 000,000,000 | ---D | M] -- C:\Program Files\Audacity 1.3 Beta (Unicode)
[2008/02/10 11:44:42 | 000,000,000 | ---D | M] -- C:\Program Files\AutoCAD 2008
[2008/02/10 11:13:16 | 000,000,000 | ---D | M] -- C:\Program Files\Autodesk
[2008/02/15 13:46:56 | 000,000,000 | ---D | M] -- C:\Program Files\AutoDWG
[2011/03/30 20:27:46 | 000,000,000 | ---D | M] -- C:\Program Files\AVG
[2010/12/31 11:41:14 | 000,000,000 | ---D | M] -- C:\Program Files\Azureus
[2008/01/22 22:37:24 | 000,000,000 | ---D | M] -- C:\Program Files\BitTorrent
[2011/02/10 12:13:45 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2009/01/03 14:07:55 | 000,000,000 | ---D | M] -- C:\Program Files\Boulder Remake 2.1
[2007/02/02 00:21:51 | 000,000,000 | ---D | M] -- C:\Program Files\Brother
[2010/09/24 20:21:28 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2010/07/07 16:29:31 | 000,000,000 | -H-D | M] -- C:\Program Files\CanonBJ
[2011/02/22 16:27:53 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2006/09/25 01:07:07 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/07/27 18:43:04 | 000,000,000 | ---D | M] -- C:\Program Files\Conduit
[2011/02/24 17:43:27 | 000,000,000 | ---D | M] -- C:\Program Files\ConduitEngine
[2010/07/29 18:40:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2007/02/01 14:04:09 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/12/10 21:58:39 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2010/01/16 23:31:54 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/01/13 20:47:34 | 000,000,000 | ---D | M] -- C:\Program Files\DzSoft
[2011/02/23 17:02:53 | 000,000,000 | ---D | M] -- C:\Program Files\EASEUS
[2007/02/05 12:02:29 | 000,000,000 | ---D | M] -- C:\Program Files\eMusic Download Manager
[2007/12/30 19:43:26 | 000,000,000 | ---D | M] -- C:\Program Files\EPSON
[2008/01/05 14:28:29 | 000,000,000 | ---D | M] -- C:\Program Files\Exact Audio Copy
[2011/01/11 09:38:36 | 000,000,000 | ---D | M] -- C:\Program Files\ffdshow
[2008/12/24 09:56:20 | 000,000,000 | ---D | M] -- C:\Program Files\Fisher-Price
[2009/03/05 14:52:23 | 000,000,000 | ---D | M] -- C:\Program Files\foobar2000
[2009/02/26 14:31:48 | 000,000,000 | ---D | M] -- C:\Program Files\Free Offers from Freeze.com
[2007/02/28 13:26:31 | 000,000,000 | ---D | M] -- C:\Program Files\GameTap
[2009/07/03 01:15:56 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2010/06/05 08:05:18 | 000,000,000 | ---D | M] -- C:\Program Files\Graboid
[2007/02/01 22:28:41 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2009/05/16 16:42:38 | 000,000,000 | ---D | M] -- C:\Program Files\HERACTSTG
[2007/02/05 10:34:06 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/04/10 13:50:01 | 000,000,000 | ---D | M] -- C:\Program Files\HOTLLAMA Media
[2007/12/10 22:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\Infogrames
[2011/01/11 09:41:55 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2006/09/25 16:06:18 | 000,000,000 | ---D | M] -- C:\Program Files\Intel
[2010/02/25 13:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2010/12/27 17:42:16 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2011/03/15 08:53:58 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2010/01/20 10:18:52 | 000,000,000 | ---D | M] -- C:\Program Files\IrfanView

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:35 pm

I'm having trouble sending all of this. it's infuriating.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:36 pm

[2011/03/15 08:56:33 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2010/12/02 18:35:39 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2011/03/04 11:03:34 | 000,000,000 | ---D | M] -- C:\Program Files\Lame For Audacity
[2010/01/22 22:49:31 | 000,000,000 | ---D | M] -- C:\Program Files\Lavasoft
[2008/02/05 23:42:31 | 000,000,000 | ---D | M] -- C:\Program Files\MagicDisc
[2008/02/05 22:35:26 | 000,000,000 | ---D | M] -- C:\Program Files\MagicISO
[2010/10/18 17:08:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mattel Interactive
[2008/08/13 03:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2007/02/02 17:32:16 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2008/01/07 21:38:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2009/01/03 10:25:23 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft LifeCam
[2008/02/10 11:12:13 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2011/02/27 13:36:00 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2010/03/11 01:27:24 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2010/06/05 08:05:15 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla ActiveX Control v1.7.12
[2011/03/04 17:19:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2011/03/20 09:08:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox 4.0 Beta 12
[2011/01/18 11:21:50 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird
[2007/12/30 22:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\MP4Converter
[2007/02/01 13:53:34 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2006/09/25 01:05:47 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2006/09/25 01:06:20 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2008/02/25 04:02:31 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/15 03:03:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2007/02/06 10:21:41 | 000,000,000 | ---D | M] -- C:\Program Files\MTV Networks
[2006/09/25 01:08:00 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/03/02 17:34:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetObjects
[2006/09/25 01:08:43 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2011/02/24 11:37:41 | 000,000,000 | ---D | M] -- C:\Program Files\Opera

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:37 pm

[2010/05/13 03:00:29 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2007/12/03 06:34:24 | 000,000,000 | ---D | M] -- C:\Program Files\PCI Screen Saver
[2009/02/16 23:06:45 | 000,000,000 | ---D | M] -- C:\Program Files\PDF Editor 2
[2009/12/20 13:14:48 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2010/12/26 19:55:50 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2006/09/25 16:13:06 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2007/02/01 13:46:24 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2007/12/10 23:25:10 | 000,000,000 | ---D | M] -- C:\Program Files\RLC
[2010/10/21 20:21:57 | 000,000,000 | ---D | M] -- C:\Program Files\Sarm Software
[2007/02/02 00:02:23 | 000,000,000 | ---D | M] -- C:\Program Files\Scansoft
[2009/01/07 20:00:17 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2010/01/22 22:23:23 | 000,000,000 | ---D | M] -- C:\Program Files\Shared
[2008/01/03 09:18:09 | 000,000,000 | ---D | M] -- C:\Program Files\Shutterfly
[2011/02/22 16:28:01 | 000,000,000 | R--D | M] -- C:\Program Files\Skype
[2008/02/12 23:07:25 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2007
[2008/04/13 20:52:09 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDraw 2008
[2008/02/03 09:31:43 | 000,000,000 | ---D | M] -- C:\Program Files\SmartDVDCreator
[2011/01/11 09:44:32 | 000,000,000 | ---D | M] -- C:\Program Files\Spybot - Search & Destroy
[2007/02/27 15:39:31 | 000,000,000 | ---D | M] -- C:\Program Files\Stamps.com Internet Postage
[2011/03/26 14:39:11 | 000,000,000 | ---D | M] -- C:\Program Files\SUPERAntiSpyware
[2007/02/01 20:09:44 | 000,000,000 | ---D | M] -- C:\Program Files\Thomson
[2011/03/04 09:22:07 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2009/02/23 23:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2009/05/16 17:03:37 | 000,000,000 | ---D | M] -- C:\Program Files\twc
[2008/02/10 11:16:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2009/02/15 19:57:25 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2007/03/07 09:05:16 | 000,000,000 | ---D | M] -- C:\Program Files\VideoProfessor
[2007/02/27 23:10:15 | 000,000,000 | ---D | M] -- C:\Program Files\Viewpoint
[2008/02/24 21:00:50 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2011/03/31 06:15:48 | 000,000,000 | ---D | M] -- C:\Program Files\VS Revo Group
[2011/01/11 09:37:49 | 000,000,000 | ---D | M] -- C:\Program Files\VSO
[2009/03/15 14:33:54 | 000,000,000 | ---D | M] -- C:\Program Files\VTech

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:42 pm

still more to come...I keep getting screen that says the server connection was reset...

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 4:43 pm


[2010/11/23 18:48:19 | 000,000,000 | ---D | M] -- C:\Program Files\Vuze_Remote
[2007/12/29 14:38:39 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Live
[2007/02/01 13:43:56 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2007/02/01 13:43:54 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2006/09/25 01:06:11 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 9:36 pm

I still have about 30 more lines to post...
but I can't!!!!!!!!!!!!

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat Apr 02, 2011 9:37 pm

why can I post this, but not the logfile?

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sun Apr 03, 2011 11:16 am


[2006/09/25 01:08:46 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/01/20 23:49:43 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2009/06/06 08:09:04 | 000,000,000 | ---D | M] -- C:\Program Files\XemiComputers
[2006/09/25 01:10:42 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2008/03/09 07:37:14 | 000,000,000 | ---D | M] -- C:\Program Files\Xilisoft
[2010/11/05 20:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Xvid
[2009/01/15 17:02:07 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!


< MD5 for: ATAPI.SYS >
[2004/08/04 08:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 08:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2004/08/04 08:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtUninstallKB938828$\explorer.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\dllcache\userinit.exe
[2004/08/04 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\dllcache\winlogon.exe
[2004/08/04 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\winlogon.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sun Apr 03, 2011 11:17 am

there we go...finally.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Mon Apr 04, 2011 10:24 am

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

:files
C:WINDOWS\Temp\srv8D4.tmp
C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
C:\WINDOWS\System32\drivers\1385E.sys
C:\WINDOWS\cadkasdeinst01e.exe

:services
srv8D4

:otl
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS

:commands
[resethosts]
[reboot]
  • Then click the Run Fix button at the top.
  • Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  • If it asks to reboot the computer, allow it to reboot.
  • If the program freezes, and the computer fails to reboot - let me know.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 04, 2011 10:50 am

OTL logfile created on: 4/4/2011 6:45:03 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeremy C\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 81.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.07 Gb Free Space | 65.84% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 45.74 Gb Free Space | 39.95% Space Free | Partition Type: NTFS

Computer Name: MY-A2A4159540F8 | User Name: Jeremy C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
PRC - [2011/01/22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
MOD - [2006/08/25 11:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/01 09:16:41 | 000,029,696 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp] -- (srv8D4)
SRV - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2009/04/02 13:47:04 | 000,234,888 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 13:47:02 | 000,464,264 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/02/16 10:39:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/10 11:44:49 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/23 10:00:52 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/04 08:00:00 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2004/08/04 08:00:00 | 000,012,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b82861b&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:16:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/03/20 09:07:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/26 23:51:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/04/11 19:10:20 | 000,000,000 | ---D | M]

[2011/02/28 09:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions
[2011/01/24 09:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/03/27 13:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions
[2011/03/01 13:20:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/28 09:54:55 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/28 09:54:56 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/03 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 18:36:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\FFEXT@FBBUTTON.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2010/12/02 18:35:42 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/12/02 18:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found.
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\tbVuz1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 01:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell - "" = AutoRun
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/02 11:34:21 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/04/02 11:34:07 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/03/31 11:11:10 | 000,546,816 | ---- | C] (TFTC) -- C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[2011/03/31 06:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Start Menu\Programs\Revo Uninstaller
[2011/03/31 06:15:48 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2011/03/31 06:15:13 | 002,649,016 | ---- | C] (VS Revo Group Ltd.) -- C:\Documents and Settings\Jeremy C\Desktop\revosetup.exe
[2011/03/30 22:15:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/03/30 20:28:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/03/30 20:23:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/30 20:23:35 | 004,738,880 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Jeremy C\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/30 13:58:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/03/30 11:58:17 | 006,238,248 | ---- | C] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeremy C\Desktop\AppRemover.exe
[2011/03/30 11:47:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/27 13:53:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/03/27 13:52:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/26 23:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Thunderbird
[2011/03/26 23:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Thunderbird
[2011/03/26 11:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple Computer
[2011/03/26 11:59:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Apple Computer
[2011/03/25 22:02:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/03/25 00:32:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/25 00:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/03/24 20:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/03/24 20:42:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/03/24 20:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/24 20:08:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/15 09:10:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/15 08:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/15 08:53:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/14 09:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Desktop\Resume etc
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 06:39:49 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/04 06:37:15 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/02 11:34:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/04/02 11:34:00 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/04/02 07:21:53 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 11:11:16 | 000,118,272 | ---- | M] () -- C:\WINDOWS\System32\drivers\1385E.sys
[2011/03/31 11:11:10 | 000,546,816 | ---- | M] (TFTC) -- C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[2011/03/31 06:15:49 | 000,000,917 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\Revo Uninstaller.lnk
[2011/03/31 06:15:03 | 002,649,016 | ---- | M] (VS Revo Group Ltd.) -- C:\Documents and Settings\Jeremy C\Desktop\revosetup.exe
[2011/03/30 20:23:32 | 004,738,880 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Jeremy C\Desktop\avg_free_stb_all_2011_1204_cnet.exe
[2011/03/30 20:21:37 | 004,310,058 | R--- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\ComboFix.exe
[2011/03/30 20:14:18 | 000,002,162 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/03/30 11:18:22 | 006,238,248 | ---- | M] (OPSWAT, Inc.) -- C:\Documents and Settings\Jeremy C\Desktop\AppRemover.exe
[2011/03/30 07:12:44 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\HiJackThis.lnk
[2011/03/29 22:36:52 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/03/29 22:36:36 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2011/03/29 11:10:28 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/22 21:45:39 | 000,025,261 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\166878_1776834749666_1503290023_3208419_4722233_n.jpg
[2011/03/21 10:28:55 | 000,076,056 | ---- | M] () -- C:\DC6810xp-001.raw
[2011/03/15 16:06:37 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/14 09:57:03 | 000,011,201 | ---- | M] () -- E:\My Documents\Professional References.pdf
[2011/03/14 09:55:03 | 000,009,000 | ---- | M] () -- E:\My Documents\cover letter.pdf
[2011/03/13 11:40:29 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 11:40:29 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/07 09:41:42 | 000,025,556 | ---- | M] () -- E:\My Documents\banjoclown3a.jpg
[2011/03/06 19:07:54 | 000,133,799 | ---- | M] () -- E:\My Documents\banjoclown3.jpg
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/31 11:11:16 | 000,118,272 | ---- | C] () -- C:\WINDOWS\System32\drivers\1385E.sys
[2011/03/31 06:15:49 | 000,000,917 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\Revo Uninstaller.lnk
[2011/03/30 20:21:43 | 004,310,058 | R--- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\ComboFix.exe
[2011/03/22 21:43:59 | 000,025,261 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\166878_1776834749666_1503290023_3208419_4722233_n.jpg
[2011/03/15 16:06:37 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/03/14 09:57:00 | 000,011,201 | ---- | C] () -- E:\My Documents\Professional References.pdf
[2011/03/14 09:54:49 | 000,009,000 | ---- | C] () -- E:\My Documents\cover letter.pdf
[2011/03/07 09:41:40 | 000,025,556 | ---- | C] () -- E:\My Documents\banjoclown3a.jpg
[2011/03/06 19:07:54 | 000,133,799 | ---- | C] () -- E:\My Documents\banjoclown3.jpg
[2011/02/23 17:18:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/01/11 22:04:55 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/05 20:02:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/05 20:02:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/18 16:41:11 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/08/30 18:30:19 | 000,294,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/29 18:41:01 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/07/29 18:41:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/07/29 18:41:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/07/29 18:41:00 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/04/02 20:37:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/02 20:35:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/12 21:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/19 21:22:26 | 000,039,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/18 10:11:35 | 000,000,062 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/01 19:25:56 | 016,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/03/02 17:35:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009/02/15 21:59:53 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/15 09:23:12 | 000,074,752 | ---- | C] () -- C:\WINDOWS\cadkasdeinst01e.exe
[2009/01/03 10:25:50 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/04/23 22:48:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/23 22:48:55 | 000,002,556 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/13 22:21:20 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008/02/12 23:07:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/01/19 11:09:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/30 19:10:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/30 19:10:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/30 19:10:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/30 19:10:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/30 19:10:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/30 19:10:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/30 19:10:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/30 19:10:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/30 19:10:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/30 19:10:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/30 19:10:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/30 19:10:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/30 19:09:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2007/12/29 14:53:34 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/10 22:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/03/06 22:10:40 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/27 23:06:35 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/27 10:10:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/21 10:16:40 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/15 21:31:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/02/05 11:24:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/05 10:27:57 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2007/02/03 23:18:37 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/02 17:36:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/02 00:22:29 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2007/02/02 00:22:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/02 00:22:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2007/02/02 00:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/02/02 00:03:21 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/01 23:59:34 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2007/02/01 20:58:53 | 000,005,170 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/01 20:55:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/01 14:15:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 16:14:24 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/25 16:13:27 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 15:38:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/09/25 01:13:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/25 01:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/24 20:37:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/24 20:36:30 | 001,490,576 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,124 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,060 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/10 21:00:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07.BIN
[2002/08/12 09:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/03/21 20:22:41 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll

========== Custom Scans ==========


< C:WINDOWS\Temp\srv8D4.tmp >

< C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe >
[2011/03/31 11:11:10 | 000,546,816 | ---- | M] (TFTC) -- C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe

< C:\WINDOWS\System32\drivers\1385E.sys >
[2011/03/31 11:11:16 | 000,118,272 | ---- | M] () -- C:\WINDOWS\system32\drivers\1385E.sys

< C:\WINDOWS\cadkasdeinst01e.exe >
[2009/01/15 09:23:12 | 000,074,752 | ---- | M] () -- C:\WINDOWS\cadkasdeinst01e.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< >

< :services >

< srv8D4 >

< >

< :otl >

~[Filtered]~

< O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - No CLSID value found. >

< O3 - HKLM\..\Toolbar: (MyIdentityDefender) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - File not found >

< O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. >

< O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found >

< O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found >

< O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell - "" = AutoRun >

< O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun - "" = Auto&Play >

< O33 - MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS >

< O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell - "" = AutoRun >

< O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun - "" = Auto&Play >

< O33 - MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS >

< >

< :commands >

< [resethosts] >

< [reboot] >

========== Alternate Data Streams ==========

@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 04, 2011 10:56 am

by the way, it didn't ask to reboot.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Mon Apr 04, 2011 10:59 am

I think you clicked the run scan button, you need to click the run fix button after pasting the script.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 04, 2011 11:01 am

oops.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 04, 2011 11:07 am

========== FILES ==========
File\Folder C:WINDOWS\Temp\srv8D4.tmp not found.
C:\Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe moved successfully.
C:\WINDOWS\System32\drivers\1385E.sys moved successfully.
C:\WINDOWS\cadkasdeinst01e.exe moved successfully.
========== SERVICES/DRIVERS ==========
Service srv8D4 stopped successfully!
Service srv8D4 deleted successfully!
========== OTL ==========
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{259F616C-A300-44F5-B04A-ED001A26C85C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259F616C-A300-44F5-B04A-ED001A26C85C}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\linkscanner\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1}\ deleted successfully.
File {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c2ab248-fe76-11df-984e-001558528a6f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4f3aaf87-ec51-11df-9847-001558528a6f}\ not found.
File C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL svcl32.VBS not found.
========== COMMANDS ==========
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_070230

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Tue Apr 05, 2011 5:43 pm

Please download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.].

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
  • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  • Click OK to either and let MBAM proceed with the disinfection process.
  • If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Tue Apr 05, 2011 7:35 pm

Malwarebytes' Anti-Malware 1.50.1.1100
[You must be registered and logged in to see this link.]

Database version: 6280

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

4/5/2011 3:34:04 PM
mbam-log-2011-04-05 (15-34-04).txt

Scan type: Quick scan
Objects scanned: 252894
Time elapsed: 26 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\WINDOWS\Temp\1453E8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\-213E8.tmp (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed Apr 06, 2011 10:23 am

How is your computer running now?

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Apr 06, 2011 11:03 am

internet is painstakingly slow. I've tried it connected to my wife's laptop and it runs at normal speed. websites load slowly, youtube videos won't play. super slow.

I can't log off or shut down...the computer freezes during the log off process.

aside from that, things seem fine. here's another hijack this log, just in case something else crept in in the meantime...what do you recommend for anti virus? I use AVG because it's free, and everyone else seems to use it, but I'm open to suggestions.


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:02:08 AM, on 4/6/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVGIDSAgent - Unknown owner - C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (file missing)
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9fb9d112482d4) (gupdate1c9fb9d112482d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 7370 bytes


Last edited by jeremypc on Wed Apr 06, 2011 11:04 am; edited 1 time in total (Reason for editing : i forgot a detail)

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu Apr 07, 2011 11:56 pm

in order to get any internet access, I need to reboot my computer (by manually turning it off and back on) then, It works like normal for a while, but after an hour or so, it doesn't work at all and I have to go through the manual reboot process all over again. non internet programs operate fine.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri Apr 08, 2011 7:03 am

Ok, we try a rootkit scan.

Download GMER Rootkit Scanner from [You must be registered and logged in to see this link.] and save it to your desktop.
Note that it will have a random name.

  • Double click the file to run the tool. It may take a while to load.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan, click No
  • In the right panel, you will see several boxes that have been checked
  • Make sure this is unchecked: Show All
  • Make sure only your system drive (usually C:\) is checked and uncheck all other drives you might have on your system
  • Click Scan to start the scan
  • When it has finished, click Save and save the log as gmer.txt on your desktop
  • If GMER reports any <--- ROOTKIT entries, don´t take any action. It could be a false positive.
  • Click OK and quit the GMER program.
  • Please post the contents of gmer.txt in your next reply.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri Apr 08, 2011 5:17 pm

the scan was stopped because GMER found a modifictation to the rootkit (that was the gist of the message)???

either way, I don't think the scan completed as it should have...

here's the log:


GMER 1.0.15.15570 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-08 13:14:58
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380211AS rev.3.AAE
Running: myqodzvz.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\ufgyqkog.sys


---- Kernel code sections - GMER 1.0.15 ----

.text KDCOM.DLL!KdSendPacket + FFFFF193 BA4B8345 165 Bytes [FE, FF, 8B, F0, 85, F6, 7C, ...]
.text KDCOM.DLL!KdDebuggerInitialize0 + 45 BA4B83EB 106 Bytes [8B, CA, B8, 20, 00, 01, 00, ...]
.text KDCOM.DLL!KdSave BA4B8456 80 Bytes [FD, FF, FF, 8B, BD, C0, FC, ...]
.text KDCOM.DLL!KdRestore + 47 BA4B84A7 14 Bytes [56, 68, 6E, 5A, 4F, 00, 56, ...] {PUSH ESI; PUSH 0x4f5a6e; PUSH ESI; PUSH EDI; LEA EAX, [EBP-0x330]}
.text KDCOM.DLL!KdRestore + 56 BA4B84B6 178 Bytes CALL BA3EC8B6
.text KDCOM.DLL!KdRestore + 109 BA4B8569 83 Bytes [10, FF, 75, FC, FF, 75, 0C, ...]
.text KDCOM.DLL!KdRestore + 15D BA4B85BD 16 Bytes CALL 174CA9C4
.text KDCOM.DLL!KdRestore + 16E BA4B85CE 7 Bytes [55, 8B, EC, 8B, 45, 08, FF]
.text ...
PAGEKD KDCOM.DLL!KdReceivePacket + 5C BA4B8FA8 1 Byte [00]
PAGEKD KDCOM.DLL!KdReceivePacket + 5C BA4B8FA8 47 Bytes [00, 00, FF, D0, 53, FF, 75, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + 8C BA4B8FD8 91 Bytes [8B, 4D, C8, BA, 02, 00, 00, ...]
PAGEKD KDCOM.DLL!KdReceivePacket + E8 BA4B9034 2 Bytes [32, F6] {XOR DH, DH}
PAGEKD KDCOM.DLL!KdReceivePacket + EB BA4B9037 55 Bytes [4D, 00, 00, 00, 00, A8, 10, ...]
PAGEKD ...
PAGEKD KDCOM.DLL!KdSendPacket + 20 BA4B91D2 94 Bytes [0B, 3A, 41, 01, 75, 0F, 83, ...]
PAGEKD KDCOM.DLL!KdSendPacket + 7F BA4B9231 59 Bytes [89, 45, F8, FF, 15, 00, 90, ...]
PAGEKD KDCOM.DLL!KdSendPacket + BB BA4B926D 11 Bytes [F3, A4, 8B, 4D, F8, 8B, 79, ...]
PAGEKD KDCOM.DLL!KdSendPacket + C7 BA4B9279 52 Bytes [33, C9, 03, FA, 66, 3B, 4B, ...]

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD0Transition] [BA4B971A] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdD3Transition] [BA4B9724] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdRestore] [BA4B97C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdReceivePacket] [BA4B97DC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize0] [BA4B97A0] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSave] [BA4B97BA] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdDebuggerInitialize1] [BA4B97AC] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\ntkrnlpa.exe[KDCOM.dll!KdSendPacket] [BA4B97D2] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\hal.dll[KDCOM.dll!KdRestore] [BA4B97C6] \WINDOWS\system32\KDCOM.DLL (Kernel Debugger HW Extension DLL/Microsoft Corporation)
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!READ_PORT_UCHAR] 8BFFFFFC
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!WRITE_PORT_UCHAR] 43E8E44D
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalQueryRealTimeClock] E8FFF26E
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!HalInitSystem] FFF7104B
IAT \WINDOWS\system32\KDCOM.DLL[HAL.dll!KdComPortInUse] CC000CC2

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk1\DR1 TDL4@MBR code has been found <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Sun Apr 10, 2011 5:35 am

aha, OK the nasty bugger you had, has not been removed or has come back.
We try again.
  • Download TDSSKiller by Kaspersky from [You must be registered and logged in to see this link.] and save it to your Desktop
  • Doubleclick TDSSKiller.exe to run the tool
  • Click the Start Scan button
  • After the scan has finished, click the Close button
  • Click the Report button and copy/paste the contents of it into your next reply
  • The report can also be found in the root of your Windows drive (most likely C:\).

====================

Reboot after this and rerun the GMER scan, please.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sun Apr 10, 2011 10:35 pm

2011/04/10 08:44:19.0609 0308 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/10 08:44:19.0625 0308 ================================================================================
2011/04/10 08:44:19.0625 0308 SystemInfo:
2011/04/10 08:44:19.0625 0308
2011/04/10 08:44:19.0625 0308 OS Version: 5.1.2600 ServicePack: 2.0
2011/04/10 08:44:19.0625 0308 Product type: Workstation
2011/04/10 08:44:19.0625 0308 ComputerName: MY-A2A4159540F8
2011/04/10 08:44:19.0640 0308 UserName: Jeremy C
2011/04/10 08:44:19.0640 0308 Windows directory: C:\WINDOWS
2011/04/10 08:44:19.0640 0308 System windows directory: C:\WINDOWS
2011/04/10 08:44:19.0640 0308 Processor architecture: Intel x86
2011/04/10 08:44:19.0640 0308 Number of processors: 1
2011/04/10 08:44:19.0640 0308 Page size: 0x1000
2011/04/10 08:44:19.0640 0308 Boot type: Normal boot
2011/04/10 08:44:19.0640 0308 ================================================================================
2011/04/10 08:44:19.0937 0308 Initialize success
2011/04/10 08:44:32.0515 0240 ================================================================================
2011/04/10 08:44:32.0515 0240 Scan started
2011/04/10 08:44:32.0515 0240 Mode: Manual;
2011/04/10 08:44:32.0515 0240 ================================================================================
2011/04/10 08:44:32.0953 0240 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/04/10 08:44:33.0062 0240 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/04/10 08:44:33.0250 0240 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/04/10 08:44:33.0406 0240 Afc (a7b8a3a79d35215d798a300df49ed23f) C:\WINDOWS\system32\drivers\Afc.sys
2011/04/10 08:44:33.0531 0240 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2011/04/10 08:44:33.0625 0240 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
2011/04/10 08:44:34.0093 0240 ALCXWDM (34fc779e3ce6964546e02596acc8ff48) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/04/10 08:44:35.0015 0240 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/04/10 08:44:35.0140 0240 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/04/10 08:44:35.0250 0240 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/04/10 08:44:35.0437 0240 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/04/10 08:44:35.0578 0240 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/04/10 08:44:35.0734 0240 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/04/10 08:44:35.0890 0240 brfilt (4ba311473e0d8557827e6f2fe33a8095) C:\WINDOWS\system32\Drivers\Brfilt.sys
2011/04/10 08:44:36.0031 0240 BrSerWDM (791ef93168dcf057715493d607e37983) C:\WINDOWS\system32\Drivers\BrSerWdm.sys
2011/04/10 08:44:36.0140 0240 BrUsbMdm (37e2d0b12ddf536cd64af6eb3b580ef8) C:\WINDOWS\system32\Drivers\BrUsbMdm.sys
2011/04/10 08:44:36.0250 0240 BrUsbScn (1c5f014048e5b2748c1a8ad297c50b6f) C:\WINDOWS\system32\Drivers\BrUsbScn.sys
2011/04/10 08:44:36.0375 0240 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/04/10 08:44:36.0500 0240 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/04/10 08:44:36.0734 0240 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/04/10 08:44:36.0843 0240 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/04/10 08:44:36.0953 0240 cdrbsvsd (7fc46240546c16c0448c29c9d233b915) C:\WINDOWS\system32\drivers\cdrbsvsd.sys
2011/04/10 08:44:37.0062 0240 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/04/10 08:44:37.0687 0240 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/04/10 08:44:37.0843 0240 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2011/04/10 08:44:38.0031 0240 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2011/04/10 08:44:38.0156 0240 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/04/10 08:44:38.0265 0240 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/04/10 08:44:38.0484 0240 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/04/10 08:44:38.0640 0240 EUBAKUP (3e5ddbd7405ad6f59f0646a15c754079) C:\WINDOWS\system32\drivers\eubakup.sys
2011/04/10 08:44:38.0781 0240 EuDisk (155666649521732bd4cc1a10823515f0) C:\WINDOWS\system32\DRIVERS\EuDisk.sys
2011/04/10 08:44:38.0906 0240 EUDSKACS (1acc054dfcc3a53cdbc8cfd6b111346f) C:\WINDOWS\system32\drivers\eudskacs.sys
2011/04/10 08:44:39.0031 0240 EUFS (a0dea491ac141207b348013725651044) C:\WINDOWS\system32\drivers\eufs.sys
2011/04/10 08:44:39.0156 0240 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/04/10 08:44:39.0296 0240 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/04/10 08:44:39.0406 0240 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2011/04/10 08:44:39.0531 0240 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/04/10 08:44:39.0687 0240 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/04/10 08:44:39.0859 0240 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/04/10 08:44:39.0968 0240 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/04/10 08:44:40.0109 0240 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/04/10 08:44:40.0218 0240 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/04/10 08:44:40.0375 0240 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/04/10 08:44:40.0593 0240 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/04/10 08:44:40.0875 0240 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/04/10 08:44:41.0015 0240 ialm (afa7c99d211a2aff21a287bc4264cde6) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/04/10 08:44:41.0156 0240 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/04/10 08:44:41.0390 0240 IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/04/10 08:44:41.0500 0240 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/04/10 08:44:41.0640 0240 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/04/10 08:44:41.0750 0240 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/04/10 08:44:41.0859 0240 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/04/10 08:44:41.0984 0240 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/04/10 08:44:42.0203 0240 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/04/10 08:44:42.0312 0240 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/04/10 08:44:42.0453 0240 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/04/10 08:44:42.0578 0240 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/04/10 08:44:42.0687 0240 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2011/04/10 08:44:42.0828 0240 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/04/10 08:44:43.0171 0240 mcdbus (f922b609524cf1ed66a1a109f3ce014f) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
2011/04/10 08:44:43.0312 0240 mf (729d83e56c29c510258a6e9e79ffddc3) C:\WINDOWS\system32\DRIVERS\mf.sys
2011/04/10 08:44:43.0421 0240 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/04/10 08:44:43.0546 0240 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2011/04/10 08:44:43.0656 0240 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/04/10 08:44:43.0796 0240 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/04/10 08:44:43.0906 0240 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/04/10 08:44:44.0109 0240 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/04/10 08:44:44.0250 0240 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/04/10 08:44:44.0406 0240 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/04/10 08:44:44.0546 0240 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/04/10 08:44:44.0656 0240 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/04/10 08:44:44.0796 0240 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/04/10 08:44:44.0906 0240 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/04/10 08:44:45.0031 0240 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/04/10 08:44:45.0171 0240 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/04/10 08:44:45.0312 0240 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/04/10 08:44:45.0437 0240 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/04/10 08:44:45.0578 0240 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/04/10 08:44:45.0703 0240 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/04/10 08:44:45.0828 0240 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/04/10 08:44:45.0953 0240 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/04/10 08:44:46.0062 0240 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/04/10 08:44:46.0156 0240 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/04/10 08:44:46.0281 0240 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/04/10 08:44:46.0437 0240 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/04/10 08:44:46.0578 0240 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/04/10 08:44:46.0750 0240 NuidFltr (e8717d9b0d1919cadafd8896a8e23e17) C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
2011/04/10 08:44:46.0843 0240 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/04/10 08:44:46.0953 0240 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/04/10 08:44:47.0062 0240 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/04/10 08:44:47.0171 0240 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/04/10 08:44:47.0296 0240 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/04/10 08:44:47.0406 0240 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/04/10 08:44:47.0531 0240 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/04/10 08:44:47.0734 0240 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/04/10 08:44:47.0843 0240 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/04/10 08:44:47.0984 0240 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/04/10 08:44:48.0703 0240 Point32 (b4f59a953ef9e507f0d00c3a68580b8b) C:\WINDOWS\system32\DRIVERS\point32.sys
2011/04/10 08:44:48.0812 0240 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/04/10 08:44:48.0968 0240 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/04/10 08:44:49.0078 0240 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/04/10 08:44:49.0203 0240 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/04/10 08:44:49.0781 0240 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/04/10 08:44:49.0906 0240 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/04/10 08:44:50.0046 0240 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/04/10 08:44:50.0156 0240 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/04/10 08:44:50.0265 0240 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/04/10 08:44:50.0390 0240 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/04/10 08:44:50.0515 0240 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/04/10 08:44:50.0656 0240 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/04/10 08:44:50.0812 0240 RTL8023xp (7889e3981e0a5d347e037abd467d53a5) C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys
2011/04/10 08:44:50.0937 0240 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
2011/04/10 08:44:51.0015 0240 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/04/10 08:44:51.0093 0240 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/04/10 08:44:51.0234 0240 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/04/10 08:44:51.0390 0240 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/04/10 08:44:51.0500 0240 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/04/10 08:44:51.0656 0240 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/04/10 08:44:51.0859 0240 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/04/10 08:44:51.0984 0240 sonypvs1 (dfadfc2c86662f40759bf02add27d569) C:\WINDOWS\system32\DRIVERS\sonypvs1.sys
2011/04/10 08:44:52.0203 0240 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2011/04/10 08:44:52.0328 0240 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/04/10 08:44:52.0500 0240 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/04/10 08:44:52.0640 0240 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/04/10 08:44:52.0765 0240 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/04/10 08:44:52.0890 0240 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/04/10 08:44:53.0375 0240 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/04/10 08:44:53.0515 0240 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/04/10 08:44:53.0656 0240 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/04/10 08:44:53.0765 0240 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/04/10 08:44:53.0890 0240 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/04/10 08:44:54.0109 0240 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/04/10 08:44:54.0328 0240 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2011/04/10 08:44:54.0468 0240 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/04/10 08:44:54.0625 0240 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/04/10 08:44:54.0734 0240 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/04/10 08:44:54.0843 0240 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/04/10 08:44:54.0953 0240 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/04/10 08:44:55.0062 0240 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/04/10 08:44:55.0187 0240 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/04/10 08:44:55.0296 0240 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/04/10 08:44:55.0390 0240 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/04/10 08:44:55.0515 0240 USB_RNDIS_XP (af090265ec388bab320f1ff7e7a7d5ea) C:\WINDOWS\system32\DRIVERS\usb8023.sys
2011/04/10 08:44:55.0656 0240 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/04/10 08:44:55.0859 0240 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/04/10 08:44:56.0031 0240 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\WINDOWS\system32\DRIVERS\VX1000.sys
2011/04/10 08:44:56.0296 0240 VX6000 (23c729c7c2465c901f52979b0a43e0e4) C:\WINDOWS\system32\DRIVERS\VX6000Xp.sys
2011/04/10 08:44:56.0468 0240 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/04/10 08:44:56.0593 0240 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
2011/04/10 08:44:56.0828 0240 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/04/10 08:44:57.0015 0240 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/04/10 08:44:57.0171 0240 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/04/10 08:44:57.0312 0240 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/04/10 08:44:57.0453 0240 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/04/10 08:44:57.0546 0240 X4HSX32 (28a27b68984b068567f109204ef74e0d) C:\Program Files\GameTap\bin\Release\X4HSX32.Sys
2011/04/10 08:44:57.0656 0240 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/04/10 08:44:57.0718 0240 ================================================================================
2011/04/10 08:44:57.0718 0240 Scan finished
2011/04/10 08:44:57.0718 0240 ================================================================================
2011/04/10 08:44:57.0734 0252 Detected object count: 1
2011/04/10 08:45:13.0875 0252 \HardDisk0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot
2011/04/10 08:45:13.0875 0252 \HardDisk0 - ok
2011/04/10 08:45:13.0875 0252 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sun Apr 10, 2011 10:35 pm

GMER 1.0.15.15570 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-04-10 18:32:30
Windows 5.1.2600 Service Pack 2 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380211AS rev.3.AAE
Running: myqodzvz.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\ufgyqkog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eufs.sys (File System Filter Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- EOF - GMER 1.0.15 ----

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 11, 2011 12:49 am

I was able to restart the computer after this...and once I reconnected the internet (I had this pc disconnected and was working with a laptop while online), it worked ok for an hour or so, but now it is super slow again. should I install antivirus? I've been without it since we started. What do you recommend I use?


jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Mon Apr 11, 2011 7:56 pm

We´re going to run a disk scan first.
Close all programs before proceding with this.

Go to Start >> Run and copy/paste the following:
Code:
CMD /C ECHO Y|CHKDSK C: /F | SHUTDOWN /R /T 30
Your computer will reboot after this.

====================

Download and install [You must be registered and logged in to see this link.].


Run a full scan and allow it to remove all threats it finds.
Reboot your computer, open Avira and find the log (File report button)
Copy&paste the report in your next reply.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Mon Apr 11, 2011 8:44 pm

I ran the disk scan. I saw it start, when I returned, the windows log on screen was up. I see no report. does this mean all is well????
I am starting the Avira process now. I will post the log this evening.
(the link to Avira is the spanish version fyi...I found the english version)


Last edited by jeremypc on Mon Apr 11, 2011 8:49 pm; edited 2 times in total (Reason for editing : additional info)

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Tue Apr 12, 2011 11:21 pm

Avira has been scanning for 14 hours and is only 8.5% completed...

there are 13 detections, and 2 hidden objects. I can't believe it should be taking this long. is this normal????I'll let it keep going.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Apr 13, 2011 10:49 am

Here are the results of a partial first scan. I stopped the scan before it had finished (almost 16 hours).

Avira AntiVir Personal
Report file date: Tuesday, April 12, 2011 04:48

Scanning for 2544884 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.29 2048 Bytes 4/11/2011 20:52:55
VBASE015.VDF : 7.11.6.30 2048 Bytes 4/11/2011 20:52:55
VBASE016.VDF : 7.11.6.31 2048 Bytes 4/11/2011 20:52:55
VBASE017.VDF : 7.11.6.32 2048 Bytes 4/11/2011 20:52:55
VBASE018.VDF : 7.11.6.33 2048 Bytes 4/11/2011 20:52:55
VBASE019.VDF : 7.11.6.34 2048 Bytes 4/11/2011 20:52:55
VBASE020.VDF : 7.11.6.35 2048 Bytes 4/11/2011 20:52:56
VBASE021.VDF : 7.11.6.36 2048 Bytes 4/11/2011 20:52:56
VBASE022.VDF : 7.11.6.37 2048 Bytes 4/11/2011 20:52:56
VBASE023.VDF : 7.11.6.38 2048 Bytes 4/11/2011 20:52:56
VBASE024.VDF : 7.11.6.39 2048 Bytes 4/11/2011 20:52:56
VBASE025.VDF : 7.11.6.40 2048 Bytes 4/11/2011 20:52:57
VBASE026.VDF : 7.11.6.41 2048 Bytes 4/11/2011 20:52:57
VBASE027.VDF : 7.11.6.42 2048 Bytes 4/11/2011 20:52:57
VBASE028.VDF : 7.11.6.43 2048 Bytes 4/11/2011 20:52:57
VBASE029.VDF : 7.11.6.44 2048 Bytes 4/11/2011 20:52:57
VBASE030.VDF : 7.11.6.45 2048 Bytes 4/11/2011 20:52:58
VBASE031.VDF : 7.11.6.53 38400 Bytes 4/11/2011 20:52:58
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/11/2011 20:53:05
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/11/2011 20:53:02
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 4/11/2011 20:53:02
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, April 12, 2011 04:48

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc\Config\Standalone\drivelist
[NOTE] The registry entry is invisible.
Brmfrmps.exe
[NOTE] The process is not visible.

The scan of running processes will be started
Scan process 'msdtc.exe' - '40' Module(s) have been scanned
Scan process 'dllhost.exe' - '61' Module(s) have been scanned
Scan process 'dllhost.exe' - '45' Module(s) have been scanned
Scan process 'vssvc.exe' - '48' Module(s) have been scanned
Scan process 'avscan.exe' - '70' Module(s) have been scanned
Scan process 'avcenter.exe' - '103' Module(s) have been scanned
Scan process 'alg.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '36' Module(s) have been scanned
Scan process 'iPodService.exe' - '28' Module(s) have been scanned
Scan process 'ctfmon.exe' - '24' Module(s) have been scanned
Scan process 'avgnt.exe' - '46' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '69' Module(s) have been scanned
Scan process 'EuWatch.exe' - '15' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '26' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '57' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '47' Module(s) have been scanned
Scan process 'jqs.exe' - '32' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '27' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '62' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '37' Module(s) have been scanned
Scan process 'Agent.exe' - '63' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '8' Module(s) have been scanned
Scan process 'Explorer.EXE' - '90' Module(s) have been scanned
Scan process 'avshadow.exe' - '24' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '46' Module(s) have been scanned
Scan process 'avguard.exe' - '55' Module(s) have been scanned
Scan process 'sched.exe' - '42' Module(s) have been scanned
Scan process 'spoolsv.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '27' Module(s) have been scanned
Scan process 'svchost.exe' - '30' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'svchost.exe' - '51' Module(s) have been scanned
Scan process 'lsass.exe' - '58' Module(s) have been scanned
Scan process 'services.exe' - '36' Module(s) have been scanned
Scan process 'winlogon.exe' - '76' Module(s) have been scanned
Scan process 'csrss.exe' - '11' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1791' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\26\5e62b35a-79b1e26a
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\29\3fc4559d-2cad53b2
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\52\237fcef4-2ed142e7
[0] Archive type: ZIP
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
--> Applet2.class
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv700.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv78.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvD3C.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvF98.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFB4.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFD0.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9CJT2ZR1\track[1].php
[DETECTION] Contains recognition pattern of the JS/Agent.DZ Java script virus
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E0UBHWC4\manual[1].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L24VBLQZ\load[1].php
[DETECTION] Is the TR/Agent2.lvv Trojan
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOY750PE\manual[2].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit

Beginning disinfection:
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\QOY750PE\manual[2].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '45975481.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\L24VBLQZ\load[1].php
[DETECTION] Is the TR/Agent2.lvv Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d177b14.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\E0UBHWC4\manual[1].pdf
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '0f5f21c3.qua'.
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\9CJT2ZR1\track[1].php
[DETECTION] Contains recognition pattern of the JS/Agent.DZ Java script virus
[NOTE] The file was moved to the quarantine directory under the name '697f6e2b.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFD0.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2ce44315.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvFB4.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '53ff7174.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvF98.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '1f475d39.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srvD3C.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '635f1d69.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv78.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4e053224.qua'.
C:\Documents and Settings\Jeremy C\Local Settings\Temp\srv700.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen3 Trojan
[NOTE] The file was moved to the quarantine directory under the name '576d09b3.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\52\237fcef4-2ed142e7
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '38f03a44.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\29\3fc4559d-2cad53b2
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '4a951c19.qua'.
C:\Documents and Settings\Jeremy C\Application Data\Sun\Java\Deployment\cache\6.0\26\5e62b35a-79b1e26a
[DETECTION] Contains recognition pattern of the EXP/Java.itq exploit
[NOTE] The file was moved to the quarantine directory under the name '47522cd2.qua'.


End of the scan: Tuesday, April 12, 2011 20:35
Used time: 15:45:25 Hour(s)

The scan has been canceled!

10020 Scanned directories
121759 Files were scanned
13 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
13 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
121746 Files not concerned
1063 Archives were scanned
0 Warnings
13 Notes
614821 Objects were scanned with rootkit scan
2 Hidden objects were found


jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Apr 13, 2011 10:50 am

I then ran the scan again and it finished completely in 2 1/2 hours.



Avira AntiVir Personal
Report file date: Tuesday, April 12, 2011 23:22

Scanning for 2549700 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 2) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.635 31822 Bytes 3/7/2011 12:15:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 3/4/2011 18:36:52
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.29 2048 Bytes 4/11/2011 20:52:55
VBASE015.VDF : 7.11.6.30 2048 Bytes 4/11/2011 20:52:55
VBASE016.VDF : 7.11.6.31 2048 Bytes 4/11/2011 20:52:55
VBASE017.VDF : 7.11.6.32 2048 Bytes 4/11/2011 20:52:55
VBASE018.VDF : 7.11.6.33 2048 Bytes 4/11/2011 20:52:55
VBASE019.VDF : 7.11.6.34 2048 Bytes 4/11/2011 20:52:55
VBASE020.VDF : 7.11.6.35 2048 Bytes 4/11/2011 20:52:56
VBASE021.VDF : 7.11.6.36 2048 Bytes 4/11/2011 20:52:56
VBASE022.VDF : 7.11.6.37 2048 Bytes 4/11/2011 20:52:56
VBASE023.VDF : 7.11.6.38 2048 Bytes 4/11/2011 20:52:56
VBASE024.VDF : 7.11.6.39 2048 Bytes 4/11/2011 20:52:56
VBASE025.VDF : 7.11.6.40 2048 Bytes 4/11/2011 20:52:57
VBASE026.VDF : 7.11.6.41 2048 Bytes 4/11/2011 20:52:57
VBASE027.VDF : 7.11.6.42 2048 Bytes 4/11/2011 20:52:57
VBASE028.VDF : 7.11.6.43 2048 Bytes 4/11/2011 20:52:57
VBASE029.VDF : 7.11.6.44 2048 Bytes 4/11/2011 20:52:57
VBASE030.VDF : 7.11.6.45 2048 Bytes 4/11/2011 20:52:58
VBASE031.VDF : 7.11.6.66 99840 Bytes 4/12/2011 00:54:59
Engineversion : 8.2.4.206
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.58 1266042 Bytes 4/11/2011 20:53:05
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.20 205177 Bytes 4/11/2011 20:53:02
AEHEUR.DLL : 8.1.2.97 3428726 Bytes 4/11/2011 20:53:02
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 18:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 3/4/2011 18:36:53
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: c:\program files\avira\antivir desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Tuesday, April 12, 2011 23:22

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'vssvc.exe' - '1' Module(s) have been scanned
Scan process 'avwsc.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'EuWatch.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'Agent.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1791' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\WINDOWS\Temp\Acr12.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\Acr138.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\Acr5A.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
C:\WINDOWS\Temp\n.exn
[DETECTION] Is the TR/Agent2.lvv Trojan
C:\_OTL\MovedFiles\04042011_070230\C_Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[DETECTION] Is the TR/Dldr.FraudLoad.zbdt Trojan
Begin scan in 'E:\'
E:\My Documents\Programs\Pitfall_II.zip
[0] Archive type: ZIP
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
--> Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
E:\My Documents\Programs\Pitfall_II\Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan

Beginning disinfection:
E:\My Documents\Programs\Pitfall_II\Pitfall II.exe
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
[NOTE] The file was moved to the quarantine directory under the name '459cde58.qua'.
E:\My Documents\Programs\Pitfall_II.zip
[DETECTION] Is the TR/Click.VBiframe.coi Trojan
[NOTE] The file was moved to the quarantine directory under the name '5d0bf1e0.qua'.
C:\_OTL\MovedFiles\04042011_070230\C_Documents and Settings\All Users\Application Data\YoopehTnCRAPa.exe
[DETECTION] Is the TR/Dldr.FraudLoad.zbdt Trojan
[NOTE] The file was moved to the quarantine directory under the name '0f59ab0e.qua'.
C:\WINDOWS\Temp\n.exn
[DETECTION] Is the TR/Agent2.lvv Trojan
[NOTE] The file was moved to the quarantine directory under the name '6970e48f.qua'.
C:\WINDOWS\Temp\Acr5A.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '2ce9c9ee.qua'.
C:\WINDOWS\Temp\Acr138.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '53f2fb8f.qua'.
C:\WINDOWS\Temp\Acr12.tmp
[DETECTION] Contains recognition pattern of the EXP/PDF.AWD exploit
[NOTE] The file was moved to the quarantine directory under the name '1f4ad7c4.qua'.


End of the scan: Wednesday, April 13, 2011 06:26
Used time: 2:24:37 Hour(s)

The scan has been done completely.

24694 Scanned directories
554464 Files were scanned
7 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
7 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
554457 Files not concerned
2633 Archives were scanned
0 Warnings
7 Notes


jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed Apr 13, 2011 11:17 am

OK, we´re going to try another attempt to run Combofix.

Please download OTH by OldTimer from [You must be registered and logged in to see this link.] and save it to your Desktop (if you use Firefox, right click the link and choose Save Link As ...)

Print the following instructions. You will not have access to them during their execution.
  • Save all your work and close all programs, the next step will stop nearly every process on your computer!
  • Double click OTH.scr to run the tool
  • Click Kill All Processes: your desktop will go blank
  • Press [CTRL]+[SHIFT]+[ESC] to bring up Windows Task Manager and rightclick >> terminate the OTH.scr process under Processes
  • In Task Manager choose File >> New task (Execute), type explorer and hit enter. Your decktop will be back.
  • NOTE: your computer will now be running with minimum processes (e.g. no antivirus).


====================

Time to use ComboFix by sUBs, a powerful tool that you are advised not to run without supervision of a trained malware helper. Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that download the tool and save it to your desktop (if you still have it on your desktop from your previous attempts, delete that one and download it again)

Doubleclick ComboFix.exe to run the tool. Please post its log back here.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed Apr 13, 2011 12:20 pm

I followed your steps, twice, and still got the message about AVG when running combofix.

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Wed Apr 13, 2011 2:23 pm

*sigh*

Please download aswMBR from [You must be registered and logged in to see this link.] and save it to your desktop.

  • Double click aswMBR.exe to run it
  • Click the Scan button to start the scan
  • Please ignore any **Rootkit** entries. I will look at them.
  • Once the scan finishes click Save log to save the log to your Desktop
  • Copy and paste the contents of aswMBR.txt in your next reply

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri Apr 15, 2011 2:32 am

aswMBR version 0.9.4 Copyright(c) 2011 AVAST Software
Run date: 2011-04-14 22:22:24
-----------------------------
22:22:24.937 OS Version: Windows 5.1.2600 Service Pack 2
22:22:24.937 Number of processors: 1 586 0x409
22:22:24.937 ComputerName: MY-A2A4159540F8 UserName: Jeremy C
22:22:47.921 Initialize success
22:22:57.156 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T1L0-c
22:22:57.156 Disk 0 Vendor: Maxtor_6L120P0 BAH41G10 Size: 117246MB BusType: 3
22:22:57.187 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17
22:22:57.187 Disk 1 Vendor: ST380211AS 3.AAE Size: 76319MB BusType: 3
22:22:59.218 Disk 1 MBR read successfully
22:22:59.218 Disk 1 MBR scan
22:23:01.250 Disk 1 scanning sectors +156280320
22:23:01.281 Disk 1 scanning C:\WINDOWS\system32\drivers
22:23:24.500 Service scanning
22:23:25.750 Disk 1 trace - called modules:
22:23:25.765 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
22:23:25.765 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8a3bcab8]
22:23:25.765 3 CLASSPNP.SYS[ba0e905b] -> nt!IofCallDriver -> \Device\00000068[0x8a411ae8]
22:23:25.765 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-17[0x8a3d9998]
22:23:26.265 Scan finished successfully

jeremypc
Intermediate
Intermediate

Status :
Online
Offline

Posts : 142
Joined : 2010-01-21
OS : windows xp home
Points : 27243
# Likes : 0

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri Apr 15, 2011 11:09 am

Well, the rootkit scan comes up clean.
How is your computer running at the moment?

====================

I would like to see a fresh OTL log.

  • Close all windows and double click OTL.exe.
  • The Extra Registry setting should be Use Safelist
  • Copy and paste the following text into the Custom Scans/Fixes box:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe
%SYSTEMDRIVE%\*.*
%PROGRAMFILES%\*.
  • Click the Run Scan button and allow it to run.
  • It will produce two logs for you, OTL.txt and Extras.txt. Please post both logs in this thread.
  • You may need to use two posts to get it all.


====================

We´re going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:
  • Use Internet Explorer to browse to the [You must be registered and logged in to see this link.]
  • Click the green ESET Online Scanner button
  • A popup window will open
  • Accept the terms of use and click Start
  • Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  • UNSELECT the Remove all threats option.
  • Click Start
  • When the scan has finished and threats were found, click List of found threats
  • Click Export to text file and save it as e.g. eset.txt on your desktop
  • Click Back
  • Select Uninstall application on close
  • Click Finish. ESET Online Scanner will now uninstall itself
  • Please post the contents of the eset.txt in your next reply.

Gabethebabe
Top Dog
Top Dog

Status :
Online
Offline

Posts : 1568
Joined : 2010-03-07
Gender : Male
OS : Win7
Points : 38188
# Likes : 0

View user profile

Back to top Go down

Page 1 of 3 1, 2, 3  Next

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum