computer is jacked

[glass ninja]

Hi-

I can't believe it happened to me....but it did.

Must have gone on a shady site. I type something into a google search. It pulls up results, but takes me somewhere else when I click on the site. It also happens when I type most addys right into the addy box. Other than that, everything seems fine.

I ran spybot immediately, but it's still happening.

I downloaded ERUNT. I also did the DDS part. Here is the log:

I have to go back to the "read this first" post to learn how to zip the attach.txt file. I will put that in my next post

Thank you so very much!!

deb

ninja.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Debby at 13:29:13.90 on Sat 03/19/2011
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.479.57 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\sistray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Debby\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer By Mad Man Moon
mWindow Title = Microsoft Internet Explorer By Mad Man Moon
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: StumbleUpon Launcher: {145b29f4-a56b-4b90-bbac-45784ebebbb7} - c:\program files\stumbleupon\StumbleUponIEBar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRunOnce: [SpybotDeletingB2234] command /c del "c:\windows\temp\explorer.dat_old"
uRunOnce: [SpybotDeletingD301] cmd /c del "c:\windows\temp\explorer.dat_old"
uRunOnce: [SpybotDeletingB3987] command /c del "c:\windows\temp\winlogon.dat_old"
uRunOnce: [SpybotDeletingD5925] cmd /c del "c:\windows\temp\winlogon.dat_old"
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRunOnce: [SpybotDeletingA5448] command /c del "c:\windows\temp\explorer.dat_old"
mRunOnce: [SpybotDeletingC3024] cmd /c del "c:\windows\temp\explorer.dat_old"
mRunOnce: [SpybotDeletingA3996] command /c del "c:\windows\temp\winlogon.dat_old"
mRunOnce: [SpybotDeletingC6434] cmd /c del "c:\windows\temp\winlogon.dat_old"
StartupFolder: c:\docume~1\debby\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\debby\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\utilit~1.lnk - c:\windows\system32\sistray.exe
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F}
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1226554902171
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\debby\applic~1\mozilla\firefox\profiles\hv7ie5sc.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\debby\application data\mozilla\firefox\profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\debby\application data\mozilla\firefox\profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\documents and settings\debby\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\documents and settings\all users\application data\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: Image Zoom: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68} - %profile%\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
.
============= SERVICES / DRIVERS ===============
.
.
=============== Created Last 30 ================
.
2011-03-18 06:15:59 5943120 -c--a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{088d2299-ff7e-4b72-aecc-84d5d8bc1f57}\mpengine.dll
2011-02-22 18:16:14 -------- dc----w- c:\docume~1\debby\locals~1\applic~1\Yahoo!
.
==================== Find3M ====================
.
2011-02-09 13:53:52 270848 -c--a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 -c--a-w- c:\windows\system32\encdec.dll
2011-02-02 22:11:20 222080 -c----w- c:\windows\system32\MpSigStub.exe
2011-02-02 07:58:35 2067456 -c--a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 -c--a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 -c--a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 -c--a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 -c--a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 -c--a-w- c:\windows\system32\kerberos.dll
2010-12-21 15:47:47 87608 -c--a-w- c:\docume~1\debby\applic~1\inst.exe
2010-12-21 15:47:47 47360 -c--a-w- c:\docume~1\debby\applic~1\pcouffin.sys
2010-12-20 23:08:45 832512 -c--a-w- c:\windows\system32\wininet.dll
2010-12-20 23:08:45 78336 -c--a-w- c:\windows\system32\ieencode.dll
2010-12-20 23:08:45 1830912 -c--a-w- c:\windows\system32\inetcpl.cpl
2010-12-20 23:08:45 17408 -c--a-w- c:\windows\system32\corpol.dll
2010-12-20 17:26:00 730112 -c--a-w- c:\windows\system32\lsasrv.dll
2010-12-20 12:55:25 389120 -c--a-w- c:\windows\system32\html.iec
.
============= FINISH: 13:30:34.76 ===============

here is the attach text zip file (I think!!)

 

[Jack&Jill]

Hello and welcome to Safer Networking.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this, click Thread Tools, then click Subscribe to this Thread. Under the Notification Type: title, make sure it is set to Instant notification by email, then click Add Subscription.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.

 

[glass ninja]

Hello-

Thank you very much for responding. I have turned on instant thread notification.

Debby

 

[Jack&Jill]

Hello glass ninja ,

Welcome to Safer Networking. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.

• Please observe and follow these Forum Rules.
• Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
• Please read the instructions carefully and follow them closely, in the order they are presented to you.
• If you have any doubts or problems during the fix, please stop and ask.
• All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
• Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
• Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
• Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
• If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly . We may begin.

--------------------

Remove P2P software

• IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
  
  FrostWire 4.18.3
  
  
• Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
• Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
• Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
• Please remove them before we continue with fixing your computer.

Please rerun DDS and post a new Attach.txt by copy and pasting into your reply.

--------------------

Is this a business or corporate computer?

--------------------

Please post back:
1. new Attach.txt contents
2. the answer to my question about your computer

 

[glass ninja]

Hi-

I removed the Frostwire. When I try to go to the sticky with the DDS link, it takes me somewhere else (stopzilla malware removal). It seems if i go anywhere with "malware" in the title, it brings me to "their" stuff. I have been leaving this page open and refreshing it. Would it be possible to post the link in this thread? I know I can follow a link, i just can't seem to get to them.

As far as your other question, yes, I do run a business from this computer. A small art business - it is NOT a corporate computer. Also, my stepfather gave the computer to me several years ago, and i know he also ran a business from it as well.

 

[glass ninja]

Sorry, I was able to get to the DDS link thru something already in your post.

Here is the file.

Debby


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2008 8:43:37 AM
System Uptime: 3/19/2011 8:46:23 AM (29 hours ago)
.
Motherboard: | | SiS-741
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 61.166 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 6.0
Adobe Reader 9.2
Adobe SVG Viewer
AiO_Scan
AiOSoftware
AviSynth 2.5
Bejeweled Twist 1.0
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative Modem Blaster PCI Value DI5652-1
Destinations
DeviceManagementQFolder
DivX Web Player
Doc Scrubber v1.1
DocProc
EasyRecovery Professional Edition
ERUNT 1.1j
eSupportQFolder
Fax
Free YouTube to Mp3 Converter version 3.1
Glass Eye 2000
Google Updater
Google Video Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Jewel Quest III 1.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NetAlyzer 0.3
NewCopy
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
ProductContext
QuickTime
Readme
Realtek AC'97 Audio
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
StumbleUpon IE Toolbar
TrayApp
Tweak UI
Uninstall 1.0.0.1
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
3/18/2011 12:23:51 PM, error: Service Control Manager [7011] - Timeout

(30000 milliseconds) waiting for a transaction response from the

Dnscache service.
3/13/2011 4:03:15 PM, error: Service Control Manager [7009] - Timeout

(30000 milliseconds) waiting for the Windows Search service to connect.
3/13/2011 4:03:15 PM, error: Service Control Manager [7000] - The

Windows Search service failed to start due to the following error: The

service did not respond to the start or control request in a timely

fashion.
3/13/2011 4:03:15 PM, error: DCOM [10005] - DCOM got error "%1053"

attempting to start the service WSearch with arguments "" in order to

run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
.
==== End Of File ===========================

 

[Jack&Jill]

Hello glass ninja ,

The Attach.txt you posted was the old copy, but with Frostwire edited out. Please uninstall the program in actual.

For DDS, you already have the program here:
C:\Documents and Settings\Debby\My Documents\Downloads\dds.scr

Or you can download another from either one of the below links:
Link 1
Link 2
Link 3

Please run it again and post back a new Attach.txt.

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1
Link 2

• Double click on SystemLook.exe to run it.
• Copy and paste the following text into the main textfield:
  

  :regfind 
  FrostWire

• Click the Look button to start the scan. This might take a while.
• When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
  Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Validate Windows

• Please download MGADiag.exe from Microsoft and save it to a convenient location. Click here.
• Double click on MGADiag.exe to run it.
• Click Continue.
• The program will run. It takes a while to finish the diagnosis, please be patient.
• Once done, click on Copy.
• Open Notepad and paste the contents in. Save this file and post it in your next reply.

--------------------

Check for additional security risks

• Please download CKScanner© by askey127 and save to your desktop. Click here.
• Double click on CKScanner.exe and click Search For Files.
• After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
• Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please post back:
1. fresh Attach.txt
2. SystemLook result
3. MGADiag result
4. CKScanner log

 

[glass ninja]

Good morning-

I checked my add/remove programs for the Frostwire, and it's not there. I did the uninstall yesterday before I posted the attach.txt log. I thought I had done it correctly - maybe not. Is it somewhere else i am missing?

Here is the attach.txt file. I am also enclosing a screenshot of my add/remove programs. I will post the next 3 steps in my next post.

Thanks!!

debby


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/27/2008 8:43:37 AM
System Uptime: 3/20/2011 5:04:34 PM (15 hours ago)
.
Motherboard: | | SiS-741
Processor: AMD Athlon(tm) XP 2400+ | Socket A | 2000/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 93 GiB total, 61.173 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
5600
5600_Help
5600Trb
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Illustrator 9.0
Adobe Photoshop 6.0
Adobe Reader 9.2
Adobe SVG Viewer
AiO_Scan
AiOSoftware
AviSynth 2.5
Bejeweled Twist 1.0
BufferChm
CCleaner (remove only)
Compatibility Pack for the 2007 Office system
CP_Package_Variety1
CP_Package_Variety2
CP_Package_Variety3
Creative Modem Blaster PCI Value DI5652-1
Destinations
DeviceManagementQFolder
DivX Web Player
Doc Scrubber v1.1
DocProc
EasyRecovery Professional Edition
ERUNT 1.1j
eSupportQFolder
Fax
Free YouTube to Mp3 Converter version 3.1
Glass Eye 2000
Google Updater
Google Video Player
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Image Zone Express
HP Imaging Device Functions 5.3
HP PSC & OfficeJet 5.3.B
HP Software Update
HP Solution Center & Imaging Support Tools 5.3
HPProductAssistant
InterActual Player
Java(TM) 6 Update 11
Java(TM) 6 Update 4
Jewel Quest III 1.00
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
Mozilla Firefox (3.5.17)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
neroxml
NetAlyzer 0.3
NewCopy
Octoshape add-in for Adobe Flash Player
OpenOffice.org 2.4
ProductContext
QuickTime
Readme
Realtek AC'97 Audio
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2183461)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SiS 900 PCI Fast Ethernet Adapter Driver
SiS VGA Utilities
SolutionCenter
Spybot - Search & Destroy
SpywareBlaster 4.1
Status
StumbleUpon IE Toolbar
TrayApp
Tweak UI
Uninstall 1.0.0.1
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office Excel 2007 Help (KB957242)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB957245)
Update for Microsoft Office Outlook 2007 (KB2412171)
Update for Microsoft Office Outlook 2007 Help (KB957246)
Update for Microsoft Office PowerPoint 2007 Help (KB957247)
Update for Microsoft Office Publisher 2007 Help (KB957249)
Update for Microsoft Office Word 2007 Help (KB957252)
Update for Microsoft Script Editor Help (KB957253)
Update for Outlook 2007 Junk Email Filter (KB2508979)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.762
WebFldrs XP
WebReg
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
3/20/2011 5:05:15 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
3/20/2011 5:05:14 PM, error: SRService [104] - The System Restore initialization process failed.
3/18/2011 12:23:51 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================

 

[glass ninja]

good morning again-

here is the system look log:

SystemLook 04.09.10 by jpshortstuff
Log created at 08:13 on 21/03/2011 by Debby
Administrator - Elevation successful

========== regfind ==========

Searching for "FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
@="FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"DefaultIcon"=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"Description"="FrostWire"
[HKEY_CURRENT_USER\Software\Magnet\Handlers\FrostWire]
"ShellExecute"=""C:\Program Files\FrostWire\FrostWire.exe" "%URL""
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_CURRENT_USER\Software\Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_CURRENT_USER\Software\Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_CURRENT_USER\Software\Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_CURRENT_USER\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\FrostWire\FrostWire.exe"="C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
@="FrostWire"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"DefaultIcon"=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"Description"="FrostWire"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Magnet\Handlers\FrostWire]
"ShellExecute"=""C:\Program Files\FrostWire\FrostWire.exe" "%URL""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\Software\Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire]
@="FrostWire Torrent"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire\DefaultIcon]
@="C:\Program Files\FrostWire\FrostWire.ico"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\LimeWire\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\magnet\DefaultIcon]
@=""C:\Program Files\FrostWire\FrostWire.exe",0"
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004_Classes\magnet\shell\open\command]
@=""C:\Program Files\FrostWire\FrostWire.exe" "%1""
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\click-new-download.com\www[dot]frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\frostwire]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\click-new-download.com\www[dot]frostwire]

-= EOF =-

Here is the text from the CKFiles:





CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\debby\favorites\interesting or weird stuff\astalavista.ms - cracks and serials search..url
c:\documents and settings\debby\my documents\limewire\incomplete\rkedaxpmqxsttpwixeoooxkgj6wd6jm6\adobe illustrator cs4\key\adobe-master-cs4-keygen.exe
c:\documents and settings\debby\start menu\programs\winrar\rar password cracker v4.11.lnk
c:\installs\dvd\dvd copying professional tools - everything you need to copy dvd like pro (tutorial included)\dvd-rb-prov1.00.rc5.1\cinema craft encoder 2.70.02 [sp]\crack\cctspt.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\dvdfab5090.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.diz
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.nfo
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.txt
c:\installs\dvd\dvdxcopy platinum 4.0.3.8\platinum4038crack.zip
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\tracked_by_demonoid_com.txt
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\imtoo dvd ripper platinum 4.0.35.1214 + keygen\dvd-ripper-platinum.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\keymaker.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd platinum 7.0 (release 2) build 27.071.txt
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd7.exe
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\keys.txt
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\nero-7.10.1.0_eng_trial_wch.exe
c:\installs\tune up\tuneup utilities 2007 6.0.1255.0 ( iteam.panna )\tune up\keygen.exe
c:\installs\zip and rar\winzip keygen v8.1.exe
c:\program files\winrar\rar password cracker v4.11\rarpasswordcrackerv4.11readme.txt
c:\program files\winrar\rar password cracker v4.11\rpc.exe
c:\program files\winrar\rar password cracker v4.11\special.chr
scanner sequence 3.ZZ.11
----- EOF -----

 

[Jack&Jill]

Hello glass ninja ,

Cracks / Keygens / Warez / Illegal softwares detected!!!

Your log indicates the presence and usage of one or more of the above. Very likely your computer got infected due to the illegal softwares or the illegitimate websites you visited to get them.

Please read the fourth post of the Forum Rules .

Note:
We do not support the use of illegal Pirated/Warez/Cracked software.

If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. Aside from the legalities be aware malware authors prey on users looking to circumvent a software's protection mechanisms. There is a high risk of infection involved in downloading and running crack codes.

If you still want help, please remove the illegal items from your computer, and if you still need the softwares, get legal ones from legitimate sources.
If you advised that the illegal softwares have been removed and I find it otherwise (the tools we use can and will detect them), then I will have no choice but to have this topic closed.
If there are more such new findings after this, the topic will also be closed.

Please remove/uninstall the following before we continue, including the related programs:
c:\documents and settings\debby\favorites\interesting or weird stuff\astalavista.ms - cracks and serials search..url
c:\documents and settings\debby\my documents\limewire\incomplete\rkedaxpmqxsttpwixeoooxkgj6wd6jm6\adobe illustrator cs4\key\adobe-master-cs4-keygen.exe
c:\documents and settings\debby\start menu\programs\winrar\rar password cracker v4.11.lnk
c:\installs\dvd\dvd copying professional tools - everything you need to copy dvd like pro (tutorial included)\dvd-rb-prov1.00.rc5.1\cinema craft encoder 2.70.02 [sp]\crack\cctspt.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\dvdfab5090.exe
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.diz
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.nfo
c:\installs\dvd\dvd fab5 crack and apllication\dvd fab5 crack and apllication\ind.txt
c:\installs\dvd\dvdxcopy platinum 4.0.3.8\platinum4038crack.zip
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\tracked_by_demonoid_com.txt
c:\installs\dvd\imtoo dvd ripper platinum 4.0.35.1214 + keygen\imtoo dvd ripper platinum 4.0.35.1214 + keygen\dvd-ripper-platinum.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\keymaker.exe
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd platinum 7.0 (release 2) build 27.071.txt
c:\installs\dvd\windvd platinum 7.0 (release 2) build 27.071 +keygen (latest update)29-june-05\windvd7.exe
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\keys.txt
c:\installs\nero 7 premium reloaded 7.10.1.0_eng (+keygen)\nero-7.10.1.0_eng_trial_wch.exe
c:\installs\tune up\tuneup utilities 2007 6.0.1255.0 ( iteam.panna )\tune up\keygen.exe
c:\installs\zip and rar\winzip keygen v8.1.exe
c:\program files\winrar\rar password cracker v4.11\rarpasswordcrackerv4.11readme.txt
c:\program files\winrar\rar password cracker v4.11\rpc.exe
c:\program files\winrar\rar password cracker v4.11\special.chr

Please post a new CKScanner log.

 

[glass ninja]

Hi and good morning-

Got the last reply. I don't even know what all that stuff is. I primarily use my PC for email and updating my business website.

The man who fixed my computer several years ago installed a bunch of stuff on it (nero, fab 5, dvd ripper, etc). I have never even used it and didn't even know it was "bad". I'm really not that tech savvy.

How do I get rid of it all? Do I uninstall it from add/remove?

And what is the "keygen" stuff? How do I remove it?

Thanks-

Debby

 

[glass ninja]

Hi again-

Ok - I went in through explore and deleted everything that was on the list.

I am feeling like this is making me look really bad. This was NOT my stuff. I knew it was on my PC - the man who fixed my PC told me it was for DVDs, etc. If I had known this was "bad" or illegal, I would have never even have posted it here in the first place. The only one I knew about was the Frostwire/Limewire. I just really didn't know about the other stuff. I guess I can't trust "friends" to fix my computer.

Anyway, here is the new log. Like I said, I went through explorer to delete it. If there are any remnants of the programs left, it is due only to my ignorance and/or not knowing how to remove them fully.

Thanks for your patience.

debby

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----

 

[Jack&Jill]

Hello glass ninja ,

Please uninstall WinRAR archiver as well via Add/Remove Programs at the Control Panel.

Thank you removing all the illegal stuffs :bigthumb:.

--------------------

Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.

Please download Rootkit Unhooker and save it to your desktop. Click here.

• Double click RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Ensure the following are checked (ticked):
  • Drivers
  • Stealth Code
  • Files
  • Code Hooks
• Uncheck the rest, then click OK. An initial scan will be performed.
• When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
• Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
• Save the report somewhere you can find it. Click Close to exit.
• Copy the entire contents of the report and paste it in your next reply.

You may get a warning about parasite detection. Please click OK to continue.

--------------------

I do not see any Antivirus (AV) installed on your machine. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:

Avast
Avira
Microsoft Security Essentials

You should only select one of these three, and keep only one installed.

--------------------

Please post back:
1. the Rootkit Unhooker log

 

[glass ninja]

Hi-

Thanks for your patience with me.

I have uninstalled the WINRAR from add/remove programs. To double check, I went to explore. There was a WINRAR file showing. I deleted that as well. Hopefully I'm clean now!!

I also have installed Avast antivirus.

Here is the log from the rootkit unhooker:

RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 4509696 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF685C000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6790000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6AFA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 606208 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF76A9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB53C8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF69EB000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 401408 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF66B7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5525000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8B64000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF6C5C000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 344064 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xBF45F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA85D5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF695A000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF77C8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8C0C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF767C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5460000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB54FD000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB534B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6A96000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF69AE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6B8E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB54DB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7760000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7798000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7662000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7780000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8C81000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7749000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6765000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A5F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF677C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6BB1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB557E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7736000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF77B7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6754000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA92A6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7917000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7967000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7937000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7927000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7A67000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF65C2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7857000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB5CD6000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7987000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7837000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7877000 sisidex.sys 49152 bytes (Windows (R) 2000 DDK provider, SISIDEX Driver)
0xB6D33000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7907000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7827000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7867000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF78E7000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7817000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A77000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7887000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF6D20000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7847000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6D40000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB6D43000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xADADE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB6D23000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B97000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB6766000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B87000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xB672E000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7B7F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B9F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB7178000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7A97000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB671E000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB59F6000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7BAF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BA7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB7170000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C07000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xB7190000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB7168000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A9F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BD7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BDF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB675E000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 20480 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF7BC7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA94BF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7101000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7CF3000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAD4F2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CBB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB7105000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C27000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA934F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xADE46000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7CBF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF5C08000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7C2B000 sisperf.sys 12288 bytes (Silicon Integrated Systems Corp., SiS Filter Driver)
0xF7D9F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7DBF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D9D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D17000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA8CC9000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D45000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB37FC000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 8192 bytes
0xF7D67000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D19000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E28000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA90DA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EDB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DDF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7DE0000 siside.sys 4096 bytes (Silicon Integrated Systems Corp., SiS PCI Mini IDE Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [HSFDPSP2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [ASPI32.SYS]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [usbohci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [srvkp.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [HSFBS2S2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [sisnic.sys]
WARNING: Virus alike driver modification [sisgrp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ALCXSENS.SYS]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [siside.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [pcouffin.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [sisidex.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [HPZid412.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [ALCXWDM.SYS]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [HSFCXTS2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [HSF_CNXT.sys]
WARNING: Virus alike driver modification [dxg.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [sisperf.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Debby\Local Settings\Temporary Internet Files\Content.IE5\TORSEJA1\8pEVNnJ32A5RPXhAIp-_mswURnUl29Fm7TMyIHDd7kSGkcf0LGiZvirhsUvWvneSTwliC_kFguUw43muZrwRfCNJ0JOvcShbjFTON1o9V8CTQu2p5W5GLYU0FTADlknfvuIu9RjOQC7m6V8hN2BZy-YfsPDa[1].giff
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAD4, Type: Inline - RelativeJump 0x804E2AD4-->804E2A8F [ntoskrnl.exe]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[356]explorer.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]



Thank you

Debby

 

[Jack&Jill]

Hello glass ninja ,

Did you install Avast after the Rootkit Unhooker scan? Or before?

Are you using a router?

Between Spybot - Search & Destroy and Windows Defender, please choose one and uninstall the other to prevent conflict and slowing down of your computer. One is good, but more does not mean it is better.

--------------------

Check router / modem

• Open Notepad. Copy and paste the following text into it:
  

  @echo off
  >router.txt (
  ipconfig /all
  nslookup google.com
  nslookup yahoo.com
  ping -n 2 google.com
  ping -n 2 yahoo.com
  route print
  )
  start router.txt
  del %0

• Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
• Double click on router.bat to run it. Allow if prompted by any security software.
• Post the contents of router.txt. It is found on your desktop.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.

• Alternatively, you may get the zip version and extract the file to the desktop.
• Double click on TDSSKiller.exe to execute it.
• Press Start scan to begin.
• If anything is found, please change all the actions to Skip only.
• Then click on Continue at the lower right corner.
• You may be prompted to reboot your computer, please consent.
• Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
• Please post the contents of this log.

--------------------

Please post back:
1. the answers to my questions
2. contents of router.txt
3. TDSSKiller log

 

[glass ninja]

Hi and good morning-

First, i installed the Avast AFTER I did the rootkit unhooker. I go in the order your instructions are posted

I am not using a router, i am connected directly to a modem.

And I uninstalled the windows defender.

Here is the log from the router.bat:



Windows IP Configuration



Host Name . . . . . . . . . . . . : debbysdiplomat

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : twcny.rr.com



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : twcny.rr.com

Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter

Physical Address. . . . . . . . . : 00-01-6C-B2-AE-88

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 67.246.120.153

Subnet Mask . . . . . . . . . . . : 255.255.224.0

Default Gateway . . . . . . . . . : 67.246.96.1

DHCP Server . . . . . . . . . . . : 10.236.64.1

DNS Servers . . . . . . . . . . . : 209.18.47.61

209.18.47.62

Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 AM

Lease Expires . . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 PM

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.225.16, 74.125.225.17, 74.125.225.18, 74.125.225.19
74.125.225.20

Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70



Pinging google.com [74.125.225.18] with 32 bytes of data:



Reply from 74.125.225.18: bytes=32 time=35ms TTL=56

Reply from 74.125.225.18: bytes=32 time=38ms TTL=56



Ping statistics for 74.125.225.18:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 35ms, Maximum = 38ms, Average = 36ms



Pinging yahoo.com [72.30.2.43] with 32 bytes of data:



Reply from 72.30.2.43: bytes=32 time=75ms TTL=55

Reply from 72.30.2.43: bytes=32 time=75ms TTL=55



Ping statistics for 72.30.2.43:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 75ms, Maximum = 75ms, Average = 75ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c b2 ae 88 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.246.96.1 67.246.120.153 20
67.246.96.0 255.255.224.0 67.246.120.153 67.246.120.153 20
67.246.120.153 255.255.255.255 127.0.0.1 127.0.0.1 20
67.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 67.246.120.153 67.246.120.153 20
255.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 1
Default Gateway: 67.246.96.1
===========================================================================
Persistent Routes:
None


And here is the log of the TDSSKiller. I did not have to "skip" anything, nor did it ask me to reboot.



2011/03/22 06:27:36.0288 1716 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0429 1716 SystemInfo:
2011/03/22 06:27:36.0429 1716
2011/03/22 06:27:36.0429 1716 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/22 06:27:36.0429 1716 Product type: Workstation
2011/03/22 06:27:36.0429 1716 ComputerName: DEBBYSDIPLOMAT
2011/03/22 06:27:36.0429 1716 UserName: Debby
2011/03/22 06:27:36.0429 1716 Windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 System windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 Processor architecture: Intel x86
2011/03/22 06:27:36.0429 1716 Number of processors: 1
2011/03/22 06:27:36.0429 1716 Page size: 0x1000
2011/03/22 06:27:36.0429 1716 Boot type: Normal boot
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0882 1716 Initialize success
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:57.0866 3660 Scan started
2011/03/22 06:27:57.0866 3660 Mode: Manual;
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:58.0523 3660 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/22 06:27:58.0788 3660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/22 06:27:58.0929 3660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/22 06:27:59.0116 3660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/22 06:27:59.0241 3660 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/22 06:27:59.0570 3660 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/03/22 06:27:59.0741 3660 ALCXWDM (9a6a99f0d75b457e3a2267776ebe9f47) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/22 06:27:59.0991 3660 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/03/22 06:28:00.0382 3660 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/22 06:28:00.0507 3660 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/22 06:28:00.0648 3660 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/22 06:28:00.0804 3660 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/22 06:28:00.0945 3660 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/22 06:28:01.0163 3660 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/22 06:28:01.0320 3660 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/22 06:28:01.0554 3660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/22 06:28:01.0648 3660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/22 06:28:01.0835 3660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/22 06:28:01.0945 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/22 06:28:02.0070 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/22 06:28:02.0163 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/22 06:28:02.0335 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/22 06:28:02.0429 3660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/22 06:28:02.0570 3660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/22 06:28:03.0054 3660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/22 06:28:03.0179 3660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/22 06:28:03.0304 3660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/22 06:28:03.0429 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/22 06:28:03.0538 3660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/22 06:28:03.0710 3660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/22 06:28:03.0851 3660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/22 06:28:03.0991 3660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/22 06:28:04.0132 3660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/22 06:28:04.0226 3660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/22 06:28:04.0335 3660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/22 06:28:04.0445 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/22 06:28:04.0507 3660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/22 06:28:04.0601 3660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/22 06:28:04.0788 3660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/22 06:28:04.0960 3660 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/22 06:28:05.0070 3660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/22 06:28:05.0195 3660 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/22 06:28:05.0335 3660 HSFHWBS2 (c27c1231a205086d35088e13817985b0) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/22 06:28:05.0538 3660 HSF_DP (73d70d6b8516075fb4de65726f74a121) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/22 06:28:05.0757 3660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/22 06:28:06.0038 3660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/22 06:28:06.0163 3660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/22 06:28:06.0460 3660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/22 06:28:06.0570 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/22 06:28:06.0679 3660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/22 06:28:06.0773 3660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/22 06:28:06.0866 3660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/22 06:28:06.0976 3660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/22 06:28:07.0101 3660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/22 06:28:07.0226 3660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/22 06:28:07.0335 3660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/22 06:28:07.0476 3660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/22 06:28:07.0601 3660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/22 06:28:07.0851 3660 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/22 06:28:07.0960 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/22 06:28:08.0070 3660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/22 06:28:08.0179 3660 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/22 06:28:08.0288 3660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/22 06:28:08.0382 3660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/22 06:28:08.0538 3660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/22 06:28:08.0663 3660 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/22 06:28:08.0851 3660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/22 06:28:08.0960 3660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/22 06:28:09.0070 3660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/22 06:28:09.0179 3660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/22 06:28:09.0304 3660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/22 06:28:09.0413 3660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/22 06:28:09.0538 3660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/22 06:28:09.0679 3660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/22 06:28:09.0788 3660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/22 06:28:09.0882 3660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/22 06:28:09.0991 3660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/22 06:28:10.0101 3660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/22 06:28:10.0195 3660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/22 06:28:10.0398 3660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/22 06:28:10.0554 3660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/22 06:28:10.0741 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/22 06:28:10.0851 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/22 06:28:10.0976 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/22 06:28:11.0148 3660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/22 06:28:11.0273 3660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/22 06:28:11.0382 3660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/22 06:28:11.0491 3660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/22 06:28:11.0679 3660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/22 06:28:11.0788 3660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/22 06:28:11.0898 3660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/22 06:28:12.0445 3660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/22 06:28:12.0585 3660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/22 06:28:12.0804 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/22 06:28:13.0195 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/22 06:28:13.0304 3660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/22 06:28:13.0460 3660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/22 06:28:13.0616 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/22 06:28:13.0757 3660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/22 06:28:13.0898 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/22 06:28:14.0023 3660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/22 06:28:14.0179 3660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/22 06:28:14.0413 3660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/22 06:28:14.0554 3660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/22 06:28:14.0663 3660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/22 06:28:14.0804 3660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/22 06:28:15.0007 3660 SiS315 (5229a7f27cbe7645a17e7744770dda6b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/03/22 06:28:15.0163 3660 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/03/22 06:28:15.0288 3660 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2011/03/22 06:28:15.0413 3660 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
2011/03/22 06:28:15.0538 3660 SiSkp (a93b5b3710f4b94f1190f71edf6a8296) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/03/22 06:28:15.0679 3660 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/03/22 06:28:15.0788 3660 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
2011/03/22 06:28:15.0976 3660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/22 06:28:16.0179 3660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/22 06:28:16.0366 3660 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/22 06:28:16.0585 3660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/22 06:28:16.0710 3660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/22 06:28:17.0038 3660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/22 06:28:17.0195 3660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/22 06:28:17.0335 3660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/22 06:28:17.0429 3660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/22 06:28:17.0554 3660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/22 06:28:17.0741 3660 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/22 06:28:17.0851 3660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/22 06:28:18.0070 3660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/22 06:28:18.0273 3660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/22 06:28:18.0382 3660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/22 06:28:18.0491 3660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/22 06:28:18.0632 3660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/22 06:28:18.0757 3660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/22 06:28:18.0851 3660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/22 06:28:18.0945 3660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/22 06:28:19.0054 3660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/22 06:28:19.0226 3660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/22 06:28:19.0366 3660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/22 06:28:19.0538 3660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/22 06:28:19.0695 3660 winachsf (9c26534a3d2aa00352ffcd23bfef1399) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/22 06:28:19.0991 3660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/22 06:28:20.0195 3660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/22 06:28:20.0320 3660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:20.0601 3660 Scan finished
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:53.0273 3424 Deinitialize success


Thank you!!

Debby

 

[Jack&Jill]

Hello glass ninja ,

Please download OTL© by OldTimer from one of the links below and save it to your desktop.

Link 1
Link 2

Scan with OTL

• Double click on OTL.exe to run it.
• Make sure all the Use SafeList options is checked (ticked). There are six of them.
• Check Scan All Users.
• At the lower right corner, check LOP Check and Purity Check.
• Click on Run Scan at the top left hand corner. This might take a while.
• When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
  Note: These files are saved as OTL.txt and Extras.txt on the desktop.

--------------------

Please post back:
1. the OTL logs (OTL.txt and Extras.txt)

 

[glass ninja]

Hello-

Here are the logs you requested.

Thanks!!

Debby


OTL logfile created on: 3/22/2011 12:58:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
PRC - [2011/03/03 10:46:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/05/12 17:23:42 | 000,335,872 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE


========== Modules (SafeList) ==========

MOD - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)


========== Driver Services (SafeList) ==========

DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/11/02 16:31:02 | 000,219,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/11/02 16:30:02 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/02 16:29:28 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 15:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 23:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101

FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/13 05:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/21 14:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 10:47:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 10:47:00 | 000,000,000 | ---D | M]

[2008/11/16 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Extensions
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions
[2010/09/20 11:42:54 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/07 09:10:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/21 14:07:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/01/24 14:42:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2008/11/13 04:18:52 | 000,288,002 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9925 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1226554902171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 08:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun\command - "" = nemoj\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\explore\command - "" = nemoj\\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\open\command - "" = nemoj\\\meni.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/21 14:08:05 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/21 14:08:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/21 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/21 14:08:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/21 14:08:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/21 14:07:59 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/21 14:07:58 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/21 14:07:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/21 14:07:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/21 14:07:09 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/21 14:07:08 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/20 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Temp
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/15 17:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\My Documents\fark
[2011/02/22 14:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Start Menu\Programs\BrowserPlus
[2011/02/22 14:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!
[2008/11/12 14:53:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Debby\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/22 12:43:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/21 14:08:06 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 14:07:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/21 13:30:51 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 13:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 08:11:54 | 000,305,992 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:47 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/13 16:13:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 06:57:09 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 06:57:08 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/04 11:01:06 | 000,016,233 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2011/02/25 08:46:51 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 09:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 14:08:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 08:11:54 | 000,305,992 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:46 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/04 11:01:00 | 000,016,233 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2010/09/06 17:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2010/09/06 17:52:04 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2010/09/06 17:50:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\Tracer.dll
[2010/09/06 17:50:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SheriffNet.dll
[2009/12/07 01:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/21 11:32:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/13 12:24:52 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2008/12/28 22:01:19 | 000,113,167 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/12/28 22:01:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/11/30 09:06:43 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/11/24 08:07:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 16:06:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/16 15:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/12 14:57:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/11/12 14:53:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\inst.exe
[2008/11/12 14:53:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.cat
[2008/11/12 14:53:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.inf
[2008/10/27 09:18:47 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Debby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 09:07:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/10/27 09:07:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/10/27 09:02:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/10/27 09:01:36 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/10/27 09:01:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/10/27 09:01:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/10/27 09:01:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/10/27 09:01:02 | 000,102,683 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/10/27 08:53:30 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/10/27 08:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 08:37:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 03:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 03:15:49 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\b.dll
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

========== LOP Check ==========

[2008/11/23 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2731C
[2011/03/21 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/04 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/07 20:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/23 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/12/26 08:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/06 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\FrostWire
[2011/02/08 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Image Zone Express
[2008/11/12 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\InterVideo
[2008/12/26 09:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\iWin
[2008/12/18 09:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Leadertech
[2009/10/10 00:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\LimeWire
[2010/12/12 05:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\StumbleUpon
[2009/02/13 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Template
[2010/12/21 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Vso
[2008/11/13 02:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Desktop Search
[2009/04/08 09:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Search
[2009/06/17 10:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Leadertech
[2008/12/28 13:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Windows Desktop Search

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980

< End of report >



and the extras:


OTL Extras logfile created on: 3/22/2011 12:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS

Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe" = C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- (Safer Networking Limited)
"C:\Program Files\SpywareBlaster\spywareblaster.exe" = C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Start Avira AntiVir Personal
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\TCPOptimizer\TCPOptimizer.exe" = C:\Program Files\TCPOptimizer\TCPOptimizer.exe:*:Enabled:TCPOptimizer -- (Speed Guide Inc.)
"C:\Program Files\CodeStuff\Starter\Starter.exe" = C:\Program Files\CodeStuff\Starter\Starter.exe:*:Enabled:Starter
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe:*:Enabled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*isabled:Microsoft Management Console -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200314F1" = Creative Modem Blaster PCI Value DI5652-1
"Doc Scrubber_is1" = Doc Scrubber v1.1
"EasyRecovery" = EasyRecovery Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Glass Eye 2000" = Glass Eye 2000
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetAlyzer_is1" = NetAlyzer 0.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/17/2011 4:48:58 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 2/17/2011 7:28:01 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/18/2011 5:13:10 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.

Error - 2/20/2011 9:37:59 AM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
sdl.dll, version 1.2.7.0, fault address 0x0002638e.

Error - 2/28/2011 1:51:09 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 6.0.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 3/1/2011 5:41:23 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3986, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ OSession Events ]
Error - 9/12/2009 5:59:00 AM | Computer Name = DEBBYSDIPLOMAT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32902
seconds with 480 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126

Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126


< End of report >

 

[Jack&Jill]

Hello glass ninja ,

I need you to explain a bit more about the symptoms. Are they happening for both Internet Explorer and Firefox? What sites do you get redirect to? Please provide example in this manner: badsite[dot]com. When did it start?

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.

• Click here to go to ESET Online Scanner page.
• Click on Run ESET Online Scanner. A new window will open.
  For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
• After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
• You will be prompted to install an ActiveX Control from ESET. Please install.
• At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
• Then, check Scan archives.
• Now, click on Advanced settings and make sure all these are checked:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology
• Click on Scan to proceed.
• When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
• Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. the answers to my questions
2. the ESET online scan result

 

[glass ninja]

Good morning-

to answer your questions: the redirecting started about 6 days ago. I was looking to buy a certain product wholesale, so i did a google search. I believe one of the sites I clicked was "bad" and infected me. It was right after that I started getting redirected - mostly to other shopping sites. When it first started, it was happening both in IE and firefox. And it was still happening in BOTH yesterday. But today when I tried to get you an example in firefox, the redirecting seemed to have stopped in firefox. But it IS still happening in IE. Here is an example:

I did a google search through the toolbar for "malware removal". The first result I got was:

search.us.b00kmarks[dot]com/search.php?keyword=malware+removal

I did the same search, clicked on the same link, and got:

stopzilla[dot]com/products/stopzilla/antivirus.do?aid=10273&cid=malware3152-FA342BBD_malware+removal

After I click on the link, and am waiting to get "redirected", there are several things that flash through the address bar. I tried to write one of them down, but they go too fast for me to get.


and here is the log from the ESET sscan:


ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6fbc1179dacc21448a0b8bd0f787a43a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-23 04:32:54
# local_time=2011-03-23 12:32:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52873
# found=5
# cleaned=0
# scan_time=7876
C:\Documents and Settings\Debby\Application Data\Sun\Java\Deployment\cache\6.0\48\24c80fb0-301a3bd8 Java/TrojanDownloader.OpenStream.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\explorer.exe a variant of Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\b.dll Win32/Bamital.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Bamital.FH trojan 00000000000000000000000000000000 I





Thanks!!

Debby