Redirect virus

View previous topic View next topic Go down

Re: Redirect virus

Post by computerchallenged on 4th November 2011, 5:44 pm

the combofix has been running for almost 2 hrs and it changed the time on the clock but nothing else is coming up. Not even Stage 1 or anything. How long does this scan typically take? I haven't touched the computer, don't worry. Was just wondering how long the scan take.

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 7th November 2011, 7:12 am

A scan should normally be finished in (much) less than 15 minutes.

Not working?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 12:35 pm

no, it did not work. I let it try to run for 5 hrs. I had to leave work and tried to close out of the program but it wouldn't respond. My mouse was the only thing working and I couldn't shut down safely. I had to hold down the power button to get it to turn off.

I noticed when you say download it, to save it to the desktop but with Firefox, it does not give an option where to save it to, it automatically goes into a download folder.

Should I delete and do another install using Internet Explorer? Or should I try to run it in safe mode?


computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 7th November 2011, 1:07 pm

Try this

Please visit [You must be registered and logged in to see this link.] and read the tutorial on using ComboFix very carefully. After that proceed to download ComboFix, but rename it during the download, to make sure the malware does not interfere.

The easiest is to download using Internet Explorer. If you insist on using Mozilla Firefox, you have to make a change to its configuration:
Tools >> Options >> General >> Downloads >> select Always ask me where to save files.

Use one of the links in the guide to download ComboFix and when your browser asks you where to save it, change the name of the file to svchost.exe and save it to your desktop.



Doubleclick svchost.exe to run the tool. Please post its log back here.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 3:14 pm

Followed the directions to a T. I used Internet Explorer to download it. Renamed it to svchost.exe. Turned off Anti-virus and double clicked to run program. Scan has been running for about 45 minutes now.

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 7th November 2011, 3:35 pm

It seems the infection resists all our tools Sad tearing

It does not happen often that ComboFix, TDSSKiller, GMER and aswMBR all fail.
The next possible solution uses a boot disk. See if that gets us somewhere.

====================

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your system disk (probably C:\).

====================

We are going to use a boot CD to help us with your problem.

  • You will need a blank CD to burn the boot CD
  • Download OTLPEStd.exe by OldTimer from [You must be registered and logged in to see this link.] (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you don´t know how to boot from CD, check out [You must be registered and logged in to see this link.]
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply

====================

After getting the OTL log, browse to your system disk, run mbrcheck.exe and post the resulting log back here.

====================

Hopefully these two logs show us something new!




Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 3:50 pm

Ok, I had to force close by shutting down computer with power button. When it rebooted, I noticed that it changed the svchost.exe file I renamed back to Combofix.exe. I tried to d/l combofix from the other site listed and when I tried to run, it said there was an update and if I wanted to update. I clicked on No and am now d/l MBRcheck.

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 5:04 pm

I do not see on the screen which button is the "setup key". So I don't know if it's the del button, F2. I tried pressing the Del key and it asks which operating system to start:

Microsoft Windows Recovery Console
do not select this [debugger enabled]
Microsoft Windows XP Professional

For troubleshooting and advanced start up options for Windows, press F8 and when I pressed F8 it gave me the following options:

Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt.

Enable Boot Logging
Enable VGA Mode
Last Known............
Directory Service....
Debugging Mode
Disable automatic restart on system failure

Start Windows normally
Reboot
Return to OS choices

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 5:25 pm

um nevermind, I had a brain freeze. On my computer it's the Esc/F1 key. it's booting from the CD now. It's starting the Reatogo-X-PE now.

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 5:32 pm

Ok got the OTLPE to run. Under the "Drivers" section, it only gives the option to click on "none", "Use SafeList" and "all". Use the safe list one?

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 6:26 pm

OTL logfile created on: 11/7/2011 12:35:42 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 60.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 6:29 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

Kernel Drivers (total 76):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halacpi.dll
0xF8D95000 \i386\system32\KDCOM.DLL
0xF8CA5000 \i386\system32\BOOTVID.dll
0xF87FA000 setupdd.sys
0xF8E5D000 \i386\system32\drivers\SPDDLANG.SYS
0xF87E9000 pci.sys
0xF87BB000 acpi.sys
0xF8D97000 \i386\system32\drivers\WMILIB.SYS
0xF8895000 isapnp.sys
0xF8E5E000 \i386\system32\drivers\OPRGHDLR.SYS
0xF879D000 pcmcia.sys
0xF8E5F000 pciide.sys
0xF8B15000 \i386\system32\drivers\PCIIDEX.SYS
0xF88C5000 mountmgr.sys
0xF877E000 ftdisk.sys
0xF8B25000 partmgr.sys
0xF8DA1000 dmload.sys
0xF8758000 dmio.sys
0xF88F5000 \i386\system32\drivers\CLASSPNP.SYS
0xF8B35000 usbehci.sys
0xF86FE000 \i386\system32\drivers\USBPORT.SYS
0xF8B45000 usbuhci.sys
0xF8915000 usbhub.sys
0xF8DA5000 \i386\system32\drivers\USBD.SYS
0xF8B55000 \i386\system32\drivers\HIDPARSE.SYS
0xF8935000 serial.sys
0xF8CB1000 serenum.sys
0xF8945000 i8042prt.sys
0xF8B65000 kbdclass.sys
0xF8B6D000 mouclass.sys
0xF86E6000 SCSIPORT.SYS
0xF86CE000 atapi.sys
0xF8CD5000 VMSCSI.SY_
0xF8BCD000 VIAPDSK.SY_
0xF85A1000 viamraid.SY_
0xF853A000 SISRAID4.SY_
0xF8BD5000 SISRAID2.SY_
0xF755A000 dmboot.sys
0xF8619000 cdrom.sys
0xF8609000 disk.sys
0xF7543000 ksecdd.sys
0xF7520000 fastfat.sys
0xF7493000 ntfs.sys
0xF85F9000 cdfs.sys
0xF7466000 ndis.sys
0xF744B000 mup.sys
0xF8EED000 \SystemRoot\System32\drivers\audstub.sys
0xF8DAF000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF8C4D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8DB3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7290000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8D81000 \SystemRoot\system32\drivers\ramdriv.sys
0xF8BDD000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF8D8D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF8F02000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B75000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8B85000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF8DB7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B9D000 \SystemRoot\System32\watchdog.sys
0xF7353000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8F40000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF8AB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAADC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
208 X:\I386\SYSTEM32\CSRSS.EXE
268 X:\I386\SYSTEM32\SERVICES.EXE
280 X:\I386\SYSTEM32\LSASS.EXE
396 X:\I386\SYSTEM32\REATOGOLOGON.EXE
400 X:\I386\SYSTEM32\SVCHOST.EXE
480 X:\I386\SYSTEM32\SVCHOST.EXE
1496 X:\I386\SYSTEM32\SVCHOST.EXE
1668 X:\I386\SYSTEM32\SVCHOST.EXE
1804 X:\PROGRAMS\wbload\wbload.exe
1932 X:\I386\SYSTEM32\SVCHOST.EXE
1984 X:\I386\EXPLORER.EXE
764 X:\I386\EXPLORER.EXE
888 C:\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4025GAS, Rev: KA101A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 7th November 2011, 6:40 pm

FYI - I could not get on the internet with Reatogo-X-PE so I had to copy the files onto a flash drive and post them from my work computer. Can I reboot and go back to booting from my C: drive or should I stay on Reatogo?

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 8th November 2011, 7:43 am

Stay in REATOGO and moving stuff around with a flash drive is a very good idea.

I think I have found some bad files - lets get rid of it and see if things work out better for you after that.

====================

Please run OTLPE again

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\WINDOWS\tasks\IWUM.job
C:\WINDOWS\tasks\MOBCCAFLUV.job
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\WINDOWS\System32\TZLogq.dll
C:\WINDOWS\Wzehigihagonaman.dat
C:\WINDOWS\System32\msxmlp.dll
C:\WINDOWS\Blibirikijirazoh.bin

:otl
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • The computer will reboot - do so normally (take out the boot CD).
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Redirects are gone after this !?!?!?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 3:03 pm

You are AWESOME!!!!!! Seems to be fixed now!!! Thank you so much!

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 3:05 pm

OTL logfile created on: 11/8/2011 9:19:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 254.09 Mb Total Space | 251.56 Mb Free Space | 99.00% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job

< C:\WINDOWS\tasks\MOBCCAFLUV.job >
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Wzehigihagonaman.dat >
[2011/09/13 17:27:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< C:\WINDOWS\System32\msxmlp.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Blibirikijirazoh.bin >
[2011/09/13 17:27:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 8th November 2011, 3:16 pm

The last log puzzles me.

It was made by incorrectly following my instructions.

You have to paste the fix script (the green text in the code box of my previous post) in the "Custom fixes" field of OTLPE and click RUN FIX - not RUN SCAN.

The log you just posted is what happens if you err and click the Run Scan button - it still shows the bad files.

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 3:36 pm

oh wait.......................check this one out............... I removed the disk too soon and computer got hung up (oops, sorry) and so I ran it again. Is this the log you were looking for? I do have a log that popped up on reboot. I'll post that at the end of this post.

OTL logfile created on: 11/8/2011 9:38:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 301.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 09:25:14 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >

< C:\WINDOWS\tasks\MOBCCAFLUV.job >

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >

< C:\WINDOWS\Wzehigihagonaman.dat >

< C:\WINDOWS\System32\msxmlp.dll >

< C:\WINDOWS\Blibirikijirazoh.bin >


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >


Here's the log that came up on reboot
========== FILES ==========
File\Folder C:\WINDOWS\tasks\IWUM.job not found.
File\Folder C:\WINDOWS\tasks\MOBCCAFLUV.job not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found.
File\Folder C:\WINDOWS\System32\TZLogq.dll not found.
File\Folder C:\WINDOWS\Wzehigihagonaman.dat not found.
File\Folder C:\WINDOWS\System32\msxmlp.dll not found.
File\Folder C:\WINDOWS\Blibirikijirazoh.bin not found.
========== OTL ==========
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk scheduled to be moved on reboot.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 11082011_094205

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk not found!

Registry entries deleted on Reboot...


computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 8th November 2011, 3:40 pm

Ok - that log is clean. Your redirect problems are over now?

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 3:43 pm

So far so good!!! I've ran searches on both Firefox and Internet Explorer. The same ones I ran before and then some new ones. All seems to be going well.............................

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 8th November 2011, 3:57 pm

*FISTPUMP*

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to [You must be registered and logged in to see this link.], click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • [You must be registered and logged in to see this link.]. The last and most safest version of Adobe Reader.
  • [You must be registered and logged in to see this link.]. Very small and very light PDF viewer.
  • [You must be registered and logged in to see this link.]. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.


====================

I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

Time to uninstall used tools.

  • Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?


Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 4:47 pm

The Utorrent was installed by my son on an external hard drive and is not actually located on the computer itself. I tried to delete it using the Add/Remove programs but it says it's on Drive E: which is a usb port. Is there a way to remove it from the Program List?

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 8th November 2011, 4:55 pm

Oh and YES, most definitely, I'd like your ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)!!

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on 9th November 2011, 7:02 am

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • [You must be registered and logged in to see this link.]. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • [You must be registered and logged in to see this link.] has received great reviews from leading security analysts.
  • [You must be registered and logged in to see this link.] is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • [You must be registered and logged in to see this link.]. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • [You must be registered and logged in to see this link.]. A very smart and user friendly firewall.
  • [You must be registered and logged in to see this link.] is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. [You must be registered and logged in to see this link.] is an excellent source of freeware reviews.
  • Navigate safely. [You must be registered and logged in to see this link.] is the safest browser available. However, Mozilla Firefox can be made extremely safe with the [You must be registered and logged in to see this link.] addon. Internet Explorer (always use [You must be registered and logged in to see this link.]) can be made a lot safer with [You must be registered and logged in to see this link.] (manual [You must be registered and logged in to see this link.]).
  • The [You must be registered and logged in to see this link.] addon will help you to stay on reliable webpages.
  • [You must be registered and logged in to see this link.] alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe
Top Dog
Top Dog

Posts Posts : 1568
Joined Joined : 2010-03-07
Gender Gender : Male
OS OS : Win7
Points Points : 38268
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on 9th November 2011, 12:10 pm

Awesome, thank you so much!!!

computerchallenged
Novice
Novice

Posts Posts : 36
Joined Joined : 2009-05-25
OS OS : Windows XP
Points Points : 28086
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum