problem when clicking on links in firefox...redirected to a different page.

Page 5 of 5 Previous  1, 2, 3, 4, 5

View previous topic View next topic Go down

problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Wed 30 Mar 2011, 10:13 pm

First topic message reminder :


lately, when I search for a topic and then click on a link provided (in google) I am redirected to a different page. also, in firefox, random pages will open in a new tab all on their own. they are always spam type pages. I have run AVG, super anti-spyware, and maleware bites anti maleware but can't get rid of it. hijack this is included below:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:13:25 AM, on 3/30/2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\Brmfrmps.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: MyIdentityDefender - {A26503FE-B3B8-4910-A9DC-9CBD25C6B8D6} - C:\Documents and Settings\My Computer\Local Settings\Application Data\CyberDefender\cdmyidd.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Vuze Remote Toolbar - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\tbVuz1.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngin0.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [EaseUs Watch] "C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Security Toolbar Service - Unknown owner - C:\Program Files\AVG\AVG9\Toolbar\ToolbarBroker.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\WINDOWS\system32\Brmfrmps.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: EASEUS Agent - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: Google Update Service (gupdate1c9fb9d112482d4) (gupdate1c9fb9d112482d4) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intuit Update Service (IntuitUpdateService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SupportSoft Sprocket Service (medicsp2) (sprtsvc_medicsp2) - SupportSoft, Inc. - C:\Program Files\twc\medicsp2\bin\sprtsvc.exe

--
End of file - 8716 bytes


any disasters you see, please feel free to comment.

thanks,
Jeremy

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down


Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu 05 May 2011, 4:55 am

Check out shared folders for worms imo

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu 05 May 2011, 5:55 am

shared folder for upstairs computer (the infected one) had

pornmovs.lnk
myporno.avi.lnk

in it. I deleted them. shared folder for downstairs computer (clean one) didn't have the files. laptop is not set up for file sharing. I'll check the camera and iPod.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu 05 May 2011, 10:54 am

GMER 1.0.15.15572 - [You must be registered and logged in to see this link.]
Rootkit scan 2011-05-04 19:48:24
Windows 5.1.2600 Service Pack 3 Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-17 ST380211AS rev.3.AAE
Running: lw8k5w1s.exe; Driver: C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\ufgyqkog.sys


---- System - GMER 1.0.15 ----

SSDT BA7D1C7E ZwCreateKey
SSDT BA7D1C74 ZwCreateThread
SSDT BA7D1C83 ZwDeleteKey
SSDT BA7D1C8D ZwDeleteValueKey
SSDT BA7D1C92 ZwLoadKey
SSDT BA7D1C60 ZwOpenProcess
SSDT BA7D1C65 ZwOpenThread
SSDT BA7D1C9C ZwReplaceKey
SSDT BA7D1C97 ZwRestoreKey
SSDT BA7D1C88 ZwSetValueKey

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe[1620] USER32.dll!SetWindowLongA 7E42C29D 5 Bytes JMP 10698DD9 C:\Program Files\Mozilla Firefox 4.0 Beta 12\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe[1620] USER32.dll!SetWindowLongW 7E42C2BB 5 Bytes JMP 10698D6B C:\Program Files\Mozilla Firefox 4.0 Beta 12\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe[1620] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104C7187 C:\Program Files\Mozilla Firefox 4.0 Beta 12\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe[1620] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104C7781 C:\Program Files\Mozilla Firefox 4.0 Beta 12\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe[2912] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe[2912] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 10499437 C:\Program Files\Mozilla Firefox 4.0 Beta 12\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 eubakup.sys (Disk Backup Driver/CHENGDU YIWO Tech Development Co., Ltd)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@LoadAppInit_DLLs 1
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs

---- EOF - GMER 1.0.15 ----

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu 05 May 2011, 11:44 am

this gmer is prior to the otl fix. I'll post another GMER after the OTL runs.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu 05 May 2011, 12:00 pm

OTL seems to have stalled. the blue bar at the bottom keeps filling up and starting over again. in the custom scans/fixes window, the following items are still listed:

[emptytemp]
[reboot]

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu 05 May 2011, 5:15 pm

Scan with OTL to see if the malicious files were removed (I only need OTL.txt, not Extras.txt for this). If they were not, we can throw other tools at them.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Thu 05 May 2011, 9:45 pm

this was on my desktop after manual reboot this morning. do you still want another OTL scan?



All processes killed
========== FILES ==========
File\Folder C:\Documents and Settings\All Users\Documents\myporno.avi.lnk not found.
File\Folder C:\Documents and Settings\All Users\Documents\pornmovs.lnk not found.
C:\Documents and Settings\All Users\Documents\autorun.inf moved successfully.
C:\Documents and Settings\All Users\Documents\setup50045.fon moved successfully.
C:\Documents and Settings\All Users\Documents\setup50045.lnk moved successfully.
C:\WINDOWS\Temp\srv8D4.tmp moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF deleted successfully.
C:\Documents and Settings\Jeremy C\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
========== SERVICES/DRIVERS ==========
Service srv8D4 stopped successfully!
Service srv8D4 deleted successfully!
Service ASKUpgrade stopped successfully!
Service ASKUpgrade deleted successfully!
Service ASKService stopped successfully!
Service ASKService deleted successfully!
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{3041d03e-fd4b-44e0-b742-2d9b88305f98} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3041d03e-fd4b-44e0-b742-2d9b88305f98}\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 63163683 bytes
->Temporary Internet Files folder emptied: 10529315 bytes
->FireFox cache emptied: 21748771 bytes
->Opera cache emptied: 1522 bytes
->Flash cache emptied: 6514 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jeremy C
->Temp folder emptied: 640985007 bytes
->Temporary Internet Files folder emptied: 15303513 bytes
->Java cache emptied: 35 bytes
->FireFox cache emptied: 222382749 bytes
->Opera cache emptied: 23460139 bytes
->Flash cache emptied: 75076 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 492014898 bytes
->Flash cache emptied: 60243 bytes

User: My Computer
->Temp folder emptied: 212175747 bytes
->Temporary Internet Files folder emptied: 556771163 bytes
->FireFox cache emptied: 61660463 bytes
->Opera cache emptied: 19845040 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 748885454 bytes
->FireFox cache emptied: 3120783 bytes
->Flash cache emptied: 48295 bytes

User: Tami
->Temp folder emptied: 175869948 bytes
->Temporary Internet Files folder emptied: 79990426 bytes
->Java cache emptied: 129819212 bytes
->FireFox cache emptied: 67108733 bytes
->Opera cache emptied: 8011333 bytes
->Flash cache emptied: 2143818 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32784195 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 64677656 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 62921 bytes
RecycleBin emptied: 8632472 bytes

Total Files Cleaned = 3,494.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05042011_204627

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Thu 05 May 2011, 10:29 pm

OTL halted because it was deleting 4 gigabytes of temporary files, which must have been tens of thousands of files.

So we killed it again. Can you rerun the OTL scan to see if it is truly gone?
We donīt want to see this line in the ========== Win32 Services (SafeList) ========== section:
SRV - [2011/04/28 07:22:45 | 000,029,696 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp] -- (srv8D4)

Because that is the active malware.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 4:51 am

still there. every time I run OTL, Avira pops up with warnings during the scan. something about an autorun.inf on the C:\.


OTL logfile created on: 5/5/2011 1:22:08 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeremy C\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.64 Gb Free Space | 66.61% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 40.26 Gb Free Space | 35.16% Space Free | Partition Type: NTFS

Computer Name: MY-A2A4159540F8 | User Name: Jeremy C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
PRC - [2011/04/29 07:32:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/05/05 01:45:01 | 000,029,696 | -HS- | M] () [Auto | Stopped] -- \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp [WARNING: \\?\globalroot\Device\HarddiskVolume2\WINDOWS\Temp\srv8D4.tmp] -- (srv8D4)
SRV - [2011/04/29 07:32:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/02/16 10:39:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/10 11:44:49 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/23 10:00:52 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b82861b&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:16:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 07:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/04/16 15:17:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/26 23:51:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/28 07:39:40 | 000,000,000 | ---D | M]

[2011/02/28 09:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions
[2011/01/24 09:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/03 21:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions
[2011/03/01 13:20:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/28 09:54:55 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/28 09:54:56 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/03 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 18:36:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\FFEXT@FBBUTTON.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/04/28 07:49:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/28 07:49:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 12\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/12/02 18:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/04/04 07:02:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 01:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 08:25:57 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 08:25:57 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/04 20:46:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 06:17:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/05/02 18:33:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/02 17:28:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/02 17:28:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/02 17:27:17 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/02 17:27:17 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/02 17:26:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/02 15:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/02 15:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/02 15:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/02 15:45:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/02 15:34:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/02 15:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/05/01 14:49:15 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/04/28 07:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/28 07:49:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 07:49:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 07:49:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 07:49:23 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/27 08:25:57 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/04/26 13:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/26 13:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/19 22:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Application Data\f-secure
[2011/04/19 22:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/04/18 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\SupportSoft
[2011/04/15 07:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 16:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Application Data\Avira
[2011/04/11 16:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/11 16:51:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/11 16:51:17 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/11 16:51:17 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/11 16:51:17 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/11 16:51:17 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/11 16:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/11 16:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[2011/04/06 06:53:18 | 000,000,000 | ---D | C] -- E:\My Documents\Resume etc
[2011/04/05 13:58:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 13:58:32 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/05 13:58:30 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/05 13:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/05 13:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 13:22:11 | 000,002,162 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/05/05 13:20:39 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/05 13:07:00 | 000,000,922 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\autorun.inf
[2011/05/05 13:07:00 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\pornmovs.lnk
[2011/05/05 13:07:00 | 000,000,455 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
[2011/05/05 13:07:00 | 000,000,259 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\setup50045.lnk
[2011/05/05 13:03:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 01:45:01 | 000,029,696 | RHS- | M] () -- C:\Documents and Settings\All Users\Documents\setup50045.fon
[2011/05/04 06:37:18 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\lw8k5w1s.exe
[2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/05/04 06:16:15 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\Flash_Disinfector.exe
[2011/05/02 18:42:28 | 001,491,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/02 18:36:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/02 18:35:21 | 000,441,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/02 18:35:21 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/02 15:39:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/01 14:48:46 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/05/01 09:24:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08031dd7344e.job
[2011/04/28 07:49:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/28 07:49:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 07:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 07:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 07:49:01 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/26 13:52:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/11 16:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/07 14:11:14 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\HiJackThis.lnk
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/05 13:07:00 | 000,000,259 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\setup50045.lnk
[2011/05/05 13:06:58 | 000,029,696 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\setup50045.fon
[2011/05/05 06:41:38 | 000,000,922 | RHS- | C] () -- C:\Documents and Settings\All Users\Documents\autorun.inf
[2011/05/05 06:41:38 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\pornmovs.lnk
[2011/05/05 06:41:36 | 000,000,455 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
[2011/05/04 06:37:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\lw8k5w1s.exe
[2011/05/04 06:16:20 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\Flash_Disinfector.exe
[2011/05/01 09:24:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08031dd7344e.job
[2011/04/26 13:52:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/11 16:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/02/23 17:18:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2010/11/05 20:02:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/05 20:02:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/18 16:41:11 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/08/30 18:30:19 | 000,294,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/29 18:41:01 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/07/29 18:41:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/07/29 18:41:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/07/29 18:41:00 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/04/02 20:37:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/02 20:35:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/12 21:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/19 21:22:26 | 000,039,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/18 10:11:35 | 000,000,062 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/01 19:25:56 | 016,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/03/02 17:35:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009/02/15 21:59:53 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/03 10:25:50 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/04/23 22:48:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/23 22:48:55 | 000,002,556 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/13 22:21:20 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008/02/12 23:07:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/01/19 11:09:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/30 19:10:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/30 19:10:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/30 19:10:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/30 19:10:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/30 19:10:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/30 19:10:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/30 19:10:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/30 19:10:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/30 19:10:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/30 19:10:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/30 19:10:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/30 19:10:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/30 19:09:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2007/12/29 14:53:34 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/10 22:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/03/06 22:10:40 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/27 23:06:35 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/27 10:10:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/21 10:16:40 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/15 21:31:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/02/05 11:24:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/05 10:27:57 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2007/02/03 23:18:37 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/02 17:36:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/02 00:22:29 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2007/02/02 00:22:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/02 00:22:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2007/02/02 00:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/02/02 00:03:21 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/01 23:59:34 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2007/02/01 20:58:53 | 000,005,170 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/01 20:55:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/01 14:15:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 16:14:24 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/25 16:13:27 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 15:38:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/09/25 01:13:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/25 01:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/24 20:37:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/24 20:36:30 | 001,491,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/10 21:00:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07.BIN
[2002/08/12 09:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/03/21 20:22:41 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll

< End of report >

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 06 May 2011, 5:16 am

it is starting to appear that OTL is not removing the service or it is returning on every reboot.

Letīs try another removal tool. if your antivirus alerts something suspicious about this file, disable it. The Avenger is safe.

Please download The Avenger by Swandog46 from here.
  • Unzip the archive avenger.zip to your desktop
  • Doubleclick avenger.exe to run the tool
  • Do not change any check box options!
  • Copy&paste the text below into the Input script here: part of the window:
    Drivers to delete:
    srv8D4

    Registry keys to delete:
    HKLM\system\currentcontrolset\control\safeboot\minimal\srv8D4
    HKLM\system\currentcontrolset\services\srv8D4

    Files to delete:
    C:\Documents and Settings\All Users\Documents\setup50045.lnk
    C:\Documents and Settings\All Users\Documents\setup50045.fon
    C:\Documents and Settings\All Users\Documents\autorun.inf
    C:\Documents and Settings\All Users\Documents\pornmovs.lnk
    C:\Documents and Settings\All Users\Documents\myporno.avi.lnk
    c:WINDOWS\Temp\srv8D4.tmp
  • Click the Execute button.
  • Click Yes to confirm the action.
  • Reboot your computer, either when requested by the tool or manually after it finishes.
  • A log file will be produced (C:\avenger.txt), please copy that into your next post.


BTW you can ignore the avira warnings about the autorun.inf on your c-drive. This autorun.inf is an empty folder and harmless.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 5:40 am

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

Driver "srv8D4" deleted successfully.
Registry key "HKLM\system\currentcontrolset\control\safeboot\minimal\srv8D4" deleted successfully.

Error: registry key "HKLM\system\currentcontrolset\services\srv8D4" not found!
Deletion of registry key "HKLM\system\currentcontrolset\services\srv8D4" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "C:\Documents and Settings\All Users\Documents\setup50045.lnk" deleted successfully.
File "C:\Documents and Settings\All Users\Documents\setup50045.fon" deleted successfully.
File "C:\Documents and Settings\All Users\Documents\autorun.inf" deleted successfully.
File "C:\Documents and Settings\All Users\Documents\pornmovs.lnk" deleted successfully.
File "C:\Documents and Settings\All Users\Documents\myporno.avi.lnk" deleted successfully.

Error: could not open file "c:WINDOWS\Temp\srv8D4.tmp"
Deletion of file "c:WINDOWS\Temp\srv8D4.tmp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist


Completed script processing.

*******************

Finished! Terminate.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 06 May 2011, 6:33 am

lol

I am an idiot

There was an error in the script, now repeat this script:

Code:
Files to delete:
c:\WINDOWS\Temp\srv8D4.tmp

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 10:51 am

Looks Good!!!

I wonder if I should do an OTL scan on my other pc's just in case?
also, I need to immunize my removable drives again, including iPods and cameras.

Logfile of The Avenger Version 2.0, (c) by Swandog46
[You must be registered and logged in to see this link.]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\WINDOWS\Temp\srv8D4.tmp" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 06 May 2011, 6:51 pm

OTL logs of all other computers is a good idea.
This thing is very stubborn. We need to weed it out with root and twig. Weīre on it for more than a month now :p
My most frustrating case up to now. I have been going through you OTL logs with a microscope and been unable to find any other process that might be responsible for the recurrence.

When you run OTL, copy and paste the following text into the Custom Scans/Fixes box
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\*.exe /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys
%systemroot%\system32\drivers\*.dll
%systemroot%\system32\drivers\*.ini
%systemroot%\system32\drivers\*.exe

Today is friday. I will not be online for about 48 hours friday afternoon - sunday afternoon.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 9:38 pm

Avira log from this am. something is still here...

are the customs scans/fixes listed above for all three pc's or just the primary one?



Avira AntiVir Personal
Report file date: Friday, May 06, 2011 00:00

Scanning for 2688333 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/29/2011 11:32:58
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 12:10:22
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 12:10:22
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 01:58:12
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 10:39:25
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 12:28:57
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 11:32:57
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 11:32:57
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 13:49:43
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 10:08:31
VBASE023.VDF : 7.11.7.138 2048 Bytes 5/4/2011 10:08:31
VBASE024.VDF : 7.11.7.139 2048 Bytes 5/4/2011 10:08:32
VBASE025.VDF : 7.11.7.140 2048 Bytes 5/4/2011 10:08:32
VBASE026.VDF : 7.11.7.141 2048 Bytes 5/4/2011 10:08:32
VBASE027.VDF : 7.11.7.142 2048 Bytes 5/4/2011 10:08:32
VBASE028.VDF : 7.11.7.143 2048 Bytes 5/4/2011 10:08:33
VBASE029.VDF : 7.11.7.144 2048 Bytes 5/4/2011 10:08:33
VBASE030.VDF : 7.11.7.145 2048 Bytes 5/4/2011 10:08:33
VBASE031.VDF : 7.11.7.152 27648 Bytes 5/5/2011 10:08:33
Engineversion : 8.2.4.226
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.60 1249658 Bytes 5/5/2011 10:08:35
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.21 205179 Bytes 4/29/2011 11:32:58
AEHEUR.DLL : 8.1.2.112 3473784 Bytes 4/29/2011 11:32:58
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.9 174120 Bytes 4/29/2011 11:32:58
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/29/2011 11:32:58
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, May 06, 2011 00:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'EuWatch.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'BRMFRSMG.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned
Scan process 'Agent.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1789' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\_OTL\MovedFiles\05042011_204627\C_Documents and Settings\All Users\Documents\setup50045.fon
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
C:\_OTL\MovedFiles\05042011_204627\C_Documents and Settings\All Users\Documents\setup50045.lnk
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-2568.A exploit
C:\_OTL\MovedFiles\05042011_204627\C_WINDOWS\Temp\srv8D4.tmp
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
Begin scan in 'E:\'

Beginning disinfection:
C:\_OTL\MovedFiles\05042011_204627\C_WINDOWS\Temp\srv8D4.tmp
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
[NOTE] The file was moved to the quarantine directory under the name '44b66b11.qua'.
C:\_OTL\MovedFiles\05042011_204627\C_Documents and Settings\All Users\Documents\setup50045.lnk
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-2568.A exploit
[NOTE] The file was moved to the quarantine directory under the name '5c2f44b9.qua'.
C:\_OTL\MovedFiles\05042011_204627\C_Documents and Settings\All Users\Documents\setup50045.fon
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
[NOTE] The file was moved to the quarantine directory under the name '0e701e51.qua'.


End of the scan: Friday, May 06, 2011 06:36
Used time: 1:31:41 Hour(s)

The scan has been done completely.

22163 Scanned directories
421094 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
421091 Files not concerned
2039 Archives were scanned
0 Warnings
3 Notes


jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 06 May 2011, 9:50 pm

all that was found were dead bodies in the OTL quarantine folder. So the log is actually clean.

Fixes are for individual computers only, not usable for other computers.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 10:01 pm

ok. thanks. Have a great weekend!

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 10:12 pm

OTL logfile created on: 5/6/2011 7:04:41 AM - Run 4
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Jeremy C\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 49.61 Gb Free Space | 66.58% Space Free | Partition Type: NTFS
Drive E: | 114.49 Gb Total Space | 40.26 Gb Free Space | 35.16% Space Free | Partition Type: NTFS

Computer Name: MY-A2A4159540F8 | User Name: Jeremy C | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
PRC - [2011/04/29 07:32:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/16 15:17:12 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugin-container.exe
PRC - [2011/04/16 15:17:07 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 12\firefox.exe
PRC - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/04 14:36:51 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/01/22 16:58:30 | 000,069,000 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe
PRC - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe
PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe
PRC - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) -- C:\Program Files\Canon\CAL\CALMAIN.exe
PRC - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
PRC - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\Brmfrmps.exe
PRC - [2001/08/17 08:36:38 | 000,032,256 | ---- | M] (Brother Industries, Ltd.) -- C:\WINDOWS\system32\BrmfRsmg.exe


========== Modules (SafeList) ==========

MOD - [2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (itlperf)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/04/29 07:32:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/03/04 14:36:52 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/01/22 16:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2009/09/26 00:32:18 | 000,189,736 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service)
SRV - [2008/10/10 06:45:26 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2008/08/04 17:22:18 | 000,164,896 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2008/02/16 10:39:25 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/02/10 11:44:49 | 000,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/03/07 11:54:06 | 000,202,280 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\twc\medicsp2\bin\sprtsvc.exe -- (sprtsvc_medicsp2) SupportSoft Sprocket Service (medicsp2)
SRV - [2007/01/31 15:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2007/01/11 05:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - [2003/05/05 19:30:22 | 000,065,536 | ---- | M] (Brother Industries, Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Brmfrmps.exe -- (brmfrmps)


========== Driver Services (SafeList) ==========

DRV - [2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 14:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VX6000Xp.sys -- (VX6000)
DRV - [2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usb8023.sys -- (USB_RNDIS_XP)
DRV - [2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mcdbus.sys -- (mcdbus)
DRV - [2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX1000.sys -- (VX1000)
DRV - [2007/02/23 10:00:52 | 000,031,400 | ---- | M] (Exent Technologies Ltd.) [Kernel | Auto | Running] -- C:\Program Files\GameTap\bin\Release\X4HSX32.sys -- (X4HSX32)
DRV - [2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdrbsvsd.sys -- (cdrbsvsd)
DRV - [2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvs1.sys -- (sonypvs1)
DRV - [2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrUsbScn.sys -- (BrUsbScn)
DRV - [2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BrFilt.sys -- (brfilt)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = ;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "AVG Secure Search"
FF - prefs.js..browser.startup.homepage: "chrome://speeddial/content/speeddial.xul"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: avg@igeared:6.010.006.004
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {F8A55C97-3DB6-4961-A81D-0DE0080E53CB}:0.9.5
FF - prefs.js..extensions.enabledItems: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.5
FF - prefs.js..extensions.enabledItems: {64161300-e22b-11db-8314-0800200c9a66}:0.9.5.8
FF - prefs.js..keyword.URL: "http://search.avg.com/route/?d=4b82861b&v=6.010.006.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q="
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/11/24 10:16:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/04 17:19:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/28 07:39:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 12\components [2011/04/16 15:17:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 12\plugins
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/03/26 23:51:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/28 07:39:40 | 000,000,000 | ---D | M]

[2011/02/28 09:46:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions
[2011/01/24 09:20:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2011/05/03 21:30:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions
[2011/03/01 13:20:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/28 09:54:55 | 000,000,000 | ---D | M] (Speed Dial) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}
[2011/02/28 09:54:56 | 000,000,000 | ---D | M] (Download Manager Tweak) -- C:\Documents and Settings\Jeremy C\Application Data\Mozilla\Firefox\Profiles\ifgn87kl.default\extensions\{F8A55C97-3DB6-4961-A81D-0DE0080E53CB}
[2011/03/03 17:23:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/02 18:36:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\{5C46D283-ABDE-4DCE-B83C-08881401921C}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\FFEXT@FBBUTTON.COM.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\JEREMY C\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\IFGN87KL.DEFAULT\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM.XPI
[2011/04/28 07:49:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/04/28 07:49:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 12\EXTENSIONS\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
[2010/12/02 18:35:42 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2005/04/27 18:31:10 | 000,225,280 | ---- | M] (Asgard Software Inc.) -- C:\Program Files\Mozilla Firefox\plugins\NPUploader.dll

O1 HOSTS File: ([2011/04/04 07:02:43 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [EaseUs Watch] C:\Program Files\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} [You must be registered and logged in to see this link.] (Support.com Configuration Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} [You must be registered and logged in to see this link.] (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_25)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jeremy C\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/25 01:10:35 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 08:25:57 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/04/27 08:25:57 | 000,000,000 | RHSD | M] - E:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: srv8D4 - File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "Bonjour Service"
MsConfig - Services: "Autodesk Licensing Service"
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-100000000002}\SC_Acrobat.exe - ()
MsConfig - StartUpFolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk - - File not found
MsConfig - StartUpFolder: C:^Documents and Settings^My Computer^Start Menu^Programs^Startup^MagicDisc.lnk - C:\Program Files\MagicDisc\MagicDisc.exe - (MagicISO, Inc.)
MsConfig - StartUpReg: Acrobat Assistant 7.0 - hkey= - key= - C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
MsConfig - StartUpReg: Active Desktop Calendar - hkey= - key= - File not found
MsConfig - StartUpReg: Ad-Watch - hkey= - key= - File not found
MsConfig - StartUpReg: AV Care - hkey= - key= - File not found
MsConfig - StartUpReg: brastk - hkey= - key= - File not found
MsConfig - StartUpReg: CanonMyPrinter - hkey= - key= - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
MsConfig - StartUpReg: ctfmon.exe - hkey= - key= - File not found
MsConfig - StartUpReg: CyberDefender Registry Cleaner - hkey= - key= - File not found
MsConfig - StartUpReg: doubleTwist - hkey= - key= - File not found
MsConfig - StartUpReg: DriverCure - hkey= - key= - File not found
MsConfig - StartUpReg: EPSON Stylus Photo R280 Series (Copy 1) - hkey= - key= - File not found
MsConfig - StartUpReg: FBSearch - hkey= - key= - File not found
MsConfig - StartUpReg: FPCCSMiddleware - hkey= - key= - C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe ()
MsConfig - StartUpReg: igfxhkcmd - hkey= - key= - File not found
MsConfig - StartUpReg: igfxpers - hkey= - key= - File not found
MsConfig - StartUpReg: igfxtray - hkey= - key= - File not found
MsConfig - StartUpReg: IndexSearch - hkey= - key= - C:\Program Files\Scansoft\PaperPort\IndexSearch.exe ()
MsConfig - StartUpReg: IntelliPoint - hkey= - key= - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
MsConfig - StartUpReg: LightScribe Control Panel - hkey= - key= - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Hewlett-Packard Company)
MsConfig - StartUpReg: medicsp2 - hkey= - key= - C:\Program Files\twc\medicsp2\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: Monopod - hkey= - key= - File not found
MsConfig - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
MsConfig - StartUpReg: NBJ - hkey= - key= - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe (Ahead Software AG)
MsConfig - StartUpReg: PaperPort PTD - hkey= - key= - C:\Program Files\Scansoft\PaperPort\pptd40nt.exe (ScanSoft, Inc.)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
MsConfig - StartUpReg: SetDefPrt - hkey= - key= - C:\Program Files\Brother\Brmfl03a\BrStDvPt.exe ()
MsConfig - StartUpReg: Share-to-Web Namespace Daemon - hkey= - key= - C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe (Hewlett-Packard)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SmileboxTray - hkey= - key= - File not found
MsConfig - StartUpReg: SpybotSD TeaTimer - hkey= - key= - File not found
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: sysldtray - hkey= - key= - File not found
MsConfig - StartUpReg: system tool - hkey= - key= - File not found
MsConfig - StartUpReg: tmwdssur - hkey= - key= - File not found
MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
MsConfig - StartUpReg: VX6000 - hkey= - key= - C:\WINDOWS\vVX6000.exe (Microsoft Corporation
)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: AppMgmt - File not found
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: AppMgmt - File not found
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08650BBD-E955-3C6A-E790-63D7E6397827} - Viewpoint Media Player
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - Microsoft NetShow Player
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Macromedia Shockwave Director 10.1.3
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 10.1.3
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5056b317-8d4c-43ee-8543-b9d1e234b8f4} - Security Update for Windows XP (KB923789)
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5B428065-CE2B-CC7D-6974-1430E5E154F1} - Internet Explorer
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {9B398258-FFC0-D4F7-C9A1-D332B960E724} - Java (Sun)
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {DB9D75DA-A2E8-FB40-4247-A6A345E31C34} - NetShow
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error.
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: Microsoft Base Smart Card Crypto Provider Package -

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

========== Files/Folders - Created Within 30 Days ==========

[2011/05/05 14:35:10 | 000,000,000 | ---D | C] -- C:\Avenger
[2011/05/04 20:46:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/05/04 06:17:36 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/05/02 18:33:48 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/05/02 17:28:50 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys
[2011/05/02 17:28:30 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe
[2011/05/02 17:27:17 | 000,978,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc42.dll
[2011/05/02 17:27:17 | 000,953,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mfc40u.dll
[2011/05/02 17:26:41 | 000,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\comctl32.dll
[2011/05/02 15:45:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\scripting
[2011/05/02 15:45:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\l2schemas
[2011/05/02 15:45:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\en
[2011/05/02 15:45:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2011/05/02 15:34:25 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2011/05/02 15:34:22 | 000,000,000 | ---D | C] -- C:\WINDOWS\EHome
[2011/05/01 14:49:15 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/04/28 07:54:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/04/28 07:49:23 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 07:49:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 07:49:23 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 07:49:23 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/27 08:25:57 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/04/26 13:02:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/26 13:01:17 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/04/19 22:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Application Data\f-secure
[2011/04/19 22:13:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/04/18 20:14:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Local Settings\Application Data\SupportSoft
[2011/04/15 07:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 16:55:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jeremy C\Application Data\Avira
[2011/04/11 16:51:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/04/11 16:51:18 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/04/11 16:51:17 | 000,137,656 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/04/11 16:51:17 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/04/11 16:51:17 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/04/11 16:51:17 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/04/11 16:51:15 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/04/11 16:51:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/04/06 16:20:16 | 000,197,920 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | C] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/05 19:44:46 | 000,002,162 | ---- | M] () -- C:\WINDOWS\BrmfBidi.ini
[2011/05/05 19:43:29 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/05 14:38:44 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/04 06:37:18 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\lw8k5w1s.exe
[2011/05/04 06:17:33 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jeremy C\Desktop\OTL.exe
[2011/05/04 06:16:15 | 000,132,597 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\Flash_Disinfector.exe
[2011/05/02 18:42:28 | 001,491,600 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/02 18:36:29 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/02 18:35:21 | 000,441,544 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/02 18:35:21 | 000,071,480 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/02 15:39:54 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/05/01 14:48:46 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Jeremy C\Desktop\tdsskiller.exe
[2011/05/01 09:24:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08031dd7344e.job
[2011/04/28 07:49:01 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2011/04/28 07:49:01 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2011/04/28 07:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2011/04/28 07:49:01 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2011/04/28 07:49:01 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2011/04/26 13:52:25 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/11 16:51:31 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/04/07 14:11:14 | 000,002,453 | ---- | M] () -- C:\Documents and Settings\Jeremy C\Desktop\HiJackThis.lnk
[2011/04/06 16:20:16 | 000,197,920 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssdX.dll
[2011/04/06 16:20:16 | 000,107,808 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dns-sd.exe
[2011/04/06 16:20:16 | 000,091,424 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\dnssd.dll
[2011/04/06 16:20:16 | 000,075,040 | ---- | M] (Apple Inc.) -- C:\WINDOWS\System32\jdns_sd.dll
[5 E:\My Documents\*.tmp files -> E:\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/04 06:37:21 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\lw8k5w1s.exe
[2011/05/04 06:16:20 | 000,132,597 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Desktop\Flash_Disinfector.exe
[2011/05/01 09:24:36 | 000,000,882 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc08031dd7344e.job
[2011/04/26 13:52:25 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\Jeremy C\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2011/04/11 16:51:31 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira AntiVir Control Center.lnk
[2011/02/23 17:18:14 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2010/11/05 20:02:54 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/11/05 20:02:54 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/10/18 16:41:11 | 000,000,094 | ---- | C] () -- C:\WINDOWS\ka.ini
[2010/08/30 18:30:19 | 000,294,960 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/29 18:41:01 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2010/07/29 18:41:01 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2010/07/29 18:41:01 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2010/07/29 18:41:00 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2010/04/02 20:37:13 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2010/04/02 20:35:05 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/02/12 21:45:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2009/12/19 21:22:26 | 000,039,832 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/12/18 10:11:35 | 000,000,062 | ---- | C] () -- C:\WINDOWS\st_affiliate.ini
[2009/06/01 19:25:56 | 016,742,799 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vlc-0.9.9-win32.exe
[2009/03/02 17:35:27 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\nnr.dll
[2009/02/15 21:59:53 | 000,000,048 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/01/03 10:25:50 | 000,015,497 | ---- | C] () -- C:\WINDOWS\VX6KStd.ini
[2008/04/23 22:48:55 | 000,691,545 | ---- | C] () -- C:\WINDOWS\unins000.exe
[2008/04/23 22:48:55 | 000,002,556 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2008/02/13 22:21:20 | 000,000,072 | ---- | C] () -- C:\WINDOWS\ConverterCore.INI
[2008/02/12 23:07:49 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\custmon32.dll
[2008/01/19 11:09:37 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/12/30 19:10:57 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/12/30 19:10:57 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/12/30 19:10:57 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/12/30 19:10:57 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/12/30 19:10:57 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/12/30 19:10:57 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/12/30 19:10:57 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/12/30 19:10:57 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/12/30 19:10:57 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/12/30 19:10:57 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/12/30 19:10:57 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/12/30 19:10:57 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/12/30 19:10:57 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/12/30 19:10:57 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/30 19:09:35 | 000,000,044 | ---- | C] () -- C:\WINDOWS\EPSPR280.ini
[2007/12/29 14:53:34 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2007/12/10 22:39:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/03/06 22:10:40 | 000,001,779 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/02/27 23:06:35 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/02/27 10:10:02 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2007/02/21 10:16:40 | 000,000,209 | ---- | C] () -- C:\WINDOWS\disney.ini
[2007/02/15 21:31:23 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2007/02/05 11:24:28 | 000,000,178 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2007/02/05 10:27:57 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hpgt23.dll
[2007/02/03 23:18:37 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2007/02/02 17:36:15 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2007/02/02 00:22:29 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2007/02/02 00:22:29 | 000,000,052 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/02/02 00:22:29 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\m8220def.dat
[2007/02/02 00:22:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2007/02/02 00:03:21 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2007/02/01 23:59:34 | 000,002,162 | ---- | C] () -- C:\WINDOWS\BrmfBidi.ini
[2007/02/01 20:58:53 | 000,005,170 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/02/01 20:55:27 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2007/02/01 14:15:20 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/09/25 16:14:24 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2006/09/25 16:13:27 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/09/25 15:38:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2006/09/25 01:13:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/09/25 01:07:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/09/24 20:37:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/09/24 20:36:30 | 001,491,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/04 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/04 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 08:00:00 | 000,441,544 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 08:00:00 | 000,071,480 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/03/10 21:00:16 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\BRMSL07.BIN
[2002/08/12 09:19:42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\Welsof32.dll
[2002/01/08 17:57:34 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[1999/03/21 20:22:41 | 000,000,136 | ---- | C] () -- C:\WINDOWS\System32\mstraps.dll

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Fri 06 May 2011, 10:14 pm


========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\system32\*.exe /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys >
[2008/04/13 14:36:35 | 000,187,776 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpi.sys
[2004/08/04 08:00:00 | 000,011,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\acpiec.sys
[2008/04/13 12:39:23 | 000,142,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\aec.sys
[2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) -- C:\WINDOWS\system32\drivers\afc.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\afd.sys
[2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) -- C:\WINDOWS\system32\drivers\AFS2K.SYS
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
[2008/04/13 14:36:39 | 000,044,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agpcpq.sys
[2006/03/01 03:39:10 | 003,959,360 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\system32\drivers\alcxwdm.sys
[2008/04/13 14:36:38 | 000,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\alim1541.sys
[2008/04/13 14:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\drivers\amdagp.sys
[2008/04/13 14:31:32 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk6.sys
[2008/04/13 14:31:33 | 000,037,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\amdk7.sys
[2008/04/13 14:51:25 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\arp1394.sys
[2005/11/21 01:48:20 | 000,016,512 | ---- | M] (Adaptec) -- C:\WINDOWS\system32\drivers\ASPI32.SYS
[2008/04/13 14:57:27 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\asyncmac.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:29:30 | 000,056,623 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1btxx.sys
[2004/08/03 22:29:30 | 000,011,615 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1mdxx.sys
[2004/08/03 22:29:30 | 000,012,047 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1pdxx.sys
[2004/08/03 22:29:32 | 000,030,671 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1raxx.sys
[2004/08/03 22:29:32 | 000,063,663 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1rvxx.sys
[2004/08/03 22:29:32 | 000,026,367 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1snxx.sys
[2004/08/03 22:29:32 | 000,021,343 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1ttxx.sys
[2004/08/03 22:29:32 | 000,036,463 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1tuxx.sys
[2004/08/03 22:29:32 | 000,029,455 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xbxx.sys
[2004/08/03 22:29:32 | 000,034,735 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati1xsxx.sys
[2004/08/03 22:29:28 | 000,327,040 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtaa.sys
[2004/08/03 22:29:28 | 000,701,440 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\ati2mtag.sys
[2004/08/03 22:29:28 | 000,057,856 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinbtxx.sys
[2004/08/03 22:29:30 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinmdxx.sys
[2004/08/03 22:29:30 | 000,014,336 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinpdxx.sys
[2004/08/03 22:29:30 | 000,052,224 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinraxx.sys
[2004/08/03 22:29:32 | 000,104,960 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinrvxx.sys
[2004/08/03 22:29:32 | 000,028,672 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinsnxx.sys
[2004/08/03 22:29:32 | 000,013,824 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinttxx.sys
[2004/08/03 22:29:32 | 000,073,216 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atintuxx.sys
[2004/08/03 22:29:32 | 000,031,744 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxbxx.sys
[2004/08/03 22:29:32 | 000,063,488 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\drivers\atinxsxx.sys
[2008/04/13 14:51:25 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmarpc.sys
[2004/08/04 08:00:00 | 000,031,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmepvc.sys
[2008/04/13 14:51:30 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmlane.sys
[2004/08/04 08:00:00 | 000,352,256 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atmuni.sys
[2001/08/17 09:59:44 | 000,003,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\audstub.sys
[2010/06/17 14:27:24 | 000,045,416 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntdd.sys
[2011/03/04 14:37:13 | 000,061,960 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntflt.sys
[2010/06/17 14:27:24 | 000,022,360 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avgntmgr.sys
[2011/03/04 16:11:12 | 000,137,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\avipbb.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\beep.sys
[2001/08/17 14:12:12 | 000,002,944 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrFilt.sys
[2008/04/13 14:53:23 | 000,071,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bridge.sys
[2003/03/13 20:04:20 | 000,061,952 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrSerWdm.sys
[2001/08/17 14:12:20 | 000,011,008 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbMdm.sys
[2001/08/17 14:12:22 | 000,010,368 | ---- | M] (Brother Industries Ltd.) -- C:\WINDOWS\system32\drivers\BrUsbScn.sys
[2008/04/13 14:46:33 | 000,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthenum.sys
[2008/04/13 14:46:33 | 000,037,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthmodem.sys
[2008/04/13 14:51:34 | 000,101,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthpan.sys
[2008/06/13 07:05:51 | 000,272,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthport.sys
[2008/04/13 14:46:31 | 000,036,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthprint.sys
[2008/04/13 14:46:29 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\bthusb.sys
[2004/08/04 08:00:00 | 000,013,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cbidf2k.sys
[2008/04/13 14:46:23 | 000,017,024 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ccdecode.sys
[2004/08/04 08:00:00 | 000,018,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdaudio.sys
[2008/04/13 15:14:21 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdfs.sys
[2008/01/04 17:58:46 | 000,009,336 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdr4_xp.sys
[2008/01/04 17:58:46 | 000,009,464 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\cdralw2k.sys
[2003/12/03 18:44:58 | 000,013,566 | ---- | M] (B.H.A Corporation) -- C:\WINDOWS\system32\drivers\cdrbsvsd.sys
[2008/04/13 14:40:46 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\cdrom.sys
[2004/08/04 08:00:00 | 000,262,528 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\cinemst2.sys
[2008/04/13 15:16:22 | 000,049,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\classpnp.sys
[2004/08/04 08:00:00 | 000,011,776 | ---- | M] (Compaq Computer Corporation) -- C:\WINDOWS\system32\drivers\cpqdap01.sys
[2008/04/13 14:31:32 | 000,036,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\crusoe.sys
[2008/04/13 14:40:47 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\disk.sys
[2008/04/13 14:40:44 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\diskdump.sys
[2008/04/13 14:44:48 | 000,799,744 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmboot.sys
[2008/04/13 14:44:46 | 000,153,344 | ---- | M] (Microsoft Corp., Veritas Software) -- C:\WINDOWS\system32\drivers\dmio.sys
[2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corp., Veritas Software.) -- C:\WINDOWS\system32\drivers\dmload.sys
[2008/04/13 14:45:01 | 000,052,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dmusic.sys
[2008/04/13 14:45:14 | 000,060,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmk.sys
[2008/04/13 14:45:13 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\drmkaud.sys
[2004/08/04 08:00:00 | 000,010,496 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxapi.sys
[2008/04/13 14:38:29 | 000,071,168 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxg.sys
[2004/08/04 08:00:00 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\dxgthk.sys
[2011/01/22 16:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eubakup.sys
[2011/01/22 16:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\EuDisk.sys
[2011/01/22 16:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eudskacs.sys
[2011/01/22 16:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\WINDOWS\system32\drivers\eufs.sys
[2008/04/13 15:14:29 | 000,143,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fastfat.sys
[2008/04/13 14:40:25 | 000,027,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fdc.sys
[2008/04/13 14:33:28 | 000,044,544 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fips.sys
[2008/04/13 14:40:25 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\flpydisk.sys
[2008/04/13 14:32:59 | 000,129,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fltmgr.sys
[2004/08/04 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fsvga.sys
[2004/08/04 08:00:00 | 000,007,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\fs_rec.sys
[2004/08/04 08:00:00 | 000,125,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ftdisk.sys
[2008/04/13 14:36:40 | 000,046,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\gagp30kx.sys
[2009/05/18 15:17:00 | 000,026,600 | ---- | M] (GEAR Software Inc.) -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
[2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) -- C:\WINDOWS\system32\drivers\hdaudbus.sys
[2008/04/13 14:46:30 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidbth.sys
[2008/04/13 14:45:26 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidclass.sys
[2008/04/13 14:45:26 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidir.sys
[2008/04/13 14:45:22 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidparse.sys
[2008/04/13 14:45:27 | 000,010,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidusb.sys
[2004/08/03 22:41:48 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfbs2s2.sys
[2004/08/03 22:41:50 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfcxts2.sys
[2004/08/03 22:41:56 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\drivers\hsfdpsp2.sys
[2009/10/20 12:20:16 | 000,265,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\http.sys
[2008/04/13 15:18:00 | 000,052,480 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\i8042prt.sys
[2005/08/23 12:00:00 | 001,052,732 | R--- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmnt5.sys
[2008/04/13 14:40:58 | 000,042,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\imapi.sys
[2008/04/13 14:40:29 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelide.sys
[2008/04/13 14:31:32 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\intelppm.sys
[2008/04/13 14:53:34 | 000,036,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ip6fw.sys
[2004/08/04 08:00:00 | 000,032,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipfltdrv.sys
[2008/04/13 14:57:07 | 000,020,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipinip.sys
[2008/04/13 14:57:15 | 000,152,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipnat.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ipsec.sys
[2008/04/13 14:54:28 | 000,011,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\irenum.sys
[2008/04/13 14:36:41 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/13 14:39:47 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kbdclass.sys
[2008/04/13 14:45:09 | 000,172,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\kmixer.sys
[2008/04/13 15:16:36 | 000,141,056 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ks.sys
[2009/06/24 07:18:41 | 000,092,928 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ksecdd.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys
[2004/08/04 08:00:00 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mcd.sys
[2007/09/05 02:46:34 | 000,092,544 | ---- | M] (MagicISO, Inc.) -- C:\WINDOWS\system32\drivers\mcdbus.sys
[2004/08/03 22:41:56 | 000,011,868 | ---- | M] (Conexant) -- C:\WINDOWS\system32\drivers\mdmxsdk.sys
[2008/04/13 14:36:41 | 000,063,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mf.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mnmdd.sys
[2008/04/13 15:00:19 | 000,030,080 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\modem.sys
[2008/04/13 14:39:47 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouclass.sys
[2001/08/17 14:48:00 | 000,012,160 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mouhid.sys
[2008/04/13 14:39:46 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mountmgr.sys
[2008/04/13 14:32:44 | 000,180,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxdav.sys
[2011/02/17 09:18:24 | 000,455,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys
[2008/04/13 14:32:39 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msfs.sys
[2008/04/13 14:56:32 | 000,035,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\msgpc.sys
[2008/04/13 14:39:52 | 000,007,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mskssrv.sys
[2008/04/13 14:39:50 | 000,005,376 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspclock.sys
[2008/04/13 14:39:51 | 000,004,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mspqm.sys
[2008/04/13 14:36:46 | 000,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mssmbios.sys
[2008/04/13 14:39:50 | 000,005,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mstee.sys
[2004/08/03 22:41:40 | 000,126,686 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlmnt5.sys
[2004/08/03 22:41:38 | 001,309,184 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\mtlstrm.sys
[2004/08/03 22:29:38 | 000,452,736 | ---- | M] (Matrox Graphics Inc.) -- C:\WINDOWS\system32\drivers\mtxparhm.sys
[2008/04/13 15:17:05 | 000,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mup.sys
[2008/04/13 14:43:55 | 000,012,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mutohpen.sys
[2008/04/13 14:46:25 | 000,085,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nabtsfec.sys
[2008/04/13 15:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
[2008/04/13 14:46:22 | 000,010,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisip.sys
[2008/04/13 14:57:27 | 000,010,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndistapi.sys
[2008/04/13 14:55:58 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndisuio.sys
[2008/04/13 15:20:42 | 000,091,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndiswan.sys
[2010/11/02 11:17:02 | 000,040,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndproxy.sys
[2008/04/13 14:56:02 | 000,034,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbios.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\netbt.sys
[2008/04/13 14:51:25 | 000,061,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nic1394.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\nikedrv.sys
[2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nmnt.sys
[2008/04/13 14:32:39 | 000,030,848 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\npfs.sys
[2008/04/13 15:15:53 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ntfs.sys
[2004/08/03 22:41:40 | 000,180,360 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\ntmtlfax.sys
[2007/08/31 12:58:20 | 000,018,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nuidfltr.sys
[2004/08/04 08:00:00 | 000,002,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\null.sys
[2004/08/03 22:29:56 | 001,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\drivers\nv4_mini.sys
[2004/08/04 08:00:00 | 000,012,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkflt.sys
[2004/08/04 08:00:00 | 000,032,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkfwd.sys
[2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkipx.sys
[2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnknb.sys
[2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\nwlnkspx.sys
[2004/08/04 08:00:00 | 000,003,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\oprghdlr.sys
[2008/04/13 14:31:31 | 000,042,752 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\p3.sys
[2008/04/13 14:40:10 | 000,080,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parport.sys
[2008/04/13 14:40:49 | 000,019,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\partmgr.sys
[2004/08/04 08:00:00 | 000,006,784 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\parvdm.sys
[2008/04/13 14:36:44 | 000,068,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pci.sys
[2001/08/17 13:51:52 | 000,003,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciide.sys
[2008/04/13 14:40:29 | 000,024,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pciidex.sys
[2008/04/13 14:36:43 | 000,120,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\pcmcia.sys
[2010/01/12 00:25:37 | 000,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\system32\drivers\pcouffin.sys
[2007/08/21 02:13:00 | 000,021,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\point32.sys
[2008/04/13 15:19:41 | 000,146,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\portcls.sys
[2008/04/13 14:31:30 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\processr.sys
[2008/04/13 14:56:38 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\psched.sys
[2004/08/04 08:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\drivers\ptilink.sys
[2008/01/04 17:58:46 | 000,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\PxHelp20.sys
[2004/08/04 08:00:00 | 000,008,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasacd.sys
[2008/04/13 15:19:43 | 000,051,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rasl2tp.sys
[2008/04/13 14:57:32 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspppoe.sys
[2008/04/13 15:19:48 | 000,048,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspptp.sys
[2004/08/04 08:00:00 | 000,016,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\raspti.sys
[2004/08/04 08:00:00 | 000,034,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rawwan.sys
[2008/04/13 15:28:39 | 000,175,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdbss.sys
[2004/08/04 08:00:00 | 000,004,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpcdd.sys
[2008/04/13 14:32:51 | 000,196,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpdr.sys
[2008/04/13 20:13:22 | 000,139,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rdpwd.sys
[2004/08/03 22:41:40 | 000,013,776 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\recagent.sys
[2008/04/13 14:40:27 | 000,057,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\redbook.sys
[2008/04/13 14:46:32 | 000,059,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rfcomm.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\rio8drv.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (S3/Diamond Multimedia Systems) -- C:\WINDOWS\system32\drivers\riodrv.sys
[2008/05/08 10:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rmcast.sys
[2008/04/13 14:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismp.sys
[2008/04/13 14:56:49 | 000,030,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rndismpx.sys
[2004/08/04 08:00:00 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\rootmdm.sys
[2004/08/03 18:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) -- C:\WINDOWS\system32\drivers\RTL8139.sys
[2005/09/29 23:11:00 | 000,078,720 | ---- | M] (Realtek Semiconductor Corporation ) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys
[2004/08/03 22:29:52 | 000,166,912 | ---- | M] (S3 Graphics, Inc.) -- C:\WINDOWS\system32\drivers\s3gnbm.sys
[2008/04/13 14:40:30 | 000,096,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\scsiport.sys
[2008/04/13 14:36:44 | 000,079,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sdbus.sys
[2007/11/13 06:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\drivers\secdrv.sys
[2008/04/13 14:40:12 | 000,015,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serenum.sys
[2008/04/13 15:15:45 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\serial.sys
[2008/04/13 14:40:47 | 000,011,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffdisk.sys
[2008/04/13 14:40:48 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_mmc.sys
[2008/04/13 14:40:47 | 000,011,008 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sffp_sd.sys
[2008/04/13 14:40:48 | 000,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sfloppy.sys
[2008/04/13 14:36:39 | 000,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\drivers\sisagp.sys
[2008/04/13 14:46:23 | 000,011,136 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\slip.sys
[2004/08/03 22:41:42 | 000,129,535 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnt7554.sys
[2004/08/03 22:41:44 | 000,404,990 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slntamr.sys
[2004/08/03 22:41:46 | 000,095,424 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slnthal.sys
[2004/08/03 22:41:46 | 000,013,240 | ---- | M] (Smart Link) -- C:\WINDOWS\system32\drivers\slwdmsup.sys
[2008/04/13 14:36:34 | 000,005,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smbali.sys
[2004/08/04 08:00:00 | 000,014,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\smclib.sys
[2008/04/13 14:46:07 | 000,025,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sonydcam.sys
[2001/11/05 10:23:14 | 000,006,097 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcb.sys
[2001/11/05 10:23:20 | 000,038,739 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcc.sys
[2001/11/05 10:23:52 | 000,299,923 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonyhcs.sys
[2002/10/15 23:41:06 | 000,102,220 | ---- | M] (Sony Corporation) -- C:\WINDOWS\system32\drivers\sonypvs1.sys
[2008/04/13 14:45:07 | 000,006,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\splitter.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sr.sys
[2011/02/17 09:18:03 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\srv.sys
[2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\system32\drivers\ssmdrv.sys
[2008/04/13 14:45:15 | 000,049,408 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\stream.sys
[2008/04/13 14:46:21 | 000,015,232 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\streamip.sys
[2008/04/13 14:39:53 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swenum.sys
[2008/04/13 14:45:09 | 000,056,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\swmidi.sys
[2008/04/13 15:15:55 | 000,060,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\sysaudio.sys
[2008/04/13 14:40:50 | 000,014,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tape.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
[2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip6.sys
[2008/04/13 15:00:05 | 000,019,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdi.sys
[2008/04/13 20:13:20 | 000,012,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdpipe.sys
[2008/04/13 20:13:21 | 000,021,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tdtcp.sys
[2008/04/13 20:13:20 | 000,040,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\termdd.sys
[2004/08/04 08:00:00 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tosdvd.sys
[2004/08/04 08:00:00 | 000,021,376 | ---- | M] (Toshiba Corporation) -- C:\WINDOWS\system32\drivers\tsbvcap.sys
[2008/04/13 14:56:01 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tunmp.sys
[2008/04/13 14:36:40 | 000,044,672 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\uagp35.sys
[2008/04/13 14:32:36 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\udfs.sys
[2008/04/13 14:39:46 | 000,384,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\update.sys
[2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023.sys
[2008/04/13 14:56:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usb8023x.sys
[2011/02/18 17:36:58 | 000,041,984 | ---- | M] (Apple, Inc.) -- C:\WINDOWS\system32\drivers\usbaapl.sys
[2008/04/13 14:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbaudio.sys
[2008/04/13 14:45:40 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd.sys
[2008/04/13 14:45:41 | 000,025,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbcamd2.sys
[2008/04/13 14:45:39 | 000,032,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbccgp.sys
[2004/08/04 08:00:00 | 000,004,736 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbd.sys
[2008/04/13 14:45:35 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbehci.sys
[2008/04/13 14:45:37 | 000,059,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbhub.sys
[2008/04/13 14:45:43 | 000,015,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbintel.sys
[2008/04/13 14:45:36 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbport.sys
[2008/04/13 14:47:37 | 000,025,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbprint.sys
[2008/04/13 14:45:34 | 000,015,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbscan.sys
[2008/04/13 14:45:38 | 000,026,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbstor.sys
[2008/04/13 14:45:35 | 000,020,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbuhci.sys
[2008/04/13 14:46:20 | 000,121,984 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\usbvideo.sys
[2004/08/04 08:00:00 | 000,058,112 | ---- | M] (RAVISENT Technologies Inc.) -- C:\WINDOWS\system32\drivers\vdmindvd.sys
[2008/04/13 14:44:40 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\vga.sys
[2008/04/13 14:36:40 | 000,042,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\viaagp.sys
[2008/04/13 14:44:40 | 000,081,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\videoprt.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\volsnap.sys
[2007/04/10 17:46:53 | 001,966,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\VX1000.sys
[2008/08/04 17:22:22 | 002,077,840 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\system32\drivers\VX6000Xp.sys
[2008/08/04 17:22:22 | 000,036,240 | ---- | M] (Microsoft Corporation
) -- C:\WINDOWS\system32\drivers\VX6KCamd.sys
[2008/04/13 14:43:55 | 000,014,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wacompen.sys
[2004/08/03 22:29:40 | 000,011,807 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv07nt.sys
[2004/08/03 22:29:40 | 000,011,295 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv08nt.sys
[2004/08/03 22:29:42 | 000,011,871 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv09nt.sys
[2004/08/03 22:29:42 | 000,011,935 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\wadv11nt.sys
[2008/04/13 14:57:21 | 000,034,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wanarp.sys
[2004/08/03 22:29:46 | 000,022,271 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\watv06nt.sys
[2004/08/03 22:29:46 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\watv10nt.sys
[2006/11/02 08:22:54 | 000,492,000 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdf01000.sys
[2006/11/02 08:22:52 | 000,032,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdfldr.sys
[2008/04/13 15:17:18 | 000,083,072 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wdmaud.sys
[2004/08/04 08:00:00 | 000,004,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wmilib.sys
[2006/10/18 21:00:00 | 000,038,528 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wpdusb.sys
[2004/08/04 08:00:00 | 000,012,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ws2ifsl.sys
[2008/04/13 14:46:24 | 000,019,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\wstcodec.sys
[2006/09/28 19:55:50 | 000,077,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfPf.sys
[2006/09/28 20:00:34 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\WudfRd.sys

< %systemroot%\system32\drivers\*.dll >
[2008/04/13 20:11:48 | 000,004,255 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv01nt5.dll
[2008/04/13 20:11:48 | 000,003,967 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv02nt5.dll
[2008/04/13 20:11:48 | 000,003,615 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv05nt5.dll
[2008/04/13 20:11:48 | 000,003,647 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv07nt5.dll
[2008/04/13 20:11:48 | 000,003,135 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv08nt5.dll
[2008/04/13 20:11:48 | 000,003,711 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv09nt5.dll
[2008/04/13 20:11:48 | 000,003,775 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\adv11nt5.dll
[2008/04/13 20:11:50 | 000,021,183 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv01nt5.dll
[2008/04/13 20:11:50 | 000,011,359 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv02nt5.dll
[2008/04/13 20:11:50 | 000,025,471 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv04nt5.dll
[2008/04/13 20:11:50 | 000,014,143 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv06nt5.dll
[2008/04/13 20:11:50 | 000,017,279 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\atv10nt5.dll
[2008/04/13 20:11:50 | 000,015,423 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\ch7xxnt5.dll
[2004/08/04 01:56:44 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\hidserv.dll
[2008/04/13 20:12:05 | 000,003,901 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\siint5.dll
[2001/07/03 21:39:00 | 000,003,654 | ---- | M] () -- C:\WINDOWS\system32\drivers\Sonyhcp.dll
[2008/04/13 20:12:08 | 000,011,325 | ---- | M] (Intel(R) Corporation) -- C:\WINDOWS\system32\drivers\vchnt5.dll

< %systemroot%\system32\drivers\*.ini >

< %systemroot%\system32\drivers\*.exe >

< End of report >

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Fri 06 May 2011, 11:44 pm

That is a clean log, Jeremy.
Letīs drink a beer to that in the weekend and hope it stays that way.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat 07 May 2011, 12:01 am

Cheers!

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat 07 May 2011, 12:01 am

I'll run OTL on the other computers and post logs.

have a great weekend!!!

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Sat 07 May 2011, 11:06 pm

Avira Scan from Sat. a.m...viruses found in different location than the last time.


Avira AntiVir Personal
Report file date: Saturday, May 07, 2011 00:00

Scanning for 2688333 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : SYSTEM
Computer name : MY-A2A4159540F8

Version information:
BUILD.DAT : 10.0.0.648 31823 Bytes 4/1/2011 18:36:00
AVSCAN.EXE : 10.0.4.2 442024 Bytes 4/29/2011 11:32:58
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 16:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 3/4/2011 18:36:59
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 03:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 13:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 18:37:07
VBASE002.VDF : 7.11.3.0 1950720 Bytes 2/9/2011 18:37:08
VBASE003.VDF : 7.11.5.225 1980416 Bytes 4/7/2011 20:52:52
VBASE004.VDF : 7.11.5.226 2048 Bytes 4/7/2011 20:52:52
VBASE005.VDF : 7.11.5.227 2048 Bytes 4/7/2011 20:52:52
VBASE006.VDF : 7.11.5.228 2048 Bytes 4/7/2011 20:52:53
VBASE007.VDF : 7.11.5.229 2048 Bytes 4/7/2011 20:52:53
VBASE008.VDF : 7.11.5.230 2048 Bytes 4/7/2011 20:52:53
VBASE009.VDF : 7.11.5.231 2048 Bytes 4/7/2011 20:52:53
VBASE010.VDF : 7.11.5.232 2048 Bytes 4/7/2011 20:52:53
VBASE011.VDF : 7.11.5.233 2048 Bytes 4/7/2011 20:52:53
VBASE012.VDF : 7.11.5.234 2048 Bytes 4/7/2011 20:52:53
VBASE013.VDF : 7.11.6.28 158208 Bytes 4/11/2011 20:52:55
VBASE014.VDF : 7.11.6.74 116224 Bytes 4/13/2011 12:10:22
VBASE015.VDF : 7.11.6.113 137728 Bytes 4/14/2011 12:10:22
VBASE016.VDF : 7.11.6.150 146944 Bytes 4/18/2011 01:58:12
VBASE017.VDF : 7.11.6.192 138240 Bytes 4/20/2011 10:39:25
VBASE018.VDF : 7.11.6.237 156160 Bytes 4/22/2011 12:28:57
VBASE019.VDF : 7.11.7.45 427520 Bytes 4/27/2011 11:32:57
VBASE020.VDF : 7.11.7.64 192000 Bytes 4/28/2011 11:32:57
VBASE021.VDF : 7.11.7.97 182272 Bytes 5/2/2011 13:49:43
VBASE022.VDF : 7.11.7.127 467968 Bytes 5/4/2011 10:08:31
VBASE023.VDF : 7.11.7.138 2048 Bytes 5/4/2011 10:08:31
VBASE024.VDF : 7.11.7.139 2048 Bytes 5/4/2011 10:08:32
VBASE025.VDF : 7.11.7.140 2048 Bytes 5/4/2011 10:08:32
VBASE026.VDF : 7.11.7.141 2048 Bytes 5/4/2011 10:08:32
VBASE027.VDF : 7.11.7.142 2048 Bytes 5/4/2011 10:08:32
VBASE028.VDF : 7.11.7.143 2048 Bytes 5/4/2011 10:08:33
VBASE029.VDF : 7.11.7.144 2048 Bytes 5/4/2011 10:08:33
VBASE030.VDF : 7.11.7.145 2048 Bytes 5/4/2011 10:08:33
VBASE031.VDF : 7.11.7.152 27648 Bytes 5/5/2011 10:08:33
Engineversion : 8.2.4.226
AEVDF.DLL : 8.1.2.1 106868 Bytes 3/4/2011 18:36:49
AESCRIPT.DLL : 8.1.3.60 1249658 Bytes 5/5/2011 10:08:35
AESCN.DLL : 8.1.7.2 127349 Bytes 3/4/2011 18:36:48
AESBX.DLL : 8.1.3.2 254324 Bytes 3/4/2011 18:36:48
AERDL.DLL : 8.1.9.9 639347 Bytes 4/11/2011 20:53:03
AEPACK.DLL : 8.2.6.0 549237 Bytes 4/11/2011 20:53:03
AEOFFICE.DLL : 8.1.1.21 205179 Bytes 4/29/2011 11:32:58
AEHEUR.DLL : 8.1.2.112 3473784 Bytes 4/29/2011 11:32:58
AEHELP.DLL : 8.1.16.1 246134 Bytes 3/4/2011 18:36:41
AEGEN.DLL : 8.1.5.4 397684 Bytes 4/11/2011 20:53:00
AEEMU.DLL : 8.1.3.0 393589 Bytes 3/4/2011 18:36:40
AECORE.DLL : 8.1.20.2 196982 Bytes 4/11/2011 20:52:59
AEBB.DLL : 8.1.1.0 53618 Bytes 3/4/2011 18:36:39
AVWINLL.DLL : 10.0.0.0 19304 Bytes 3/4/2011 18:36:53
AVPREF.DLL : 10.0.0.0 44904 Bytes 3/4/2011 18:36:52
AVREP.DLL : 10.0.0.9 174120 Bytes 4/29/2011 11:32:58
AVREG.DLL : 10.0.3.2 53096 Bytes 3/4/2011 18:36:52
AVSCPLR.DLL : 10.0.4.2 84840 Bytes 4/29/2011 11:32:58
AVARKT.DLL : 10.0.22.6 231784 Bytes 3/4/2011 18:36:50
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 3/4/2011 18:36:51
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 18:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/4/2011 18:36:53
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 18:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 3/4/2011 18:37:12
RCTEXT.DLL : 10.0.58.0 97128 Bytes 3/4/2011 18:37:12

Configuration settings for the scan:
Jobname.............................: Local Hard Disks
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, May 07, 2011 00:00

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'EuWatch.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'BRMFRSMG.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sprtsvc.exe' - '1' Module(s) have been scanned
Scan process 'MSCamS32.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdate.exe' - '1' Module(s) have been scanned
Scan process 'IntuitUpdateService.exe' - '1' Module(s) have been scanned
Scan process 'FreeAgentService.exe' - '1' Module(s) have been scanned
Scan process 'E_S40RP7.EXE' - '1' Module(s) have been scanned
Scan process 'Agent.exe' - '1' Module(s) have been scanned
Scan process 'Brmfrmps.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1789' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\System Volume Information\_restore{93CB386A-A703-42F9-AFD5-3BF2CA4807EA}\RP5\A0012571.lnk
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-2568.A exploit
C:\System Volume Information\_restore{93CB386A-A703-42F9-AFD5-3BF2CA4807EA}\RP5\A0012572.fon
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
Begin scan in 'E:\'

Beginning disinfection:
C:\System Volume Information\_restore{93CB386A-A703-42F9-AFD5-3BF2CA4807EA}\RP5\A0012572.fon
[DETECTION] Is the TR/Spy.ZBot.aste Trojan
[NOTE] The file was moved to the quarantine directory under the name '477a91fa.qua'.
C:\System Volume Information\_restore{93CB386A-A703-42F9-AFD5-3BF2CA4807EA}\RP5\A0012571.lnk
[DETECTION] Contains recognition pattern of the EXP/CVE-2010-2568.A exploit
[NOTE] The file was moved to the quarantine directory under the name '5fedbe5d.qua'.


End of the scan: Saturday, May 07, 2011 08:04
Used time: 1:36:37 Hour(s)

The scan has been done completely.

22190 Scanned directories
421165 Files were scanned
2 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
2 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
421163 Files not concerned
2045 Archives were scanned
0 Warnings
2 Notes


jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Gabethebabe on Mon 09 May 2011, 3:53 am

No problem.
Avira found a dead body in your system restore.

Looks like you are finally clean

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by jeremypc on Tue 10 May 2011, 2:01 pm

so far, so good! Everything appears to be good!

Thank you so much for all of your help and patience.

-Jeremy

jeremypc

Rookie Surfer
Rookie Surfer

Posts : 142
Joined : 2010-01-21
Operating System : windows xp home

View user profile

Back to top Go down

Re: problem when clicking on links in firefox...redirected to a different page.

Post by Sponsored content Today at 9:38 am


Sponsored content


Back to top Go down

Page 5 of 5 Previous  1, 2, 3, 4, 5

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum