Redirect virus

Page 2 of 2 Previous  1, 2

View previous topic View next topic Go down

Redirect virus

Post by computerchallenged on Wed 02 Nov 2011, 1:09 pm

First topic message reminder :

I've tried several products to eradicate the redirect virus but have been unsuccessful. I have used several search engines and when I click on a link, it redirects me to another site.

Here is my OTL log file and the others are to follow shortly. Please help!

OTL logfile created on: 11/1/2011 9:22:12 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.30 Mb Total Physical Memory | 237.28 Mb Available Physical Memory | 46.41% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 74.06% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.66 Gb Free Space | 42.02% Space Free | Partition Type: NTFS

Computer Name: B-C6SPFYDMW376J | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/01 21:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
PRC - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/09/23 11:38:21 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/09/16 02:34:43 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
PRC - [2010/06/24 15:34:50 | 000,279,360 | ---- | M] (Motorola) -- C:\Program Files\Motorola\MotoConnectService\MotoConnect.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2003/12/16 09:30:06 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\ZCfgSvc.exe
PRC - [2003/12/16 09:24:20 | 000,184,320 | ---- | M] (Intel) -- C:\WINDOWS\system32\1XConfig.exe
PRC - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) -- C:\WINDOWS\system32\S24EvMon.exe
PRC - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\RegSrvc.exe
PRC - [2003/11/21 18:49:28 | 000,258,048 | ---- | M] (TOSHIBA Corp.) -- C:\WINDOWS\system32\00THotkey.exe
PRC - [2003/03/14 15:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe
PRC - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/31 21:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\system32\msxmlp.dll
MOD - [2011/10/25 19:50:14 | 000,155,648 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll
MOD - [2011/09/16 02:05:58 | 000,398,288 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe
MOD - [2003/12/16 09:29:42 | 000,204,800 | ---- | M] () -- C:\WINDOWS\system32\C1XStngs.dll
MOD - [2003/11/14 14:57:00 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\TosBtHcrpAPI.dll
MOD - [2002/12/04 11:57:00 | 000,651,264 | ---- | M] () -- C:\WINDOWS\system32\libeay32.dll
MOD - [2002/12/04 11:57:00 | 000,147,456 | ---- | M] () -- C:\WINDOWS\system32\ssleay32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SessionLauncher)
SRV - File not found [Disabled | Stopped] -- -- (RoxLiveShare10)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/09/23 18:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 18:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 15:34:52 | 000,091,456 | ---- | M] () [Auto | Running] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 18:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 21:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 11:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 09:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto | Running] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 09:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/10 00:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 21:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled | Stopped] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 15:26:14 | 000,053,248 | ---- | M] () [Disabled | Stopped] -- c:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 18:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled | Stopped] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 17:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled | Stopped] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 20:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Running] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - [2011/09/18 08:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 23:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 23:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 16:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 16:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 10:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 19:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 18:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 15:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 23:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 06:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 23:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 03:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/17 00:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 09:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 21:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 13:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 06:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/28 00:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 18:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 15:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 17:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 20:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 19:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 12:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 16:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 17:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 21:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 17:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 23:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 15:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 14:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 23:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 19:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 08:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/30 00:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 19:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/01 18:25:11 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 23:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 17:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 20:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 21:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 20:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [acxobjmon] C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt\acxobjmon.dll ()
O4 - HKLM..\RunOnce: [AOLRebootNeeded] C:\WINDOWS\System32\regsvr32.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: microsoft.com ([office] http in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 71.252.0.12
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08C74418-A496-4E76-8E1E-D061794E858D}: DhcpNameServer = 192.168.1.1 71.252.0.12
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - (C:\WINDOWS\System32\LgNotify.dll) - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 20:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - Services: "IntuitUpdateService"
MsConfig - Services: "idsvc"
MsConfig - Services: "hkmsvc"
MsConfig - Services: "FontCache3.0.0.0"
MsConfig - Services: "FLEXnet Licensing Service"
MsConfig - Services: "Fax"
MsConfig - Services: "FastUserSwitchingCompatibility"
MsConfig - Services: "EventSystem"
MsConfig - Services: "EapHost"
MsConfig - Services: "DVD-RAM_Service"
MsConfig - Services: "Dnscache"
MsConfig - Services: "dmserver"
MsConfig - Services: "dmadmin"
MsConfig - Services: "CryptSvc"
MsConfig - Services: "COMSysApp"
MsConfig - Services: "clr_optimization_v2.0.50727_32"
MsConfig - Services: "CFSvcs"
MsConfig - Services: "Bonjour Service"
MsConfig - Services: "BITS"
MsConfig - Services: "ALG"
MsConfig - Services: "Tmesrv"
MsConfig - Services: "Tmesbs"
MsConfig - Services: "Themes"
MsConfig - Services: "TapiSrv"
MsConfig - Services: "Swupdtmr"
MsConfig - Services: "SamSs"
MsConfig - Services: "Microsoft Office Groove Audit Service"
MsConfig - Services: "Viewpoint Manager Service"
MsConfig - Services: "SessionLauncher"
MsConfig - Services: "RoxLiveShare10"
MsConfig - Services: "ose"
MsConfig - Services: "NVSvc"
MsConfig - Services: "MDM"
MsConfig - Services: "LiveUpdate"
MsConfig - Services: "JavaQuickStarterService"
MsConfig - Services: "avg9wd"
MsConfig - Services: "aspnet_state"
MsConfig - Services: "NetFxUpdate_v1.1.4322"
MsConfig - Services: "nosGetPlusHelper"
MsConfig - StartUpReg: 000StTHK - hkey= - key= - File not found
MsConfig - StartUpReg: AGRSMMSG - hkey= - key= - C:\WINDOWS\agrsmmsg.exe (Agere Systems)
MsConfig - StartUpReg: Apoint - hkey= - key= - C:\Program Files\Apoint2K\Apoint.exe (Alps Electric Co., Ltd.)
MsConfig - StartUpReg: AVG9_TRAY - hkey= - key= - File not found
MsConfig - StartUpReg: Google Update - hkey= - key= - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (Google Inc.)
MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
MsConfig - StartUpReg: H/PC Connection Agent - hkey= - key= - C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation)
MsConfig - StartUpReg: HostManager - hkey= - key= - C:\Program Files\Common Files\AOL\1145470929\ee\aolsoftware.exe (America Online, Inc.)
MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
MsConfig - StartUpReg: KernelFaultCheck - hkey= - key= - File not found
MsConfig - StartUpReg: NvCplDaemon - hkey= - key= - File not found
MsConfig - StartUpReg: NVRotateSysTray - hkey= - key= - File not found
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: rasMapppm - hkey= - key= - File not found
MsConfig - StartUpReg: SmoothView - hkey= - key= - C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: TAudEffect - hkey= - key= - C:\Program Files\Toshiba\TAudEffect\TAudEff.exe (TOSHIBA)
MsConfig - StartUpReg: TFncKy - hkey= - key= - File not found
MsConfig - StartUpReg: TFNF5 - hkey= - key= - File not found
MsConfig - StartUpReg: TosHKCW.exe - hkey= - key= - C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe (TOSHIBA CORPORATION)
MsConfig - StartUpReg: TPSMain - hkey= - key= - File not found
MsConfig - StartUpReg: Verizon_McciTrayApp - hkey= - key= - C:\Program Files\Verizon\McciTrayApp.exe (Alcatel-Lucent)
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 2
MsConfig - State: "startup" - 2

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PEVSystemStart - Service
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: procexp90.Sys - Driver
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PEVSystemStart - Service
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: procexp90.Sys - Driver
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: UploadMgr - Service
SafeBootNet: vga.sys - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 10.1.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 10.1.4
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015C} - Microsoft DirectX
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {8b15971b-5355-4c82-8c07-7e181ea07608} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\fxsocm.inf,Fax.Install.PerUser
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {94de52c8-2d59-4f1b-883e-79663d2d9a8c} - Fax Provider
ActiveX: {96543d59-497a-4801-a1f3-5936aacaf7b1} - Q828750
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CA347303-40DC-8D5F-82FA-87D47689462F} - Internet Explorer
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EFCE7BE0-510E-4932-9475-F44CD90DE16A} - Microsoft .NET Framework 1.1 Security Update (KB2572067)
ActiveX: {F5776D81-AE53-4935-8E84-B0B283D8BCEF} - Q330994
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE


computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down


Re: Redirect virus

Post by computerchallenged on Sat 05 Nov 2011, 4:44 am

the combofix has been running for almost 2 hrs and it changed the time on the clock but nothing else is coming up. Not even Stage 1 or anything. How long does this scan typically take? I haven't touched the computer, don't worry. Was just wondering how long the scan take.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Mon 07 Nov 2011, 6:12 pm

A scan should normally be finished in (much) less than 15 minutes.

Not working?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Mon 07 Nov 2011, 11:35 pm

no, it did not work. I let it try to run for 5 hrs. I had to leave work and tried to close out of the program but it wouldn't respond. My mouse was the only thing working and I couldn't shut down safely. I had to hold down the power button to get it to turn off.

I noticed when you say download it, to save it to the desktop but with Firefox, it does not give an option where to save it to, it automatically goes into a download folder.

Should I delete and do another install using Internet Explorer? Or should I try to run it in safe mode?


computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Tue 08 Nov 2011, 12:07 am

Try this

Please visit this webpage and read the tutorial on using ComboFix very carefully. After that proceed to download ComboFix, but rename it during the download, to make sure the malware does not interfere.

The easiest is to download using Internet Explorer. If you insist on using Mozilla Firefox, you have to make a change to its configuration:
Tools >> Options >> General >> Downloads >> select Always ask me where to save files.

Use one of the links in the guide to download ComboFix and when your browser asks you where to save it, change the name of the file to svchost.exe and save it to your desktop.



Doubleclick svchost.exe to run the tool. Please post its log back here.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 2:14 am

Followed the directions to a T. I used Internet Explorer to download it. Renamed it to svchost.exe. Turned off Anti-virus and double clicked to run program. Scan has been running for about 45 minutes now.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Tue 08 Nov 2011, 2:35 am

It seems the infection resists all our tools

It does not happen often that ComboFix, TDSSKiller, GMER and aswMBR all fail.
The next possible solution uses a boot disk. See if that gets us somewhere.

====================

Please download MBRCheck by a_d_13 from either of the following mirrors and save it to your system disk (probably C:\).
  • Mirror #1
  • Mirror #2
  • Mirror #3

====================

We are going to use a boot CD to help us with your problem.

  • You will need a blank CD to burn the boot CD
  • Download OTLPEStd.exe by OldTimer from here (a big download)
  • Double-click on OTLPEStd.exe to burn the boot CD
  • Reboot your system using the boot CD you just created. If you donīt know how to boot from CD, check out this page
  • Booting will take quite some time, so please be patient
  • Finally you should see the REATOGO-X-PE desktop. Find the OTLPE icon and double click it to run OTLPE
  • Answer Yes and OK to all prompts
  • Ensure the option Automatically Load All Remaining Users is checked
  • OTL should now start. Set the option Drivers to Non-Microsoft
  • Copy and paste the following text into the Custom Scans/Fixes field:
    /md5start
    atapi.sys
    iastor.sys
    ndis.sys
    userinit.exe
    winlogon.exe
    /md5stop
  • Click Run Scan to start the scan
  • When finished, a log file C:\OTL.txt will be created
  • Please post the contents of the file in your next reply

====================

After getting the OTL log, browse to your system disk, run mbrcheck.exe and post the resulting log back here.

====================

Hopefully these two logs show us something new!




Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 2:50 am

Ok, I had to force close by shutting down computer with power button. When it rebooted, I noticed that it changed the svchost.exe file I renamed back to Combofix.exe. I tried to d/l combofix from the other site listed and when I tried to run, it said there was an update and if I wanted to update. I clicked on No and am now d/l MBRcheck.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 4:04 am

I do not see on the screen which button is the "setup key". So I don't know if it's the del button, F2. I tried pressing the Del key and it asks which operating system to start:

Microsoft Windows Recovery Console
do not select this [debugger enabled]
Microsoft Windows XP Professional

For troubleshooting and advanced start up options for Windows, press F8 and when I pressed F8 it gave me the following options:

Safe Mode, Safe Mode with Networking, Safe Mode with Command Prompt.

Enable Boot Logging
Enable VGA Mode
Last Known............
Directory Service....
Debugging Mode
Disable automatic restart on system failure

Start Windows normally
Reboot
Return to OS choices

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 4:25 am

um nevermind, I had a brain freeze. On my computer it's the Esc/F1 key. it's booting from the CD now. It's starting the Reatogo-X-PE now.

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 4:32 am

Ok got the OTLPE to run. Under the "Drivers" section, it only gives the option to click on "none", "Use SafeList" and "all". Use the safe list one?

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 5:26 am

OTL logfile created on: 11/7/2011 12:35:42 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 305.00 Mb Available Physical Memory | 60.00% Memory free
459.00 Mb Paging File | 340.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: ATAPI.SYS >
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp1.cab:atapi.sys
[2004/08/04 01:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2008/09/04 18:39:26 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2003/03/31 07:00:00 | 000,086,912 | ---- | M] (Microsoft Corporation) MD5=95B858761A00E1D4F81F79A0DA019ACA -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 13:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: NDIS.SYS >
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 14:20:37 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 23:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys

< MD5 for: USERINIT.EXE >
[2004/08/04 00:56:58 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 19:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: WINLOGON.EXE >
[2004/08/04 00:56:58 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe
< End of report >

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 5:29 am

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: (build 2600)
Logical Drives Mask: 0x00800006

Kernel Drivers (total 76):
0x80400000 \i386\system32\ntoskrnl.exe
0x80615000 \i386\system32\halacpi.dll
0xF8D95000 \i386\system32\KDCOM.DLL
0xF8CA5000 \i386\system32\BOOTVID.dll
0xF87FA000 setupdd.sys
0xF8E5D000 \i386\system32\drivers\SPDDLANG.SYS
0xF87E9000 pci.sys
0xF87BB000 acpi.sys
0xF8D97000 \i386\system32\drivers\WMILIB.SYS
0xF8895000 isapnp.sys
0xF8E5E000 \i386\system32\drivers\OPRGHDLR.SYS
0xF879D000 pcmcia.sys
0xF8E5F000 pciide.sys
0xF8B15000 \i386\system32\drivers\PCIIDEX.SYS
0xF88C5000 mountmgr.sys
0xF877E000 ftdisk.sys
0xF8B25000 partmgr.sys
0xF8DA1000 dmload.sys
0xF8758000 dmio.sys
0xF88F5000 \i386\system32\drivers\CLASSPNP.SYS
0xF8B35000 usbehci.sys
0xF86FE000 \i386\system32\drivers\USBPORT.SYS
0xF8B45000 usbuhci.sys
0xF8915000 usbhub.sys
0xF8DA5000 \i386\system32\drivers\USBD.SYS
0xF8B55000 \i386\system32\drivers\HIDPARSE.SYS
0xF8935000 serial.sys
0xF8CB1000 serenum.sys
0xF8945000 i8042prt.sys
0xF8B65000 kbdclass.sys
0xF8B6D000 mouclass.sys
0xF86E6000 SCSIPORT.SYS
0xF86CE000 atapi.sys
0xF8CD5000 VMSCSI.SY_
0xF8BCD000 VIAPDSK.SY_
0xF85A1000 viamraid.SY_
0xF853A000 SISRAID4.SY_
0xF8BD5000 SISRAID2.SY_
0xF755A000 dmboot.sys
0xF8619000 cdrom.sys
0xF8609000 disk.sys
0xF7543000 ksecdd.sys
0xF7520000 fastfat.sys
0xF7493000 ntfs.sys
0xF85F9000 cdfs.sys
0xF7466000 ndis.sys
0xF744B000 mup.sys
0xF8EED000 \SystemRoot\System32\drivers\audstub.sys
0xF8DAF000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF8C4D000 \SystemRoot\System32\Drivers\Modem.SYS
0xF8DB3000 \SystemRoot\System32\DRIVERS\swenum.sys
0xF7290000 \SystemRoot\System32\DRIVERS\ks.sys
0xF8D81000 \SystemRoot\system32\drivers\ramdriv.sys
0xF8BDD000 \SystemRoot\System32\drivers\vga.sys
0xBAFEC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0xBAFBB000 \SystemRoot\System32\Drivers\Udfs.SYS
0xF8D8D000 \SystemRoot\System32\DRIVERS\rasacd.sys
0xF8F02000 \SystemRoot\System32\Drivers\Null.SYS
0xF8B75000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF8B85000 \SystemRoot\System32\Drivers\Msfs.SYS
0xBAFA8000 \SystemRoot\System32\drivers\ipsec.sys
0xF8DB7000 \SystemRoot\System32\Drivers\Beep.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF8B9D000 \SystemRoot\System32\watchdog.sys
0xF7353000 \SystemRoot\System32\drivers\Dxapi.sys
0xBF9C1000 \SystemRoot\System32\drivers\dxg.sys
0xF8F40000 \SystemRoot\System32\drivers\dxgthk.sys
0xBFF50000 \SystemRoot\System32\framebuf.dll
0xF8AB5000 \SystemRoot\system32\DRIVERS\netbios.sys
0xF8B1D000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xBAADC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xBAA45000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xBA9ED000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xBA9CB000 \SystemRoot\system32\drivers\afd.sys
0xBA9A3000 \SystemRoot\system32\DRIVERS\netbt.sys
0x7C900000 \I386\SYSTEM32\NTDLL.DLL

Processes (total 15):
0 System Idle Process
4 System
208 X:\I386\SYSTEM32\CSRSS.EXE
268 X:\I386\SYSTEM32\SERVICES.EXE
280 X:\I386\SYSTEM32\LSASS.EXE
396 X:\I386\SYSTEM32\REATOGOLOGON.EXE
400 X:\I386\SYSTEM32\SVCHOST.EXE
480 X:\I386\SYSTEM32\SVCHOST.EXE
1496 X:\I386\SYSTEM32\SVCHOST.EXE
1668 X:\I386\SYSTEM32\SVCHOST.EXE
1804 X:\PROGRAMS\wbload\wbload.exe
1932 X:\I386\SYSTEM32\SVCHOST.EXE
1984 X:\I386\EXPLORER.EXE
764 X:\I386\EXPLORER.EXE
888 C:\MBRCheck.exe

\\.\B: --> error 1
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: TOSHIBAMK4025GAS, Rev: KA101A

Size Device Name MBR Status
--------------------------------------------
37 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A


Done!

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Tue 08 Nov 2011, 5:40 am

FYI - I could not get on the internet with Reatogo-X-PE so I had to copy the files onto a flash drive and post them from my work computer. Can I reboot and go back to booting from my C: drive or should I stay on Reatogo?

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Tue 08 Nov 2011, 6:43 pm

Stay in REATOGO and moving stuff around with a flash drive is a very good idea.

I think I have found some bad files - lets get rid of it and see if things work out better for you after that.

====================

Please run OTLPE again

  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:
:files
C:\WINDOWS\tasks\IWUM.job
C:\WINDOWS\tasks\MOBCCAFLUV.job
C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
C:\WINDOWS\System32\TZLogq.dll
C:\WINDOWS\Wzehigihagonaman.dat
C:\WINDOWS\System32\msxmlp.dll
C:\WINDOWS\Blibirikijirazoh.bin

:otl
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found

:commands
[reboot]
  • Then click the Run Fix button at the top (Not the Run Scan!).
  • The computer will reboot - do so normally (take out the boot CD).
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


Redirects are gone after this !?!?!?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 2:03 am

You are AWESOME!!!!!! Seems to be fixed now!!! Thank you so much!

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 2:05 am

OTL logfile created on: 11/8/2011 9:19:00 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 303.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 338.00 Mb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive D: | 254.09 Mb Total Space | 251.56 Mb Free Space | 99.00% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 20:52:12 | 000,000,322 | -HS- | C] () -- C:\WINDOWS\tasks\IWUM.job
[2011/10/31 20:52:12 | 000,000,316 | -HS- | C] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\TZLogq.dll
[2011/10/31 20:52:11 | 000,069,120 | RHS- | C] () -- C:\WINDOWS\System32\msxmlp.dll
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/09/06 13:13:39 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2011/09/06 13:13:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/10/07 22:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/24 17:22:53 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\Tasks\IWUM.job
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\Tasks\MOBCCAFLUV.job
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >
[2011/11/07 12:20:08 | 000,000,322 | -HS- | M] () -- C:\WINDOWS\tasks\IWUM.job

< C:\WINDOWS\tasks\MOBCCAFLUV.job >
[2011/11/07 12:20:08 | 000,000,316 | -HS- | M] () -- C:\WINDOWS\tasks\MOBCCAFLUV.job

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\TZLogq.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Wzehigihagonaman.dat >
[2011/09/13 17:27:54 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Wzehigihagonaman.dat
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< C:\WINDOWS\System32\msxmlp.dll >
[2011/10/31 20:52:11 | 000,069,120 | RHS- | M] () -- C:\WINDOWS\System32\msxmlp.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

< C:\WINDOWS\Blibirikijirazoh.bin >
[2011/09/13 17:27:54 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Blibirikijirazoh.bin
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Wed 09 Nov 2011, 2:16 am

The last log puzzles me.

It was made by incorrectly following my instructions.

You have to paste the fix script (the green text in the code box of my previous post) in the "Custom fixes" field of OTLPE and click RUN FIX - not RUN SCAN.

The log you just posted is what happens if you err and click the Run Scan button - it still shows the bad files.

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 2:36 am

oh wait.......................check this one out............... I removed the disk too soon and computer got hung up (oops, sorry) and so I ran it again. Is this the log you were looking for? I do have a log that popped up on reboot. I'll post that at the end of this post.

OTL logfile created on: 11/8/2011 9:38:25 AM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.00 Mb Total Physical Memory | 301.00 Mb Available Physical Memory | 59.00% Memory free
459.00 Mb Paging File | 337.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 15.29 Gb Free Space | 41.03% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled] -- -- (SessionLauncher)
SRV - File not found [Disabled] -- -- (RoxLiveShare10)
SRV - File not found [Disabled] -- -- (HidServ)
SRV - [2011/09/23 17:08:19 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/09/23 17:01:09 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/24 14:34:52 | 000,091,456 | ---- | M] () [Auto] -- C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe -- (MotoConnect Service)
SRV - [2009/01/07 17:21:00 | 000,026,144 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\spupdsvc.exe -- (spupdsvc)
SRV - [2008/08/08 20:46:55 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2006/02/23 10:41:02 | 002,045,632 | ---- | M] (Symantec Corporation) [Disabled] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_0.EXE -- (LiveUpdate)
SRV - [2003/12/16 08:23:40 | 000,303,171 | ---- | M] (Intel Corporation ) [Auto] -- C:\WINDOWS\system32\S24EvMon.exe -- (S24EventMonitor)
SRV - [2003/12/16 08:22:36 | 000,122,880 | ---- | M] (Intel Corporation) [Auto] -- C:\WINDOWS\system32\RegSrvc.exe -- (RegSrvc)
SRV - [2003/12/09 23:50:54 | 000,126,976 | ---- | M] (TOSHIBA) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesrv31.exe -- (Tmesrv)
SRV - [2003/12/02 20:05:54 | 000,028,672 | ---- | M] (TOSHIBA CORPORATION) [Disabled] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)
SRV - [2003/10/21 14:26:14 | 000,053,248 | ---- | M] () [Disabled] -- C:\Toshiba\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2003/08/01 17:56:02 | 000,086,016 | ---- | M] (TOSHIBA Corporation) [Disabled] -- C:\Program Files\TOSHIBA\TME3\Tmesbs32.exe -- (Tmesbs)
SRV - [2003/05/23 16:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Disabled] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)
SRV - [2002/09/20 19:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (MRENDIS5)
DRV - File not found [Kernel | On_Demand] -- -- (MREMPR5)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (FreshIO)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - [2011/09/18 07:39:27 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/09/15 22:55:04 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/09/15 22:55:03 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/06/17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/03/17 15:53:38 | 000,021,248 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2010/03/17 15:53:22 | 000,020,096 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/02/11 09:42:11 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2006/06/30 18:20:32 | 000,008,413 | ---- | M] (RealNetworks, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2006/02/26 17:35:13 | 000,014,037 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\mdc8021x.sys -- (MDC8021X) AEGIS Protocol (IEEE 802.1x)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/01/09 22:26:46 | 000,028,416 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TEchoCan.sys -- (TEchoCan)
DRV - [2004/01/02 05:52:34 | 001,646,720 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w22n51.sys -- (w22n51) Intel(R)
DRV - [2003/12/24 22:34:04 | 000,091,008 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfbd.sys -- (Tosrfbd)
DRV - [2003/12/17 02:45:46 | 000,048,000 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\TosRfhid.sys -- (Tosrfhid)
DRV - [2003/12/16 23:08:46 | 000,013,312 | ---- | M] (National Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NscTpmDD.sys -- (portio)
DRV - [2003/12/16 08:16:26 | 000,010,970 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2003/12/10 20:11:26 | 000,100,153 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2003/12/05 12:16:38 | 000,062,607 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2003/12/05 05:50:28 | 000,979,840 | ---- | M] (IntelŪ Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w70n51.sys -- (w70n51) Intel(R)
DRV - [2003/11/27 23:29:08 | 000,053,632 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfusb.sys -- (Tosrfusb)
DRV - [2003/11/21 17:22:48 | 000,017,076 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2003/11/20 14:24:10 | 000,045,534 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosporte.sys -- (tosporte)
DRV - [2003/10/24 16:53:14 | 000,090,416 | ---- | M] (Matsushita Electric Industrial Co.,Ltd.) [File_System | System] -- C:\WINDOWS\system32\drivers\meiudf.sys -- (meiudf)
DRV - [2003/08/19 19:04:30 | 000,036,131 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\tosrfbnp.sys -- (Tosrfbnp)
DRV - [2003/08/07 18:52:00 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\TVALZ.SYS -- (TVALZ)
DRV - [2003/06/11 11:53:22 | 000,006,867 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\drivers\tbiosdrv.sys -- (TBiosDrv)
DRV - [2003/02/04 15:12:36 | 000,008,605 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Tosrfec.sys -- (tosrfec)
DRV - [2003/01/29 17:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)
DRV - [2002/12/20 16:07:00 | 001,164,576 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2002/11/18 20:20:44 | 000,030,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gv3.sys -- (gv3)
DRV - [2002/09/26 16:15:28 | 000,005,760 | ---- | M] (Toshiba Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\TMEI3E.sys -- (TMEI3E)
DRV - [2002/04/06 22:50:56 | 000,019,607 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys -- (tossmbnt)
DRV - [2001/09/11 14:54:32 | 000,038,425 | ---- | M] (SMC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.855
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..network.proxy.no_proxies_on: "*.local"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{FC50227B-E2CA-4C2B-9EA2-BA4C8C529B9B} [2011/09/06 13:13:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/07 22:26:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/01 18:09:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/10/26 07:34:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

[2008/10/29 23:16:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions
[2010/06/20 18:00:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/11/07 09:21:41 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/10/27 22:01:43 | 000,002,479 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\askcom.xml
[2011/01/09 16:10:11 | 000,002,698 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\bitc77bk.default\searchplugins\twitter.xml
[2011/05/10 19:47:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/11 20:03:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/24 19:56:10 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
File not found (No name found) --
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2003/03/31 07:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [00THotkey] C:\WINDOWS\system32\00THotkey.exe (TOSHIBA Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [You must be registered and logged in to see this link.] (QuickTime Object)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} [You must be registered and logged in to see this link.] (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [You must be registered and logged in to see this link.] (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} [You must be registered and logged in to see this link.] (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [You must be registered and logged in to see this link.] (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.1.10.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/13 19:25:49 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell - "" = AutoRun
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{a59288a1-ef62-11df-9d87-000e7beb410a}\Shell\AutoRun\command - "" = E:\setup.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/08 09:25:14 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2011/11/07 10:44:35 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/11/07 09:27:11 | 004,284,246 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/02 09:29:19 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/11/01 20:33:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\OTL
[2011/11/01 20:04:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/10/31 22:06:40 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/31 22:00:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/10/31 22:00:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/31 22:00:38 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/10/31 22:00:38 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/10/31 22:00:04 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/10/31 21:59:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/31 21:59:10 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Administrative Tools
[2011/10/31 21:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\NetworkService\IETldCache
[2011/10/31 19:20:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/10/29 14:36:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Avira
[2011/10/29 14:35:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 14:35:15 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/10/29 14:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/10/29 14:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/10/29 14:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/10/29 14:34:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/10/29 14:25:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\i18CommonMgmt
[2011/10/29 10:19:28 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/10/27 23:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 23:14:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/10/16 20:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2011/10/16 20:47:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\uTorrent
[2011/10/16 20:43:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2011/10/11 17:44:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\AppWebspl
[2006/12/29 21:29:06 | 000,092,064 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdm.sys
[2006/12/29 21:29:06 | 000,079,328 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmserd.sys
[2006/12/29 21:29:06 | 000,009,232 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmmdfl.sys
[2006/12/29 21:29:06 | 000,005,936 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmwhnt.sys
[2006/12/29 21:29:05 | 000,066,656 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmbus.sys
[2006/12/29 21:29:05 | 000,006,208 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcmnt.sys
[2006/12/29 21:29:05 | 000,004,048 | ---- | C] (MCCI) -- C:\Documents and Settings\Administrator\mqdmcr.sys
[2006/12/29 21:29:04 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermptxp.sys
[2006/12/29 21:29:04 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Administrator\usbsermpt.sys
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/07 12:21:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\OGALogon.job
[2011/11/07 12:20:02 | 536,203,264 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/07 11:58:08 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/07 11:24:03 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500UA.job
[2011/11/07 10:54:51 | 000,080,384 | ---- | M] () -- C:\MBRCheck.exe
[2011/11/07 10:43:48 | 004,284,246 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/11/07 09:15:17 | 000,477,786 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/07 09:15:17 | 000,086,596 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/04 10:51:12 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/02 10:33:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/02 10:33:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/01 20:56:53 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/11/01 20:04:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.com
[2011/11/01 18:24:20 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-923130703-2451520593-1935410814-500Core.job
[2011/10/31 22:06:53 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/10/31 19:25:09 | 000,279,744 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:08 | 000,000,206 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/31 17:22:07 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/10/29 15:09:56 | 000,000,878 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 14:35:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/10/29 10:42:59 | 000,004,740 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:27 | 000,453,280 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/13 21:15:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/07 10:54:51 | 000,080,384 | ---- | C] () -- C:\MBRCheck.exe
[2011/11/04 10:51:12 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Shortcut to ComboFix.exe.lnk
[2011/11/01 20:56:53 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2011/10/31 22:06:53 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/10/31 22:06:45 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/10/31 22:00:39 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/31 22:00:39 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/31 22:00:39 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/10/31 22:00:38 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/10/31 22:00:38 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/10/31 19:25:09 | 536,203,264 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/31 19:25:09 | 000,279,744 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/10/31 19:23:02 | 000,000,206 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111031_202250-10-31-11.reg
[2011/10/29 15:09:34 | 000,000,878 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_160917_10-29-11(2).reg
[2011/10/29 14:35:55 | 000,001,707 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Avira Control Center.lnk
[2011/10/29 10:42:46 | 000,004,740 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111029_114225_10-29-11.reg
[2011/10/27 23:31:13 | 000,453,280 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20111028_003053 - reg files.reg
[2011/10/27 23:17:49 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/09/15 22:21:33 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/07/27 16:56:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/02/14 09:53:31 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2009/02/14 09:53:31 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2009/02/14 09:53:31 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2009/02/14 09:53:31 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2009/02/14 09:53:31 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2009/02/14 09:53:31 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2009/02/14 09:53:31 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2009/02/14 09:53:31 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2009/02/14 09:53:31 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2009/02/14 09:53:31 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2009/02/14 09:53:31 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2009/02/14 09:53:31 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2009/02/14 09:53:31 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2009/02/14 09:53:31 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/02/14 09:49:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\EPSCX9400Fax.ini
[2008/11/11 15:51:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\rx_image.Cache
[2008/10/08 17:38:52 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2008/02/11 09:42:02 | 000,015,778 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.PNF
[2008/02/11 09:42:02 | 000,009,842 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem25.inf
[2008/02/11 09:42:02 | 000,007,554 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.PNF
[2008/02/11 09:42:02 | 000,007,082 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem24.PNF
[2008/02/11 09:42:02 | 000,004,406 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740922-(null)
[2008/02/11 09:42:01 | 000,015,698 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.PNF
[2008/02/11 09:42:01 | 000,012,770 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem20.PNF
[2008/02/11 09:42:01 | 000,012,364 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.PNF
[2008/02/11 09:42:01 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem22.inf
[2008/02/11 09:42:01 | 000,006,921 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem23.inf
[2008/02/11 09:42:01 | 000,006,061 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740921-(null)
[2008/02/11 09:42:01 | 000,005,813 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem21.inf
[2008/02/11 09:42:00 | 000,014,238 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem18.PNF
[2008/02/11 09:42:00 | 000,012,844 | ---- | C] () -- C:\Documents and Settings\Administrator\Copy of oem19.PNF
[2008/02/11 09:42:00 | 000,007,141 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740919-(null)
[2008/02/11 09:42:00 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\1202740920-(null)
[2007/08/21 14:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2007/07/06 14:54:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/06/29 16:16:01 | 000,007,680 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 21:29:05 | 000,009,913 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_MDM.INF
[2006/12/29 21:29:05 | 000,009,232 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_BRIT.INF
[2006/12/29 21:29:05 | 000,006,989 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_BUS.INF
[2006/12/29 21:29:05 | 000,004,477 | ---- | C] () -- C:\Documents and Settings\Administrator\MCCI_SDM.INF
[2006/12/29 21:29:04 | 000,007,201 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000.INF
[2006/12/29 21:29:04 | 000,006,141 | ---- | C] () -- C:\Documents and Settings\Administrator\USBMOT2000XP.INF
[2006/12/29 21:29:04 | 000,005,960 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_MOT_A1000.INF
[2006/12/29 21:29:04 | 000,005,880 | ---- | C] () -- C:\Documents and Settings\Administrator\USB_CMCS_2000.INF
[2006/04/19 13:21:35 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/04/19 13:21:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/03/09 21:13:15 | 000,001,890 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/03/09 21:12:45 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swupdate.INI
[2004/08/02 14:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/01/14 17:53:52 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/14 14:21:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tosOBEX.INI
[2004/01/14 13:53:21 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\pxhpinst.exe
[2004/01/14 13:37:54 | 000,019,607 | ---- | C] () -- C:\WINDOWS\System32\drivers\TOSSMBNT.sys
[2004/01/14 13:34:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2004/01/14 13:14:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/14 12:49:38 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\tcleanup.exe
[2004/01/14 12:46:50 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\000StTHK.exe
[2004/01/14 12:38:21 | 000,090,112 | ---- | C] () -- C:\WINDOWS\InstDrvr.exe
[2004/01/14 12:38:21 | 000,006,867 | ---- | C] () -- C:\WINDOWS\System32\drivers\tbiosdrv.sys
[2004/01/14 12:20:04 | 000,010,165 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2004/01/14 12:20:03 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2004/01/14 12:20:03 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2004/01/14 12:20:03 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2004/01/13 19:31:37 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/13 19:29:04 | 000,000,791 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/13 19:28:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/01/13 19:23:33 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/01/13 19:22:38 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/13 18:10:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/13 18:09:42 | 000,477,786 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/01/13 18:09:42 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/01/13 18:09:42 | 000,086,596 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/01/13 18:09:42 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/01/13 18:09:40 | 000,004,598 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/01/13 18:09:39 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/01/13 18:09:36 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/01/13 18:09:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/01/13 18:09:26 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/01/13 18:09:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/01/13 18:09:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/01/13 11:19:27 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/12/16 08:29:42 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/11/27 20:29:30 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\TosKeyboardPage.dll
[2003/11/27 20:13:58 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\TosMousePage.dll
[2003/11/20 19:52:02 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2003/11/14 14:05:52 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\TBTMonUI.dll
[2003/11/14 13:57:00 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\TosBtHcrpAPI.dll
[2003/07/29 18:33:26 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\TosHidAPI.dll
[2002/12/04 10:57:00 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2002/12/04 10:57:00 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/06/04 12:58:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll

========== LOP Check ==========

[2011/05/10 19:30:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AVG
[2009/02/14 10:50:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\EPSON
[2009/02/15 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FreshDiagnose
[2004/01/14 13:41:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterTrust
[2004/01/14 14:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo
[2007/07/06 15:02:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OfficeUpdate12
[2004/01/14 14:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\toshiba
[2008/11/10 11:23:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TuneUp Software
[2011/10/18 17:26:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2010/01/30 18:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\TuneUp Software
[2011/05/10 19:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/04/15 22:57:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 10:01:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2011/05/10 19:41:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2008/11/10 10:18:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2010/02/20 14:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/11/01 18:09:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2011/11/07 12:20:12 | 000,000,236 | ---- | M] () -- C:\WINDOWS\Tasks\OGALogon.job

========== Purity Check ==========



========== Custom Scans ==========


< :files >

< C:\WINDOWS\tasks\IWUM.job >

< C:\WINDOWS\tasks\MOBCCAFLUV.job >

< C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} >

< C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} >

< C:\WINDOWS\System32\TZLogq.dll >

< C:\WINDOWS\Wzehigihagonaman.dat >

< C:\WINDOWS\System32\msxmlp.dll >

< C:\WINDOWS\Blibirikijirazoh.bin >


< :otl >

~[Filtered]~


< :commands >

< [reboot] >
< End of report >


Here's the log that came up on reboot
========== FILES ==========
File\Folder C:\WINDOWS\tasks\IWUM.job not found.
File\Folder C:\WINDOWS\tasks\MOBCCAFLUV.job not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} not found.
File\Folder C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521} not found.
File\Folder C:\WINDOWS\System32\TZLogq.dll not found.
File\Folder C:\WINDOWS\Wzehigihagonaman.dat not found.
File\Folder C:\WINDOWS\System32\msxmlp.dll not found.
File\Folder C:\WINDOWS\Blibirikijirazoh.bin not found.
========== OTL ==========
File move failed. C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk scheduled to be moved on reboot.
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 11082011_094205

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk not found!

Registry entries deleted on Reboot...


computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Wed 09 Nov 2011, 2:40 am

Ok - that log is clean. Your redirect problems are over now?

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 2:43 am

So far so good!!! I've ran searches on both Firefox and Internet Explorer. The same ones I ran before and then some new ones. All seems to be going well.............................

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Wed 09 Nov 2011, 2:57 am

*FISTPUMP*

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.
  • Go to Start > Control Panel
  • Double-click on Add or Remove Programs
  • Look for entries that say Java, Java RunTime Environment or J2SE.
  • Uninstall all of them that are not named Java (TM) 6 Update 29

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 29).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

You have an old version installed of Adobe Reader. This old version has security issues.
I recommend that you uninstall Adobe Reader through Start > Control Panel > Add or Remove Programs.
After that you should install a PDF reader that is more secure.
Please note that Adobe Reader has a history of security issues and is a prime target for malware writers due to its popularity. You might want to consider installing a non-Adobe PDF reader. Your choice!
  • Adobe Reader 10. The last and most safest version of Adobe Reader.
  • SumatraPDF. Very small and very light PDF viewer.
  • PDF XChange. Also available in 64-bit version if you have a 64-bit OS. Can be installed as portable.


====================

I see that you have P2P software installed on your machine (uTorrent).
While file-sharing is a useful concept, P2P programs are mostly used for shady/illegal practices like software piracy, copyright infraction and malware distribution. You really do not want to contribute to illegal activities or find yourself victim of cybercriminals using P2P for spreading of their malware. I would strongly recommend that you uninstall all P2P software, however that choice is up to you. If you choose to remove these programs, you can do so via Start >> Control Panel >> Add or Remove Programs.

====================

Time to uninstall used tools.

  • Go to Start > Run and type or copy/paste Combofix /uninstall (note the space before the "/").
  • Double click OTL.exe to run it again and click the CleanUp button.
  • If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Do you have any more questions or do you want to see my ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)?


Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 3:47 am

The Utorrent was installed by my son on an external hard drive and is not actually located on the computer itself. I tried to delete it using the Add/Remove programs but it says it's on Drive E: which is a usb port. Is there a way to remove it from the Program List?

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 3:55 am

Oh and YES, most definitely, I'd like your ALORTKYCC (Awesome List Or Recommendations To Keep Your Computer Clean)!!

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Gabethebabe on Wed 09 Nov 2011, 6:02 pm

Allright! Here follows my ALORTKYCC (Awesome List Of Recommendations To Keep Your Computer Clean):

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit [You must be registered and logged in to see this link.]. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account, not an administrator account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware canīt touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:
  • Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  • Ad-Aware Free Internet Security has received great reviews from leading security analysts.
  • Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:
  • Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  • Online Armor. A very smart and user friendly firewall.
  • Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:
  • Stay away from cracks and keygens (look [You must be registered and logged in to see this link.] for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  • Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use the last version) can be made a lot safer with Spywareblaster (manual here).
  • The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  • WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  • Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? [You must be registered and logged in to see this link.]!

Gabethebabe

Tech Advisor
Tech Advisor

Posts : 1568
Joined : 2010-03-07
Operating System : WIN7 64bit, Ubuntu 12.04 LTS

View user profile

Back to top Go down

Re: Redirect virus

Post by computerchallenged on Wed 09 Nov 2011, 11:10 pm

Awesome, thank you so much!!!

computerchallenged

Newbie Surfer
Newbie Surfer

Posts : 36
Joined : 2009-05-25
Operating System : Windows XP

View user profile

Back to top Go down

Re: Redirect virus

Post by Sponsored content Today at 9:49 am


Sponsored content


Back to top Go down

Page 2 of 2 Previous  1, 2

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum