Unsolved
This post is more than 5 years old
6 Posts
0
1812
March 12th, 2011 23:00
Redirected Searches & Slow Computer
Hi, new to this place... and first time ever seeing this problem on my computer. Right now, my symptoms are browser redirection to other sites as well as computer running very slowly and occasionally freezing up. Would appreciate the help very much, thanks!!
Here's my HiJack file.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:57:36 PM, on 3/12/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Sophos\AutoUpdate\ALMon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\jey\My Documents\Downloads\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O2 - BHO: Sophos Web Content Scanner - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Qpumotefaco] rundll32.exe "C:\WINDOWS\atipehuk.dll",Startup
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\jey\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Tvoruquga] rundll32.exe "C:\WINDOWS\winshs.dll",Startup
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sophos Anti-Virus status reporter (SAVAdminService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
O23 - Service: Sophos Anti-Virus (SAVService) - Sophos Plc - C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
O23 - Service: Sophos AutoUpdate Service - Sophos Plc - C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\WINDOWS\system32\Wacom_Tablet.exe
O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
--
End of file - 9013 bytes
0 events found
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 13th, 2011 01:00
Hello kidoairaku and welcome,
I'm kevinf80 and I will be helping with any malware issues you may have with your system.
Please proceed as follows :-
Step 1
Please re-open HiJackThis and scan only. Check the boxes next to all the entries listed below.
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll (file missing)
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
O4 - HKLM\..\Run: [Qpumotefaco] rundll32.exe "C:\WINDOWS\atipehuk.dll",Startup
O4 - HKCU\..\Run: [Tvoruquga] rundll32.exe "C:\WINDOWS\winshs.dll",Startup
Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis. Reboot
Step 2
Please download OTM by OldTimer.
Alternative Mirror
Save it to your desktop.
Double click OTM.exe to start the tool. Vista or Windows 7 users right click and select Run as Administrator
-------------------------------------------------------------------
:Services
:Files
ipconfig /flushdns /c
C:\WINDOWS\atipehuk.dll
C:\WINDOWS\winshs.dll
C:\Program Files\AskBarDis
:Commands
[Purity]
[EmptyFlash]
[EmptyTemp]
[ResetHosts]
---------------------------------------------------------------------
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
If the machine reboots, the Results log can be found here:
c:\_OTMoveIt\MovedFiles\mmddyyyy_hhmmss.log
Where mmddyyyy_hhmmss is the date of the tool run.
Step 3
Alernative D/L mirror
Alternative D/L mirror
Double Click mbam-setup.exe to install the application.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
Post logs from OTM and Malwarebytes in your reply, also give update on any remaining issues. Is there a specific reason why you still have IE6, why have you not updated to IE8
Kevin...
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 13th, 2011 03:00
Continue as follows :-
Step 1
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
Step 2
Download
Link 1
Link 2
Link 3
Link 4
------------------------------------------------------------------------------------------------------------
netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
--------------------------------------------------------------------------------------------------------------------------------
What i`d like in your reply :-
Kevin
kidoairaku
6 Posts
0
March 13th, 2011 03:00
Thank you very much!! I'm surprised and grateful for the quick response.After having followed your instructions here are the logs for the OTM and MBAM scans respectively. As for not having yet updated to IE8, I don't use IE much so that's the only reason (Actually I just recently redownloaded IE in order to test out my website coding otherwise I almost always use firefox and chrome only). The immediate issue that I can see is that whenever I open up my firefox, sophos alerts me with "File "C:\Documents and Settings\jey\Local Settings\Application Data\{8BC5CD56-2F1B4164-856B-DBD461C1B1BB}\chrome\content\overlay.xul" belongs to virus/spyware Troj/FFAdRedr-A."
OTM log:
All processes killed
========== SERVICES/DRIVERS ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\jey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\jey\Desktop\cmd.txt deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\atipehuk.dll
C:\WINDOWS\atipehuk.dll moved successfully.
File/Folder C:\WINDOWS\winshs.dll not found.
File/Folder C:\Program Files\AskBarDis not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: jey
->Temp folder emptied: 540663559 bytes
->Temporary Internet Files folder emptied: 23420855 bytes
->Java cache emptied: 9345 bytes
->FireFox cache emptied: 91050482 bytes
->Google Chrome cache emptied: 236961611 bytes
->Flash cache emptied: 234783 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3625933 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22000189 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder
emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet
Files folder emptied: 33170 bytes
RecycleBin emptied: 517982630 bytes
Total Files Cleaned = 1,372.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTM by OldTimer - Version 3.1.17.2 log created on 03132011_010235
Files moved on Reboot...
Registry entries deleted on Reboot...
MBAM Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Database version: 6041
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
3/13/2011 1:19:53 AM
mbam-log-2011-03-13 (01-19-53).txt
Scan type: Quick scan
Objects scanned: 147620
Time elapsed: 4 minute(s), 42 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\ (Hijack.Zones) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Thanks :)
kidoairaku
6 Posts
0
March 13th, 2011 21:00
Okay... here it is.
Log from Goored:
GooredFix by jpshortstuff (03.07.10.1)
Log created at 18:56 on 13/03/2011 (jey)
Firefox version 3.6.15 (en-US)
========== GooredScan ==========
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{9D4EA45C-5A5B-4B0F-A882-7D7B974FC812} -> Success!
Deleting C:\Documents and Settings\jey\Local Settings\Application Data\{9D4EA45C-5A5B-4B0F-A882-7D7B974FC812} -> Success!
Deleting HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{8BC5CD56-2F1B-4164-856B-DBD461C1B1BB} -> Success!
Deleting C:\Documents and Settings\jey\Local Settings\Application Data\{8BC5CD56-2F1B-4164-856B-DBD461C1B1BB} -> Success!
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [10:35 06/06/2009]
{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} [11:56 15/07/2009]
C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\extensions\
foxmarks@kei.com [10:53 06/06/2009]
{f86e6264-e877-5fce-c3e4-8668a7d99da2} [05:11 12/01/2011]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [11:55 15/07/2009]
-=E.O.F=-
OTL Txt
OTL logfile created on: 3/13/2011 7:03:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\jey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.48 Gb Total Space | 11.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Computer Name: CHOGINGA | User Name: jey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/13 18:55:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTL.exe
PRC - [2011/02/18 12:05:46 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/06/02 16:58:38 | 000,172,032 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
PRC - [2009/10/28 23:57:18 | 000,080,936 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
PRC - [2009/07/06 15:51:39 | 000,245,760 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\AutoUpdate\ALMon.exe
PRC - [2009/06/05 01:19:43 | 000,098,304 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
PRC - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) -- C:\WINDOWS\system32\Wacom_Tablet.exe
PRC - [2008/04/14 05:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/10/08 14:18:04 | 000,995,328 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
PRC - [2007/10/08 14:09:26 | 000,659,456 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
========== Modules (SafeList) ==========
MOD - [2011/03/13 18:55:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/09/02 20:06:20 | 000,195,072 | ---- | M] (Sophos Plc) -- C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll
MOD - [2007/03/30 19:59:08 | 000,102,400 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hccutils.dll
========== Win32 Services (SafeList) ==========
SRV - [2010/06/02 16:58:38 | 000,172,032 | ---- | M] (Sophos Plc) [Auto | Running] -- C:\Program Files\Sophos\AutoUpdate\ALsvc.exe -- (Sophos AutoUpdate Service)
SRV - [2009/10/28 23:57:18 | 000,080,936 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe -- (SAVAdminService)
SRV - [2009/07/06 23:20:15 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/06/05 01:19:43 | 000,098,304 | ---- | M] (Sophos Plc) [Unknown | Running] -- C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe -- (SAVService)
SRV - [2008/10/30 11:13:28 | 002,749,224 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\WINDOWS\system32\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2007/10/08 14:15:50 | 000,356,352 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R)
========== Driver Services (SafeList) ==========
DRV - [2010/06/02 16:57:54 | 000,111,232 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccesscontrol.sys -- (SAVOnAccessControl)
DRV - [2010/06/02 16:57:27 | 000,038,912 | ---- | M] (Sophos Plc) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\savonaccessfilter.sys -- (SAVOnAccessFilter)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/09/23 11:41:58 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2009/06/06 04:33:20 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/06/05 01:34:19 | 000,014,976 | ---- | M] (Sophos Plc) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\SophosBootDriver.sys -- (SophosBootDriver)
DRV - [2008/10/06 11:53:24 | 000,015,656 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)
DRV - [2008/07/11 11:16:50 | 000,013,352 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)
DRV - [2007/09/26 06:01:32 | 002,236,032 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/27 11:10:36 | 000,012,288 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/02/16 11:12:36 | 000,011,312 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)
DRV - [2007/02/15 16:11:28 | 000,011,440 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2001/08/23 08:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Ask"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {f86e6264-e877-5fce-c3e4-8668a7d99da2}:1.9.2
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..keyword.URL: "http://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q="
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/11 00:57:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/11 00:57:26 | 000,000,000 | ---D | M]
[2009/06/06 03:35:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jey\Application Data\Mozilla\Extensions
[2011/03/13 01:46:11 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\extensions
[2011/01/11 22:11:43 | 000,000,000 | ---D | M] (dAmn XPCOM) -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\extensions\{f86e6264-e877-5fce-c3e4-8668a7d99da2}
[2009/06/06 03:53:53 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\extensions\foxmarks@kei.com
[2009/08/08 15:29:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\searchplugins\ask.xml
[2009/06/06 06:55:36 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\searchplugins\daemon-search.xml
[2011/03/11 01:07:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2009/07/15 04:55:41 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/03/13 02:04:37 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Sophos Web Content Scanner) - {39EA7695-B3F2-4C44-A4BC-297ADA8FD235} - C:\Program Files\Sophos\Sophos Anti-Virus\SophosBHO.dll (Sophos Plc)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Qpumotefaco] File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutoUpdate Monitor.lnk = C:\Program Files\Sophos\AutoUpdate\ALMon.exe (Sophos Plc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Plc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/04 23:10:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{d244787c-69bc-11df-8660-0015c5226195}\Shell - "" = AutoRun
O33 - MountPoints2\{d244787c-69bc-11df-8660-0015c5226195}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d244787c-69bc-11df-8660-0015c5226195}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{d244787d-69bc-11df-8660-0015c5226195}\Shell\AutoRun\command - "" = G:\setupSNK.exe
O33 - MountPoints2\{faf8920d-09cc-11e0-8697-0015c5226195}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{faf8920d-09cc-11e0-8697-0015c5226195}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\i420vfw.dll (www.helixcommunity.org)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (65315805348233216)
========== Files/Folders - Created Within 30 Days ==========
[2011/03/13 18:56:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Desktop\GooredFix Backups
[2011/03/13 18:55:22 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTL.exe
[2011/03/13 18:55:06 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\jey\Desktop\GooredFix.exe
[2011/03/13 02:14:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Application Data\Malwarebytes
[2011/03/13 02:13:55 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/13 02:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/13 02:13:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/13 02:13:50 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/13 02:13:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/13 02:02:35 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/03/13 01:59:43 | 000,519,680 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTM.exe
[2011/03/13 01:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Desktop\backups
[2011/03/13 01:50:33 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\jey\Desktop\HijackThis.exe
[2011/03/13 01:40:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\jey\IECompatCache
[2011/03/13 01:18:45 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/09 02:26:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/03/08 14:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Application Data\SUPERAntiSpyware.com
[2011/03/08 14:29:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/08 14:29:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/08 14:29:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/02/23 22:26:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Application Data\OfferBox
[2011/02/23 22:25:55 | 000,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2011/02/12 18:37:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\jey\Desktop\RESUME
========== Files - Modified Within 30 Days ==========
[2011/03/13 18:55:23 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTL.exe
[2011/03/13 18:55:07 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\jey\Desktop\GooredFix.exe
[2011/03/13 18:50:43 | 000,312,172 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 18:50:43 | 000,040,394 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/13 18:50:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-602609370-839522115-1003UA.job
[2011/03/13 17:20:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2011/03/13 17:19:54 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Gtppze.job
[2011/03/13 17:19:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/13 17:19:35 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 02:13:56 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/13 02:04:37 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/03/13 01:59:44 | 000,519,680 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\jey\Desktop\OTM.exe
[2011/03/13 01:50:33 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\jey\Desktop\HijackThis.exe
[2011/03/13 01:50:00 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1085031214-602609370-839522115-1003Core.job
[2011/03/13 01:39:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Egube.bin
[2011/03/13 01:26:42 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/13 01:26:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/13 01:23:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/11 17:51:10 | 000,002,268 | ---- | M] () -- C:\Documents and Settings\jey\Desktop\Google Chrome.lnk
[2011/03/11 17:51:10 | 000,002,246 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/09 23:13:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pfepezenocopolo.dat
[2011/03/09 19:43:20 | 000,218,869 | ---- | M] () -- C:\Documents and Settings\jey\Desktop\photo.JPG
[2011/03/07 19:15:29 | 002,102,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/06 17:26:46 | 000,000,751 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\World of Warcraft.lnk
[2011/03/02 17:38:20 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\winscp.rnd
[2011/03/02 12:33:17 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/24 15:52:08 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\jey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/02/23 23:47:25 | 000,001,768 | -H-- | M] () -- C:\Documents and Settings\jey\My Documents\Default.rdp
[2011/02/15 18:42:59 | 013,026,380 | ---- | M] () -- C:\Documents and Settings\jey\Desktop\randomsorairodays.wav
========== Files Created - No Company Name ==========
[2011/03/13 02:13:56 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/09 19:43:12 | 000,218,869 | ---- | C] () -- C:\Documents and Settings\jey\Desktop\photo.JPG
[2011/02/23 22:27:15 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Pfepezenocopolo.dat
[2011/02/23 22:27:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Egube.bin
[2011/02/23 22:25:11 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\Gtppze.job
[2011/02/15 18:42:54 | 013,026,380 | ---- | C] () -- C:\Documents and Settings\jey\Desktop\randomsorairodays.wav
[2011/02/04 23:05:17 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/01/13 20:26:56 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/01/04 02:37:43 | 000,038,000 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/10/25 02:01:26 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010/10/25 01:22:43 | 002,005,211 | ---- | C] () -- C:\Documents and Settings\jey\Application Data\swf2video.bin
[2010/10/25 01:03:34 | 000,000,067 | ---- | C] () -- C:\WINDOWS\swf2avi.INI
[2010/10/25 01:03:25 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/02/03 03:19:47 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2010/02/03 03:19:43 | 000,000,044 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\{3D55D1F4-1059-11DC-B281-197056D89593}
[2009/11/18 02:01:53 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\jey\Local Settings\Application Data\PUTTY.RND
[2009/08/25 03:33:25 | 000,787,344 | ---- | C] () -- C:\Documents and Settings\jey\Application Data\8d51356f4bb435f1b6f84a242a76b34c-i686.cache-2
[2009/06/10 00:30:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4814.dll
[2009/06/08 15:15:40 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\jey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/06/07 19:29:17 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\jey\Application Data\winscp.rnd
[2009/06/07 01:45:40 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/06/06 03:35:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/06/05 00:33:49 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/06/04 23:13:30 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/06/04 23:07:22 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/06/04 15:56:19 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/04 15:55:05 | 002,102,536 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/10/07 10:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2004/08/04 00:07:22 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/02 13:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2001/08/23 09:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 09:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 08:00:00 | 000,312,172 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 08:00:00 | 000,040,394 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/07/06 17:00:00 | 000,000,006 | RHS- | C] () -- C:\WINDOWS\@desktop@.dat
========== LOP Check ==========
[2010/09/28 18:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/06/06 06:55:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/08/08 19:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2010/01/06 22:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PACE Anti-Piracy
[2009/06/05 01:47:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sophos
[2010/07/22 01:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SYSTEMAX Software Development
[2010/09/27 19:23:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2011/01/02 00:12:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/06/06 04:19:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/01/10 22:58:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\Audacity
[2010/09/28 18:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\Autodesk
[2009/06/06 14:01:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\DAEMON Tools Lite
[2010/10/25 01:19:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\GetRightToGo
[2010/02/03 03:24:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\KaneSteaGames
[2010/10/25 01:20:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\Moyea
[2010/08/28 22:56:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\NeopleLauncherDFO
[2011/02/24 23:41:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\Notepad++
[2011/03/06 12:56:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\OfferBox
[2010/01/06 22:05:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\PACE Anti-Piracy
[2010/10/06 01:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\RenPy
[2010/07/22 01:20:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\SYSTEMAX Software Development
[2010/01/06 22:08:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\Unity
[2010/09/27 19:21:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\jey\Application Data\uTorrent
[2011/03/13 17:19:54 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\Gtppze.job
[2011/03/13 17:20:28 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2009/06/04 23:10:51 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/08/03 15:41:03 | 000,000,224 | RHS- | M] () -- C:\boot.ini
[2009/06/04 23:10:51 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/03/13 17:19:35 | 2137,456,640 | -HS- | M] () -- C:\hiberfil.sys
[2009/06/04 23:10:51 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/06/04 23:10:51 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/03 21:38:34 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/07/06 18:03:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/13 17:19:33 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\*. /mp /s >
< %systemroot%\System32\config\*.sav >
[2009/06/04 15:54:07 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/06/04 15:54:07 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/06/04 15:54:07 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
"NoAutoRebootWithLoggedOnUsers" = 1
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\A >
< uto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 999 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:M1cYjFELUVw9FgLG7mKq7
@Alternate Data Stream - 1233 bytes -> C:\Program Files\Common Files\Microsoft Shared:woHDxYGPREhzkFt2SlfuDs8v
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\jey\Local Settings\Application Data\6BURkWLd:QYEvXf364blRAEBr77oM
@Alternate Data Stream - 1096 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:SpA9WLA9Ynl24YQROGQdMhhn
< End of report >
Extras Txt
OTL Extras logfile created on: 3/13/2011 7:03:53 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\jey\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 71.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.48 Gb Total Space | 11.03 Gb Free Space | 16.10% Space Free | Partition Type: NTFS
Computer Name: CHOGINGA | User Name: jey | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ ]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\ ]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ \shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"5353:TCP" = 5353:TCP:*:Enabled:Adobe CSI CS4
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer
"C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" = C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe:*:Enabled:Adobe CSI CS4 -- (Adobe Systems Incorporated)
"C:\Program Files\WinSCP\WinSCP.exe" = C:\Program Files\WinSCP\WinSCP.exe:*:Enabled:SFTP, FTP and SCP client -- (Martin Prikryl)
"C:\Documents and Settings\jey\Desktop\games\diablo2\Game.exe" = C:\Documents and Settings\jey\Desktop\games\diablo2\Game.exe:*:Enabled:Game
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam
"C:\Program Files\Steam\steamapps\mathfreq\team fortress 2\hl2.exe" = C:\Program Files\Steam\steamapps\mathfreq\team fortress 2\hl2.exe:*:Enabled:hl2
"C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe" = C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\NGM.exe:*:Enabled:Nexon Game Manager -- (Nexon)
"C:\Program Files\Nexon\DFO\DFO.exe" = C:\Program Files\Nexon\DFO\DFO.exe:*:Enabled:Dungeon Fighter Online
"C:\Program Files\World of Warcraft\Launcher.exe" = C:\Program Files\World of Warcraft\Launcher.exe:*:Enabled:Launcher -- (Blizzard Entertainment)
"C:\Program Files\Autodesk\Maya2009\bin\maya.exe" = C:\Program Files\Autodesk\Maya2009\bin\maya.exe:*:Enabled:Maya -- (Autodesk)
"C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe" = C:\Program Files\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Program Files\World of Warcraft\Launcher.patch.exe" = C:\Program Files\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{034759DA-E21A-4795-BFB3-C66D17FAD183}" = Sophos Anti-Virus
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15C418EB-7675-42be-B2B3-281952DA014D}" = Sophos AutoUpdate
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{2168245A-B5AD-40D8-A641-48E3E070B5B6}" = Adobe Flash CS4 STI-en
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 14
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}" = Maya 2009
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}" = Autodesk DirectConnect 2009
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{793D1D88-6141-43DE-BE58-59BCE31B4090}" = Adobe Flash CS4 Extension - Flash Lite STI en
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7F03BDCD-E21B-4035-9FC6-9DF100006841}" = openCanvas3.03E Plus
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{819E24AA-DB15-4BA8-8D76-92BDF710610B}" = Adobe Setup
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85CFC80F-B410-42E7-855F-F2AE1DF64315}" = DELETER COMICWORKS
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{8EB8E60B-315D-44EB-A896-10D88602EE46}" = Adobe Setup
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C4F970-C753-443F-B61C-525C739BBC3D}" = Maya 2009 Documentation (en_US)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9F8FDE1A-FA91-43F2-887B-CF080156D57E}" = Adobe Setup
"{A0F925BF-5C55-44C2-A4E7-5A4C59791C29}" = mDriver
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Fran軋is, Deutsch
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CDEBE7FF-C832-4B91-9214-A4CA610D78C9}" = Adobe Audition 3.0.1 Patch
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D56B0E27-4A3E-46C9-B5C1-D93D580C099C}" = NVIDIA PhysX v8.10.29
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EC68232E-C74E-4F1A-B296-DFD2E1944E10}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F6E99614-F042-4459-82B7-8B38B2601356}" = Adobe Flash CS4
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_5aab5a491a3a52ae624fd639f6aaa95" = Adobe After Effects CS4 Third Party Content
"Adobe_5eba9bbdf1514a06b1a4c79a2920188" = Adobe Media Encoder CS4 Exporter
"Adobe_6e02d32c7e5a9d9fc86bc91618cafda" = Adobe Premiere Pro CS4 Third Party Content
"Adobe_7774cb1e022c49962995a9014500066" = Adobe Media Encoder CS4 Importer
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"FULL CLIENT8.0" = FULL CLIENT
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"Notepad++" = Notepad++
"ProInst" = Intel(R) PROSet/Wireless Software
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.0
"Wacom Tablet Driver" = Wacom Tablet
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"winscp3_is1" = WinSCP 4.2.1 beta
"World of Warcraft" = World of Warcraft
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12/27/2010 12:16:00 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.
Error - 12/27/2010 12:16:01 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 12:16:01 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.
Error - 12/27/2010 8:50:04 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:50:18 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:50:18 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:50:37 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:50:37 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:51:15 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
Error - 12/27/2010 8:51:15 PM | Computer Name = CHOGINGA | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at:
with error: The data is invalid.
[ System Events ]
Error - 3/13/2011 5:02:58 AM | Computer Name = CHOGINGA | Source = SAVOnAccessControl | ID = 3997781
Description = File [...3KJVI\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
OTM.exe, (start check timestamp [ 1cbe15d72ad1046]).
Error - 3/13/2011 5:03:01 AM | Computer Name = CHOGINGA | Source = SAVOnAccessControl | ID = 3997781
Description = File [...ZC92F\desktop.ini]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
OTM.exe, (start check timestamp [ 1cbe15d74793620]).
Error - 3/13/2011 5:03:36 AM | Computer Name = CHOGINGA | Source = SAVOnAccessControl | ID = 3997781
Description = File [...DeviceService.exe]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
services.exe, (start check timestamp [ 1cbe15d893b8fc2]).
Error - 3/13/2011 5:03:36 AM | Computer Name = CHOGINGA | Source = SAVOnAccessControl | ID = 3997781
Description = File [...50727.4053.policy]'s scan succeeded following a timeout/busy
condition - it is being logged in case it contributed to that condition. Process
csrss.exe, (start check timestamp [ 1cbe15d8949ddde]).
Error - 3/13/2011 5:06:18 AM | Computer Name = CHOGINGA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 3/13/2011 5:06:18 AM | Computer Name = CHOGINGA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 3/13/2011 5:06:35 AM | Computer Name = CHOGINGA | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the IO method is not supported.
Error - 3/13/2011 8:19:43 PM | Computer Name = CHOGINGA | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.
Error - 3/13/2011 8:19:43 PM | Computer Name = CHOGINGA | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.
Error - 3/13/2011 8:19:55 PM | Computer Name = CHOGINGA | Source = SAVOnAccessFilter | ID = 3997749
Description = The on-access driver failed to attach to \Device\ADVirtualDisk\Volume,
because the IO method is not supported.
< End of report >
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 14th, 2011 03:00
Step 1
Re-Run
:OTL
[2009/08/08 15:29:32 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\searchplugins\ask.xml
O4 - HKLM..\Run: [Qpumotefaco] File not found
[2011/03/13 17:19:54 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\Gtppze.job
[2011/03/13 01:39:00 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Egube.bin
[2011/03/09 23:13:55 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Pfepezenocopolo.dat
[2011/02/24 15:52:08 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\jey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
@Alternate Data Stream - 999 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:M1cYjFELUVw9FgLG7mKq7
@Alternate Data Stream - 1233 bytes -> C:\Program Files\Common Files\Microsoft Shared:woHDxYGPREhzkFt2SlfuDs8v
@Alternate Data Stream - 1185 bytes -> C:\Documents and Settings\jey\Local Settings\Application Data\6BURkWLd:QYEvXf364blRAEBr77oM
@Alternate Data Stream - 1096 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:SpA9WLA9Ynl24YQROGQdMhhn
:Services
:Reg
:Files
ipconfig /flushdns /c
:Commands
[purity]
[resethosts]
[emptytemp]
[EMPTYFLASH]
[CREATERESTOREPOINT]
Step 2
Run ESET Online Scan
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.
Also be aware this scan can take between one and several hours to complete depending on the size of your system.
Post logs from OTL fix and ESET in next reply, also give update on any remaining issues.
Kevin
kidoairaku
6 Posts
0
March 14th, 2011 18:00
Thanks again for all your help. I haven't noticed any new issues. Other than redirection problems, sometimes I get this
"Content Encoding Error
The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression.
Please contact the website owners to inform them of this problem."
when I try to visit a website.
OTL Log
All processes killed
========== OTL ==========
C:\Documents and Settings\jey\Application Data\Mozilla\Firefox\Profiles\brue07y5.default\searchplugins\ask.xml moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Qpumotefaco deleted successfully.
C:\WINDOWS\tasks\Gtppze.job moved successfully.
C:\WINDOWS\Egube.bin moved successfully.
C:\WINDOWS\Pfepezenocopolo.dat moved successfully.
C:\Documents and Settings\jey\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:M1cYjFELUVw9FgLG7mKq7 deleted successfully.
ADS C:\Program Files\Common Files\Microsoft Shared:woHDxYGPREhzkFt2SlfuDs8v deleted successfully.
ADS C:\Documents and Settings\jey\Local Settings\Application Data\6BURkWLd:QYEvXf364blRAEBr77oM deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\Microsoft:SpA9WLA9Ynl24YQROGQdMhhn deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\jey\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\jey\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jey
->Temp folder emptied: 476685 bytes
->Temporary Internet Files folder emptied: 206756 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 99549102 bytes
->Google Chrome cache emptied: 6632510 bytes
->Flash cache emptied: 1910 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3223191 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 7877504 bytes
Total Files Cleaned = 113.00 mb
[EMPTYFLASH]
User: All Users
User: Default User
User: jey
->Flash cache emptied: 0 bytes
User: LocalService
User: NetworkService
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTL Restore Point (0)
OTL by OldTimer - Version 3.2.22.3 log created on 03142011_113904
Files\Folders moved on Reboot...
C:\Documents and Settings\jey\Local Settings\Temp\PDFMCustom.dot moved successfully.
File\Folder C:\Documents and Settings\jey\Local Settings\Temp\~DF52A8.tmp not found!
File\Folder C:\Documents and Settings\jey\Local Settings\Temp\~DF5321.tmp not found!
File\Folder C:\Documents and Settings\jey\Local Settings\Temp\~DF58A7.tmp not found!
File\Folder C:\Documents and Settings\jey\Local Settings\Temp\~WRF0002.tmp not found!
Registry entries deleted on Reboot...
ESET log
C:\Program Files\IEToolbar\Google Toolbar\tbs_include_script_024945.js HTML/ScrInject.B.Gen virus
C:\Program Files\IEToolbar\Google Toolbar\tbu08803\tbs_include_script_024945.js HTML/ScrInject.B.Gen virus
C:\_OTM\MovedFiles\03132011_010235\C_WINDOWS\atipehuk.dll a variant of Win32/Kryptik.KNA trojan
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 15th, 2011 03:00
Continue as follows :-
Step 1
Re-Run
:OTL
:Services
:Reg
:Files
C:\Program Files\IEToolbar\Google Toolbar\tbs_include_script_024945.js
C:\Program Files\IEToolbar\Google Toolbar\tbu08803\tbs_include_script_024945.js
:Commands
[emptytemp]
If you still have re-direction issues continue with step 2
Step 2
Please read carefully and follow these steps.
Post relevant logs please and give update on remaining issues.
Kevin
kidoairaku
6 Posts
0
March 15th, 2011 15:00
OTL Log
All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Program Files\IEToolbar\Google Toolbar\tbs_include_script_024945.js moved successfully.
C:\Program Files\IEToolbar\Google Toolbar\tbu08803\tbs_include_script_024945.js moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: jey
->Temp folder emptied: 487475 bytes
->Temporary Internet Files folder emptied: 1234096 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 98064648 bytes
->Google Chrome cache emptied: 6633142 bytes
->Flash cache emptied: 2041 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3229918 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 137565129 bytes
Total Files Cleaned = 236.00 mb
OTL by OldTimer - Version 3.2.22.3 log created on 03152011_140357
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
TDSS Log
2011/03/15 14:28:45.0578 2796 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/15 14:28:46.0000 2796 ================================================================================
2011/03/15 14:28:46.0000 2796 SystemInfo:
2011/03/15 14:28:46.0000 2796
2011/03/15 14:28:46.0000 2796 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/15 14:28:46.0000 2796 Product type: Workstation
2011/03/15 14:28:46.0000 2796 ComputerName: CHOGINGA
2011/03/15 14:28:46.0000 2796 UserName: jey
2011/03/15 14:28:46.0000 2796 Windows directory: C:\WINDOWS
2011/03/15 14:28:46.0000 2796 System windows directory: C:\WINDOWS
2011/03/15 14:28:46.0000 2796 Processor architecture: Intel x86
2011/03/15 14:28:46.0000 2796 Number of processors: 2
2011/03/15 14:28:46.0000 2796 Page size: 0x1000
2011/03/15 14:28:46.0000 2796 Boot type: Normal boot
2011/03/15 14:28:46.0000 2796 ================================================================================
2011/03/15 14:28:47.0625 2796 Initialize success
2011/03/15 14:29:11.0703 1708 ================================================================================
2011/03/15 14:29:11.0703 1708 Scan started
2011/03/15 14:29:11.0703 1708 Mode: Manual;
2011/03/15 14:29:11.0703 1708 ================================================================================
2011/03/15 14:29:12.0171 1708 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/15 14:29:12.0218 1708 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/15 14:29:12.0296 1708 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
2011/03/15 14:29:12.0687 1708 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/15 14:29:12.0781 1708 AegisP (023867b6606fbabcdd52e089c4a507da) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/03/15 14:29:12.0875 1708 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/15 14:29:13.0125 1708 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/15 14:29:13.0234 1708 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/15 14:29:13.0281 1708 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/15 14:29:13.0343 1708 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/15 14:29:13.0421 1708 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/15 14:29:13.0531 1708 bcm4sbxp (cd4646067cc7dcba1907fa0acf7e3966) C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
2011/03/15 14:29:13.0687 1708 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/15 14:29:13.0796 1708 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/15 14:29:13.0890 1708 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/15 14:29:13.0968 1708 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/15 14:29:14.0031 1708 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/15 14:29:14.0140 1708 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/15 14:29:14.0234 1708 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/15 14:29:14.0421 1708 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/15 14:29:14.0515 1708 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/15 14:29:14.0609 1708 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/15 14:29:14.0750 1708 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/15 14:29:14.0843 1708 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/15 14:29:14.0968 1708 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/15 14:29:15.0093 1708 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/15 14:29:15.0140 1708 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/15 14:29:15.0203 1708 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/15 14:29:15.0281 1708 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/15 14:29:15.0359 1708 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/15 14:29:15.0437 1708 FsVga (455f778ee14368468560bd7cb8c854d0) C:\WINDOWS\system32\DRIVERS\fsvga.sys
2011/03/15 14:29:15.0500 1708 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/15 14:29:15.0546 1708 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/15 14:29:15.0640 1708 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/03/15 14:29:15.0734 1708 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/15 14:29:15.0828 1708 hamachi (833051c6c6c42117191935f734cfbd97) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/03/15 14:29:15.0921 1708 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/15 14:29:15.0953 1708 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/15 14:29:16.0093 1708 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/15 14:29:16.0265 1708 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/15 14:29:16.0671 1708 ialm (e8c7cc369c2fb657e0792af70df529e6) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/15 14:29:16.0968 1708 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/15 14:29:17.0125 1708 intelppm (642ff76504bc4a358006b0fdbcfa9ee7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/15 14:29:17.0125 1708 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: 642ff76504bc4a358006b0fdbcfa9ee7, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/03/15 14:29:17.0140 1708 intelppm - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/15 14:29:17.0171 1708 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/15 14:29:17.0281 1708 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/15 14:29:17.0421 1708 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/15 14:29:17.0640 1708 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/15 14:29:18.0140 1708 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/15 14:29:18.0203 1708 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/15 14:29:18.0281 1708 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/15 14:29:18.0343 1708 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/15 14:29:18.0390 1708 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/15 14:29:18.0453 1708 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/15 14:29:18.0531 1708 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/15 14:29:18.0671 1708 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/15 14:29:18.0781 1708 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/15 14:29:18.0828 1708 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/15 14:29:18.0890 1708 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/15 14:29:18.0968 1708 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/15 14:29:19.0062 1708 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/15 14:29:19.0156 1708 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/15 14:29:19.0234 1708 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/15 14:29:19.0296 1708 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/15 14:29:19.0343 1708 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/15 14:29:19.0390 1708 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/15 14:29:19.0437 1708 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/15 14:29:19.0484 1708 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/15 14:29:19.0546 1708 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/15 14:29:19.0609 1708 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/15 14:29:19.0671 1708 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/15 14:29:19.0718 1708 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/15 14:29:19.0796 1708 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/15 14:29:19.0890 1708 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/15 14:29:19.0953 1708 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/15 14:29:20.0187 1708 NETw4x32 (88100ebdd10309fbd445ef8e42452eae) C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2011/03/15 14:29:20.0296 1708 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/15 14:29:20.0328 1708 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/15 14:29:20.0515 1708 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/15 14:29:20.0640 1708 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/15 14:29:20.0750 1708 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/15 14:29:20.0859 1708 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/15 14:29:20.0984 1708 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/15 14:29:21.0031 1708 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/15 14:29:21.0125 1708 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/15 14:29:21.0171 1708 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/15 14:29:21.0218 1708 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/15 14:29:21.0328 1708 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/15 14:29:21.0421 1708 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/15 14:29:21.0687 1708 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/15 14:29:21.0765 1708 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/15 14:29:21.0812 1708 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/15 14:29:21.0937 1708 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/15 14:29:22.0187 1708 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/15 14:29:22.0296 1708 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/15 14:29:22.0359 1708 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/15 14:29:22.0406 1708 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/15 14:29:22.0468 1708 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/15 14:29:22.0515 1708 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/15 14:29:22.0656 1708 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/15 14:29:22.0734 1708 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/15 14:29:22.0812 1708 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/15 14:29:22.0968 1708 s24trans (c26a053e4db47f6cdd8653c83aaf22ee) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/15 14:29:23.0203 1708 SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2011/03/15 14:29:23.0328 1708 SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2011/03/15 14:29:23.0656 1708 SAVOnAccessControl (4041f1ab46a96a45ae4ac52cdc8c7a6c) C:\WINDOWS\system32\DRIVERS\savonaccesscontrol.sys
2011/03/15 14:29:23.0750 1708 SAVOnAccessFilter (6ccde94e1a04fcd919ad7d6d0746f9bc) C:\WINDOWS\system32\DRIVERS\savonaccessfilter.sys
2011/03/15 14:29:23.0984 1708 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/15 14:29:24.0062 1708 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/15 14:29:24.0171 1708 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/15 14:29:24.0234 1708 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/15 14:29:24.0359 1708 SophosBootDriver (3bdf94e0827d13e44249a646f6c0eb7c) C:\WINDOWS\system32\DRIVERS\SophosBootDriver.sys
2011/03/15 14:29:24.0468 1708 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/15 14:29:24.0625 1708 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/15 14:29:24.0625 1708 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/03/15 14:29:24.0625 1708 sptd - detected Locked file (1)
2011/03/15 14:29:24.0703 1708 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/15 14:29:24.0812 1708 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/15 14:29:24.0968 1708 STHDA (951801dfb54d86f611f0af47825476f9) C:\WINDOWS\system32\drivers\sthda.sys
2011/03/15 14:29:25.0046 1708 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/15 14:29:25.0109 1708 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/15 14:29:25.0359 1708 SynTP (fa2daa32bed908023272a0f77d625dae) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/15 14:29:25.0468 1708 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/15 14:29:25.0593 1708 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/15 14:29:25.0765 1708 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/15 14:29:25.0812 1708 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/15 14:29:25.0875 1708 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/15 14:29:26.0000 1708 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/15 14:29:26.0125 1708 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/15 14:29:26.0250 1708 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/15 14:29:26.0359 1708 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/15 14:29:26.0437 1708 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/15 14:29:26.0484 1708 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/15 14:29:26.0562 1708 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/15 14:29:26.0687 1708 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/15 14:29:26.0765 1708 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/15 14:29:26.0828 1708 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/15 14:29:26.0906 1708 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/15 14:29:27.0015 1708 wacmoumonitor (9a03558c37e919b9d6a50864aea0a168) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
2011/03/15 14:29:27.0078 1708 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
2011/03/15 14:29:27.0125 1708 wacomvhid (6843fd7db708b14ea4d8092abb464244) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
2011/03/15 14:29:27.0187 1708 WacomVKHid (889459833432b161cb99cfdf84a1a9bb) C:\WINDOWS\system32\DRIVERS\WacomVKHid.sys
2011/03/15 14:29:27.0265 1708 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/15 14:29:27.0359 1708 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/15 14:29:27.0484 1708 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/15 14:29:27.0781 1708 ================================================================================
2011/03/15 14:29:27.0781 1708 Scan finished
2011/03/15 14:29:27.0781 1708 ================================================================================
2011/03/15 14:29:27.0796 3392 Detected object count: 2
2011/03/15 14:30:01.0671 3392 intelppm (642ff76504bc4a358006b0fdbcfa9ee7) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/15 14:30:01.0671 3392 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\intelppm.sys. Real md5: 642ff76504bc4a358006b0fdbcfa9ee7, Fake md5: 8c953733d8f36eb2133f5bb58808b66b
2011/03/15 14:30:03.0593 3392 Backup copy found, using it..
2011/03/15 14:30:03.0687 3392 C:\WINDOWS\system32\DRIVERS\intelppm.sys - will be cured after reboot
2011/03/15 14:30:03.0687 3392 Rootkit.Win32.TDSS.tdl3(intelppm) - User select action: Cure
2011/03/15 14:30:03.0687 3392 Locked file(sptd) - User select action: Skip
2011/03/15 14:30:06.0750 3844 Deinitialize success
Thanks, I'll keep you updated on the redirected searches since it still seems to happen occasionally... but I can't tell for certain how often it happens or not : /
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 15th, 2011 18:00
TDSSKiller has caught a couple by the tail, you should see an improvement now... let me know how your system is responding and what specific issues remain..
Kevin
kidoairaku
6 Posts
0
March 16th, 2011 00:00
So far so good :D I think it's doing pretty well. Thanks for all your help :)
kevinf80_1d0ac6
2 Intern
•
1.1K Posts
0
March 16th, 2011 02:00
Use your system freely for a day or so, if all is well and no issues return post back and we`ll clean up our tools etc....
Kevin