Hi and good morning-
Got the last reply. I don't even know what all that stuff is. I primarily use my PC for email and updating my business website.
The man who fixed my computer several years ago installed a bunch of stuff on it (nero, fab 5, dvd ripper, etc). I have never even used it and didn't even know it was "bad". I'm really not that tech savvy.
How do I get rid of it all? Do I uninstall it from add/remove?
And what is the "keygen" stuff? How do I remove it?
Thanks-
Debby
Hi again-
Ok - I went in through explore and deleted everything that was on the list.
I am feeling like this is making me look really bad. This was NOT my stuff. I knew it was on my PC - the man who fixed my PC told me it was for DVDs, etc. If I had known this was "bad" or illegal, I would have never even have posted it here in the first place. The only one I knew about was the Frostwire/Limewire. I just really didn't know about the other stuff. I guess I can't trust "friends" to fix my computer.
Anyway, here is the new log. Like I said, I went through explorer to delete it. If there are any remnants of the programs left, it is due only to my ignorance and/or not knowing how to remove them fully.
Thanks for your patience.
debby
CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11
----- EOF -----
Hello glass ninja,
Please uninstall WinRAR archiver as well via Add/Remove Programs at the Control Panel.
Thank you removing all the illegal stuffs.
--------------------
Please close all programs and do not run any others before and during the Rootkit Unhooker scan. Do not use the computer for anything else until after the scan is completed.
Please download Rootkit Unhooker and save it to your desktop. Click here.
- Double click RKUnhookerLE.exe to run it.
- Click the Report tab, then click Scan.
- Ensure the following are checked (ticked):
- Drivers
- Stealth Code
- Files
- Code Hooks
- Uncheck the rest, then click OK. An initial scan will be performed.
- When prompted to Select Disks for Scan, make sure C:\ is checked and click OK.
- Wait until the scanner is done, then click on File at the pull down menu, followed by Save Report.
- Save the report somewhere you can find it. Click Close to exit.
- Copy the entire contents of the report and paste it in your next reply.
You may get a warning about parasite detection. Please click OK to continue.
--------------------
I do not see any Antivirus (AV) installed on your machine. AV is a very critical part of your system to keep the it safe and clean. Without it, a computer can easily get infected. Please download and install an AV from one of the links below:
Avast
Avira
Microsoft Security Essentials
You should only select one of these three, and keep only one installed.
--------------------
Please post back:
1. the Rootkit Unhooker log
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.
Your donation helps in improving Spybot-S&D!
Hi-
Thanks for your patience with me.
I have uninstalled the WINRAR from add/remove programs. To double check, I went to explore. There was a WINRAR file showing. I deleted that as well. Hopefully I'm clean now!!
I also have installed Avast antivirus.
Here is the log from the rootkit unhooker:
RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
>Drivers
==============================================
0xBF012000 C:\WINDOWS\System32\SiSGRV.dll 4509696 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0x804D7000 C:\WINDOWS\system32\ntoskrnl.exe 2192768 bytes (Microsoft Corporation, NT Kernel & System)
0x804D7000 PnpManager 2192768 bytes
0x804D7000 RAW 2192768 bytes
0x804D7000 WMIxWDM 2192768 bytes
0xBF800000 Win32k 1855488 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1855488 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0xF685C000 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 1040384 bytes (Conexant Systems, Inc., HSF_DP driver)
0xF6790000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 704512 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xF6AFA000 C:\WINDOWS\system32\drivers\ALCXWDM.SYS 606208 bytes (Realtek Semiconductor Corp., Realtek AC'97 Audio Driver (WDM))
0xF76A9000 Ntfs.sys 577536 bytes (Microsoft Corporation, NT File System Driver)
0xB53C8000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF69EB000 C:\WINDOWS\system32\drivers\ALCXSENS.SYS 401408 bytes (Sensaura, Sensaura WDM 3D Audio Driver)
0xF66B7000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xB5525000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xA8B64000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xF6C5C000 C:\WINDOWS\system32\DRIVERS\sisgrp.sys 344064 bytes (Silicon Integrated Systems Corporation, SiS Compatible Super VGA Driver)
0xBF45F000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xA85D5000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xF695A000 C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 221184 bytes (Conexant Systems, Inc., HSF_HWB2 WDM driver)
0xF77C8000 ACPI.sys 188416 bytes (Microsoft Corporation, ACPI Driver for NT)
0xA8C0C000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF767C000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xB5460000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xB54FD000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xB534B000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xF6A96000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF69AE000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6B8E000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xB54DB000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x806EF000 ACPI_HAL 131840 bytes
0x806EF000 C:\WINDOWS\system32\hal.dll 131840 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF7760000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF7798000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT Disk Driver)
0xF7662000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF7780000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xA8C81000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF7749000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6765000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xA8A5F000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xF677C000 C:\WINDOWS\system32\DRIVERS\parport.sys 81920 bytes (Microsoft Corporation, Parallel Port Driver)
0xF6BB1000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xB557E000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xF7736000 WudfPf.sys 77824 bytes (Microsoft Corporation, Windows Driver Foundation - User-mode Driver Framework Platform Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF77B7000 pci.sys 69632 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0xF6754000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xA92A6000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7917000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7967000 C:\WINDOWS\system32\DRIVERS\serial.sys 65536 bytes (Microsoft Corporation, Serial Device Driver)
0xF7937000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7927000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook Audio Filter Driver)
0xF7A67000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF65C2000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7857000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xB5CD6000 C:\WINDOWS\system32\DRIVERS\HPZid412.sys 53248 bytes (HP, IEEE-1284.4-1999 Driver (Windows 2000))
0xF7987000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042 Port Driver)
0xF79A7000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF7837000 VolSnap.sys 53248 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0xF79D7000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF7877000 sisidex.sys 49152 bytes (Windows (R) 2000 DDK provider, SISIDEX Driver)
0xB6D33000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS Crypto Driver)
0xF7907000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7827000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF79C7000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7867000 uagp35.sys 45056 bytes (Microsoft Corporation, MS AGPv3.5 Filter)
0xF78E7000 C:\WINDOWS\system32\DRIVERS\amdk7.sys 40960 bytes (Microsoft Corporation, Processor Device Driver)
0xF7817000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP ISA Bus Driver)
0xF7A77000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF7887000 SISAGPX.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS AGPv3.5 Filter)
0xF6D20000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xF7847000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6D40000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xB6D43000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xADADE000 C:\WINDOWS\System32\Drivers\Normandy.SYS 36864 bytes (RKU Driver)
0xB6D23000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF7B97000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modem Device Driver)
0xB6766000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7B87000 C:\WINDOWS\system32\DRIVERS\sisnic.sys 32768 bytes (SiS Corporation, SiS PCI Fast Ethernet Adapter Driver)
0xB672E000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF7B7F000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF7B9F000 C:\WINDOWS\system32\DRIVERS\fdc.sys 28672 bytes (Microsoft Corporation, Floppy Disk Controller Driver)
0xB7178000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF7A97000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xB671E000 C:\WINDOWS\system32\DRIVERS\usbprint.sys 28672 bytes (Microsoft Corporation, USB Printer driver)
0xB59F6000 C:\WINDOWS\system32\DRIVERS\HPZius12.sys 24576 bytes (HP, 1284.4<->Usb Datalink Driver (Windows 2000))
0xF7BAF000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 24576 bytes (Microsoft Corporation, Keyboard Class Driver)
0xF7BA7000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mouse Class Driver)
0xB7170000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7C07000 C:\WINDOWS\System32\drivers\aspi32.sys 20480 bytes (Adaptec, ASPI for WIN32 Kernel Driver)
0xB7190000 C:\WINDOWS\system32\DRIVERS\flpydisk.sys 20480 bytes (Microsoft Corporation, Floppy Driver)
0xB7168000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF7A9F000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF7BD7000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF7BDF000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xB675E000 C:\WINDOWS\system32\DRIVERS\srvkp.sys 20480 bytes (Silicon Integrated Systems Corporation, SiS VGA Driver Manager)
0xF7BC7000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF7B77000 C:\WINDOWS\system32\DRIVERS\usbohci.sys 20480 bytes (Microsoft Corporation, OHCI USB Miniport Driver)
0xA94BF000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xB7101000 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys 16384 bytes (HP, IEEE-1284.4-1999 Print Class Driver)
0xF7CF3000 C:\WINDOWS\system32\drivers\MODEMCSA.sys 16384 bytes (Microsoft Corporation, Unimodem CSA Filter)
0xF7CD7000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xAD4F2000 C:\WINDOWS\system32\DRIVERS\ndisuio.sys 16384 bytes (Microsoft Corporation, NDIS User mode I/O Driver)
0xF7CBB000 C:\WINDOWS\system32\DRIVERS\serenum.sys 16384 bytes (Microsoft Corporation, Serial Port Enumerator)
0xB7105000 C:\WINDOWS\system32\DRIVERS\usbscan.sys 16384 bytes (Microsoft Corporation, USB Scanner Driver)
0xF7C27000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xA934F000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xADE46000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 12288 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7CBF000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF5C08000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7C2B000 sisperf.sys 12288 bytes (Silicon Integrated Systems Corp., SiS Filter Driver)
0xF7D9F000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7DBF000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7D9D000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7D17000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7DA1000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xA8CC9000 C:\WINDOWS\System32\Drivers\ParVdm.SYS 8192 bytes (Microsoft Corporation, VDM Parallel Driver)
0xF7DA3000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7D45000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xB37FC000 C:\WINDOWS\system32\Drivers\uphcleanhlp.sys 8192 bytes
0xF7D67000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7D19000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7E28000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xA90DA000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7EDB000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7DDF000 pciide.sys 4096 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7DE0000 siside.sys 4096 bytes (Silicon Integrated Systems Corp., SiS PCI Mini IDE Driver)
==============================================
>Stealth
==============================================
WARNING: Virus alike driver modification [ndistapi.sys]
WARNING: Virus alike driver modification [bthpan.sys]
WARNING: Virus alike driver modification [sffp_mmc.sys]
WARNING: Virus alike driver modification [HSF_DP.sys]
WARNING: Virus alike driver modification [hidusb.sys]
WARNING: Virus alike driver modification [HSFDPSP2.sys]
WARNING: Virus alike driver modification [dxapi.sys]
WARNING: Virus alike driver modification [atinrvxx.sys]
WARNING: Virus alike driver modification [mup.sys]
WARNING: Virus alike driver modification [sffp_sd.sys]
WARNING: Virus alike driver modification [irenum.sys]
WARNING: Virus alike driver modification [wadv08nt.sys]
WARNING: Virus alike driver modification [sfloppy.sys]
WARNING: Virus alike driver modification [ati1mdxx.sys]
WARNING: Virus alike driver modification [acpiec.sys]
WARNING: Virus alike driver modification [cpqdap01.sys]
WARNING: Virus alike driver modification [wadv07nt.sys]
WARNING: Virus alike driver modification [wadv09nt.sys]
WARNING: Virus alike driver modification [sffdisk.sys]
WARNING: Virus alike driver modification [wadv11nt.sys]
WARNING: Virus alike driver modification [pcmcia.sys]
WARNING: Virus alike driver modification [nikedrv.sys]
WARNING: Virus alike driver modification [rio8drv.sys]
WARNING: Virus alike driver modification [riodrv.sys]
WARNING: Virus alike driver modification [ws2ifsl.sys]
WARNING: Virus alike driver modification [tdpipe.sys]
WARNING: Virus alike driver modification [ati1pdxx.sys]
WARNING: Virus alike driver modification [fsvga.sys]
WARNING: Virus alike driver modification [usbvideo.sys]
WARNING: Virus alike driver modification [tunmp.sys]
WARNING: Virus alike driver modification [nwlnkflt.sys]
WARNING: Virus alike driver modification [ftdisk.sys]
WARNING: Virus alike driver modification [mtlmnt5.sys]
WARNING: Virus alike driver modification [mutohpen.sys]
WARNING: Virus alike driver modification [usb8023.sys]
WARNING: Virus alike driver modification [usb8023x.sys]
WARNING: Virus alike driver modification [slnt7554.sys]
WARNING: Virus alike driver modification [fltmgr.sys]
WARNING: Virus alike driver modification [mdmxsdk.sys]
WARNING: Virus alike driver modification [mtlstrm.sys]
WARNING: Virus alike driver modification [slwdmsup.sys]
WARNING: Virus alike driver modification [recagent.sys]
WARNING: Virus alike driver modification [atinmdxx.sys]
WARNING: Virus alike driver modification [atinttxx.sys]
WARNING: Virus alike driver modification [afd.sys]
WARNING: Virus alike driver modification [cbidf2k.sys]
WARNING: Virus alike driver modification [rdpwd.sys]
WARNING: Virus alike driver modification [ks.sys]
WARNING: Virus alike driver modification [diskdump.sys]
WARNING: Virus alike driver modification [wacompen.sys]
WARNING: Virus alike driver modification [asyncmac.sys]
WARNING: Virus alike driver modification [atinpdxx.sys]
WARNING: Virus alike driver modification [fastfat.sys]
WARNING: Virus alike driver modification [usbport.sys]
WARNING: Virus alike driver modification [hdaudbus.sys]
WARNING: Virus alike driver modification [kbdhid.sys]
WARNING: Virus alike driver modification [ndisuio.sys]
WARNING: Virus alike driver modification [smclib.sys]
WARNING: Virus alike driver modification [portcls.sys]
WARNING: Virus alike driver modification [tape.sys]
WARNING: Virus alike driver modification [usbscan.sys]
WARNING: Virus alike driver modification [ipnat.sys]
WARNING: Virus alike driver modification [dmio.sys]
WARNING: Virus alike driver modification [mssmbios.sys]
WARNING: Virus alike driver modification [serenum.sys]
WARNING: Virus alike driver modification [usbintel.sys]
WARNING: Virus alike driver modification [MODEMCSA.sys]
WARNING: Virus alike driver modification [netbt.sys]
WARNING: Virus alike driver modification [HPZipr12.sys]
WARNING: Virus alike driver modification [ASPI32.SYS]
WARNING: Virus alike driver modification [raspti.sys]
WARNING: Virus alike driver modification [s3gnbm.sys]
WARNING: Virus alike driver modification [bthenum.sys]
WARNING: Virus alike driver modification [usbohci.sys]
WARNING: Virus alike driver modification [kmixer.sys]
WARNING: Virus alike driver modification [rdbss.sys]
WARNING: Virus alike driver modification [ptilink.sys]
WARNING: Virus alike driver modification [ntmtlfax.sys]
WARNING: Virus alike driver modification [mrxdav.sys]
WARNING: Virus alike driver modification [ndis.sys]
WARNING: Virus alike driver modification [cdaudio.sys]
WARNING: Virus alike driver modification [acpi.sys]
WARNING: Virus alike driver modification [bthusb.sys]
WARNING: Virus alike driver modification [nv4_mini.sys]
WARNING: Virus alike driver modification [msfs.sys]
WARNING: Virus alike driver modification [srvkp.sys]
WARNING: Virus alike driver modification [tdi.sys]
WARNING: Virus alike driver modification [hidir.sys]
WARNING: Virus alike driver modification [rdpdr.sys]
WARNING: Virus alike driver modification [partmgr.sys]
WARNING: Virus alike driver modification [rmcast.sys]
WARNING: Virus alike driver modification [flpydisk.sys]
WARNING: Virus alike driver modification [secdrv.sys]
WARNING: Virus alike driver modification [ipinip.sys]
WARNING: Virus alike driver modification [vga.sys]
WARNING: Virus alike driver modification [ati1ttxx.sys]
WARNING: Virus alike driver modification [tsbvcap.sys]
WARNING: Virus alike driver modification [HPZius12.sys]
WARNING: Virus alike driver modification [tdtcp.sys]
WARNING: Virus alike driver modification [HSFHWBS2.sys]
WARNING: Virus alike driver modification [HSFBS2S2.sys]
WARNING: Virus alike driver modification [watv06nt.sys]
WARNING: Virus alike driver modification [tcpip6.sys]
WARNING: Virus alike driver modification [mouclass.sys]
WARNING: Virus alike driver modification [kbdclass.sys]
WARNING: Virus alike driver modification [hidparse.sys]
WARNING: Virus alike driver modification [pciidex.sys]
WARNING: Virus alike driver modification [sonydcam.sys]
WARNING: Virus alike driver modification [watv10nt.sys]
WARNING: Virus alike driver modification [hidbth.sys]
WARNING: Virus alike driver modification [usbcamd.sys]
WARNING: Virus alike driver modification [usbcamd2.sys]
WARNING: Virus alike driver modification [usbprint.sys]
WARNING: Virus alike driver modification [cinemst2.sys]
WARNING: Virus alike driver modification [ati1snxx.sys]
WARNING: Virus alike driver modification [usbstor.sys]
WARNING: Virus alike driver modification [http.sys]
WARNING: Virus alike driver modification [bthport.sys]
WARNING: Virus alike driver modification [fdc.sys]
WARNING: Virus alike driver modification [atinsnxx.sys]
WARNING: Virus alike driver modification [ati1xbxx.sys]
WARNING: Virus alike driver modification [modem.sys]
WARNING: Virus alike driver modification [usbehci.sys]
WARNING: Virus alike driver modification [rndismp.sys]
WARNING: Virus alike driver modification [rndismpx.sys]
WARNING: Virus alike driver modification [ati1raxx.sys]
WARNING: Virus alike driver modification [npfs.sys]
WARNING: Virus alike driver modification [atmepvc.sys]
WARNING: Virus alike driver modification [atinxbxx.sys]
WARNING: Virus alike driver modification [usbccgp.sys]
WARNING: Virus alike driver modification [sisnic.sys]
WARNING: Virus alike driver modification [sisgrp.sys]
WARNING: Virus alike driver modification [nwlnkfwd.sys]
WARNING: Virus alike driver modification [ati2mtaa.sys]
WARNING: Virus alike driver modification [ipfltdrv.sys]
WARNING: Virus alike driver modification [rawwan.sys]
WARNING: Virus alike driver modification [wanarp.sys]
WARNING: Virus alike driver modification [netbios.sys]
WARNING: Virus alike driver modification [ati1xsxx.sys]
WARNING: Virus alike driver modification [msgpc.sys]
WARNING: Virus alike driver modification [atmuni.sys]
WARNING: Virus alike driver modification [srv.sys]
WARNING: Virus alike driver modification [processr.sys]
WARNING: Virus alike driver modification [tcpip.sys]
WARNING: Virus alike driver modification [disk.sys]
WARNING: Virus alike driver modification [intelppm.sys]
WARNING: Virus alike driver modification [ati1tuxx.sys]
WARNING: Virus alike driver modification [bthprint.sys]
WARNING: Virus alike driver modification [ip6fw.sys]
WARNING: Virus alike driver modification [crusoe.sys]
WARNING: Virus alike driver modification [hidclass.sys]
WARNING: Virus alike driver modification [SISAGPX.SYS]
WARNING: Virus alike driver modification [isapnp.sys]
WARNING: Virus alike driver modification [amdk6.sys]
WARNING: Virus alike driver modification [amdk7.sys]
WARNING: Virus alike driver modification [bthmodem.sys]
WARNING: Virus alike driver modification [update.sys]
WARNING: Virus alike driver modification [wpdusb.sys]
WARNING: Virus alike driver modification [ALCXSENS.SYS]
WARNING: Virus alike driver modification [nmnt.sys]
WARNING: Virus alike driver modification [slntamr.sys]
WARNING: Virus alike driver modification [termdd.sys]
WARNING: Virus alike driver modification [siside.sys]
WARNING: Virus alike driver modification [ndproxy.sys]
WARNING: Virus alike driver modification [sisagp.sys]
WARNING: Virus alike driver modification [raspppoe.sys]
WARNING: Virus alike driver modification [imapi.sys]
WARNING: Virus alike driver modification [beep.sys]
WARNING: Virus alike driver modification [mnmdd.sys]
WARNING: Virus alike driver modification [rdpcdd.sys]
WARNING: Virus alike driver modification [viaagp.sys]
WARNING: Virus alike driver modification [agp440.sys]
WARNING: Virus alike driver modification [mountmgr.sys]
WARNING: Virus alike driver modification [alim1541.sys]
WARNING: Virus alike driver modification [p3.sys]
WARNING: Virus alike driver modification [amdagp.sys]
WARNING: Virus alike driver modification [swenum.sys]
WARNING: Virus alike driver modification [wmilib.sys]
WARNING: Virus alike driver modification [fips.sys]
WARNING: Virus alike driver modification [uagp35.sys]
WARNING: Virus alike driver modification [agpcpq.sys]
WARNING: Virus alike driver modification [mtxparhm.sys]
WARNING: Virus alike driver modification [mrxsmb.sys]
WARNING: Virus alike driver modification [gagp30kx.sys]
WARNING: Virus alike driver modification [usbd.sys]
WARNING: Virus alike driver modification [pcouffin.sys]
WARNING: Virus alike driver modification [raspptp.sys]
WARNING: Virus alike driver modification [sisidex.sys]
WARNING: Virus alike driver modification [stream.sys]
WARNING: Virus alike driver modification [classpnp.sys]
WARNING: Virus alike driver modification [mspqm.sys]
WARNING: Virus alike driver modification [HPZid412.sys]
WARNING: Virus alike driver modification [rasl2tp.sys]
WARNING: Virus alike driver modification [tosdvd.sys]
WARNING: Virus alike driver modification [atinraxx.sys]
WARNING: Virus alike driver modification [volsnap.sys]
WARNING: Virus alike driver modification [i8042prt.sys]
WARNING: Virus alike driver modification [dmusic.sys]
WARNING: Virus alike driver modification [mspclock.sys]
WARNING: Virus alike driver modification [atmlane.sys]
WARNING: Virus alike driver modification [nwlnkspx.sys]
WARNING: Virus alike driver modification [swmidi.sys]
WARNING: Virus alike driver modification [ati1btxx.sys]
WARNING: Virus alike driver modification [ntfs.sys]
WARNING: Virus alike driver modification [redbook.sys]
WARNING: Virus alike driver modification [atinbtxx.sys]
WARNING: Virus alike driver modification [vdmindvd.sys]
WARNING: Virus alike driver modification [dmload.sys]
WARNING: Virus alike driver modification [rootmdm.sys]
WARNING: Virus alike driver modification [smbali.sys]
WARNING: Virus alike driver modification [rfcomm.sys]
WARNING: Virus alike driver modification [usbhub.sys]
WARNING: Virus alike driver modification [atmarpc.sys]
WARNING: Virus alike driver modification [drmk.sys]
WARNING: Virus alike driver modification [arp1394.sys]
WARNING: Virus alike driver modification [sysaudio.sys]
WARNING: Virus alike driver modification [ALCXWDM.SYS]
WARNING: Virus alike driver modification [nic1394.sys]
WARNING: Virus alike driver modification [splitter.sys]
WARNING: Virus alike driver modification [cdrom.sys]
WARNING: Virus alike driver modification [nwlnknb.sys]
WARNING: Virus alike driver modification [atinxsxx.sys]
WARNING: Virus alike driver modification [ati1rvxx.sys]
WARNING: Virus alike driver modification [cdfs.sys]
WARNING: Virus alike driver modification [mf.sys]
WARNING: Virus alike driver modification [serial.sys]
WARNING: Virus alike driver modification [udfs.sys]
WARNING: Virus alike driver modification [parvdm.sys]
WARNING: Virus alike driver modification [pci.sys]
WARNING: Virus alike driver modification [HSFCXTS2.sys]
WARNING: Virus alike driver modification [psched.sys]
WARNING: Virus alike driver modification [ati2mtag.sys]
WARNING: Virus alike driver modification [HSF_CNXT.sys]
WARNING: Virus alike driver modification [dxg.sys]
WARNING: Virus alike driver modification [bridge.sys]
WARNING: Virus alike driver modification [atintuxx.sys]
WARNING: Virus alike driver modification [sr.sys]
WARNING: Virus alike driver modification [ipsec.sys]
WARNING: Virus alike driver modification [mskssrv.sys]
WARNING: Virus alike driver modification [mcd.sys]
WARNING: Virus alike driver modification [WudfPf.sys]
WARNING: Virus alike driver modification [sdbus.sys]
WARNING: Virus alike driver modification [fs_rec.sys]
WARNING: Virus alike driver modification [dmboot.sys]
WARNING: Virus alike driver modification [parport.sys]
WARNING: Virus alike driver modification [videoprt.sys]
WARNING: Virus alike driver modification [WudfRd.sys]
WARNING: Virus alike driver modification [wdmaud.sys]
WARNING: Virus alike driver modification [rasacd.sys]
WARNING: Virus alike driver modification [nwlnkipx.sys]
WARNING: Virus alike driver modification [ndiswan.sys]
WARNING: Virus alike driver modification [ksecdd.sys]
WARNING: Virus alike driver modification [sisperf.sys]
WARNING: Virus alike driver modification [slnthal.sys]
WARNING: Virus alike driver modification [scsiport.sys]
WARNING: Virus alike driver modification [atapi.sys]
==============================================
>Files
==============================================
!-->[Hidden] C:\Documents and Settings\Debby\Local Settings\Temporary Internet Files\Content.IE5\TORSEJA1\8pEVNnJ32A5RPXhAIp-_mswURnUl29Fm7TMyIHDd7kSGkcf0LGiZvirhsUvWvneSTwliC_kFguUw43muZrwRfCNJ0JOvcShbjFTON1o9V8CTQu2p5W5GLYU0FTADlknfvuIu9RjOQC7m6V8hN2BZy-YfsPDa[1].giff
==============================================
>Hooks
==============================================
ntoskrnl.exe+0x00004AA2, Type: Inline - RelativeJump 0x804DBAA2-->804DBAA9 [ntoskrnl.exe]
ntoskrnl.exe+0x0000BAD4, Type: Inline - RelativeJump 0x804E2AD4-->804E2A8F [ntoskrnl.exe]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - RelativeJump 0x7C810E27-->00000000 [mssrch.dll]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2C [unknown_code_page]
[1636]searchindexer.exe-->kernel32.dll-->WriteFile, Type: Inline - SEH 0x7C810E2D [unknown_code_page]
[356]explorer.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DD1218-->00000000 [shimeng.dll]
[356]explorer.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77F110B4-->00000000 [shimeng.dll]
[356]explorer.exe-->kernel32.dll-->CreateProcessInternalW, Type: Inline - RelativeJump 0x7C8197B0-->00000000 [unknown_code_page]
[356]explorer.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->00000000 [shimeng.dll]
[356]explorer.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7C9C15A4-->00000000 [shimeng.dll]
[356]explorer.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E41133C-->00000000 [shimeng.dll]
[356]explorer.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x3D931480-->00000000 [shimeng.dll]
[356]explorer.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71AB109C-->00000000 [shimeng.dll]
Thank you
Debby
Hello glass ninja
Did you install Avast after the Rootkit Unhooker scan? Or before?
Are you using a router?
Between Spybot - Search & Destroy and Windows Defender, please choose one and uninstall the other to prevent conflict and slowing down of your computer. One is good, but more does not mean it is better.
--------------------
Check router / modem
- Open Notepad. Copy and paste the following text into it:
Code:@echo off >router.txt ( ipconfig /all nslookup google.com nslookup yahoo.com ping -n 2 google.com ping -n 2 yahoo.com route print ) start router.txt del %0- Save it as router.bat on the desktop. Make sure the Save as type: is All Files (*.*).
- Double click on router.bat to run it. Allow if prompted by any security software.
- Post the contents of router.txt. It is found on your desktop.
--------------------
Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
- Alternatively, you may get the zip version and extract the file to the desktop.
- Double click on TDSSKiller.exe to execute it.
- Press Start scan to begin.
- If anything is found, please change all the actions to Skip only.
- Then click on Continue at the lower right corner.
- You may be prompted to reboot your computer, please consent.
- Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
- Please post the contents of this log.
--------------------
Please post back:
1. the answers to my questions
2. contents of router.txt
3. TDSSKiller log
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.
Your donation helps in improving Spybot-S&D!
Hi and good morning-
First, i installed the Avast AFTER I did the rootkit unhooker. I go in the order your instructions are posted
I am not using a router, i am connected directly to a modem.
And I uninstalled the windows defender.
Here is the log from the router.bat:
Windows IP Configuration
Host Name . . . . . . . . . . . . : debbysdiplomat
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Unknown
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : twcny.rr.com
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : twcny.rr.com
Description . . . . . . . . . . . : SiS 900-Based PCI Fast Ethernet Adapter
Physical Address. . . . . . . . . : 00-01-6C-B2-AE-88
Dhcp Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IP Address. . . . . . . . . . . . : 67.246.120.153
Subnet Mask . . . . . . . . . . . : 255.255.224.0
Default Gateway . . . . . . . . . : 67.246.96.1
DHCP Server . . . . . . . . . . . : 10.236.64.1
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
Lease Obtained. . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 AM
Lease Expires . . . . . . . . . . : Tuesday, March 22, 2011 1:30:34 PM
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61
Name: google.com
Addresses: 74.125.225.16, 74.125.225.17, 74.125.225.18, 74.125.225.19
74.125.225.20
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61
Name: yahoo.com
Addresses: 67.195.160.76, 69.147.125.65, 72.30.2.43, 98.137.149.56
209.191.122.70
Pinging google.com [74.125.225.18] with 32 bytes of data:
Reply from 74.125.225.18: bytes=32 time=35ms TTL=56
Reply from 74.125.225.18: bytes=32 time=38ms TTL=56
Ping statistics for 74.125.225.18:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 35ms, Maximum = 38ms, Average = 36ms
Pinging yahoo.com [72.30.2.43] with 32 bytes of data:
Reply from 72.30.2.43: bytes=32 time=75ms TTL=55
Reply from 72.30.2.43: bytes=32 time=75ms TTL=55
Ping statistics for 72.30.2.43:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 75ms, Maximum = 75ms, Average = 75ms
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 01 6c b2 ae 88 ...... SiS 900-Based PCI Fast Ethernet Adapter - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 67.246.96.1 67.246.120.153 20
67.246.96.0 255.255.224.0 67.246.120.153 67.246.120.153 20
67.246.120.153 255.255.255.255 127.0.0.1 127.0.0.1 20
67.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
224.0.0.0 240.0.0.0 67.246.120.153 67.246.120.153 20
255.255.255.255 255.255.255.255 67.246.120.153 67.246.120.153 1
Default Gateway: 67.246.96.1
===========================================================================
Persistent Routes:
None
And here is the log of the TDSSKiller. I did not have to "skip" anything, nor did it ask me to reboot.
2011/03/22 06:27:36.0288 1716 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0429 1716 SystemInfo:
2011/03/22 06:27:36.0429 1716
2011/03/22 06:27:36.0429 1716 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/22 06:27:36.0429 1716 Product type: Workstation
2011/03/22 06:27:36.0429 1716 ComputerName: DEBBYSDIPLOMAT
2011/03/22 06:27:36.0429 1716 UserName: Debby
2011/03/22 06:27:36.0429 1716 Windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 System windows directory: C:\WINDOWS
2011/03/22 06:27:36.0429 1716 Processor architecture: Intel x86
2011/03/22 06:27:36.0429 1716 Number of processors: 1
2011/03/22 06:27:36.0429 1716 Page size: 0x1000
2011/03/22 06:27:36.0429 1716 Boot type: Normal boot
2011/03/22 06:27:36.0429 1716 ================================================================================
2011/03/22 06:27:36.0882 1716 Initialize success
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:57.0866 3660 Scan started
2011/03/22 06:27:57.0866 3660 Mode: Manual;
2011/03/22 06:27:57.0866 3660 ================================================================================
2011/03/22 06:27:58.0523 3660 Aavmker4 (83631291adf2887cffc786d034d3fa15) C:\WINDOWS\system32\drivers\Aavmker4.sys
2011/03/22 06:27:58.0788 3660 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/22 06:27:58.0929 3660 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/03/22 06:27:59.0116 3660 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/22 06:27:59.0241 3660 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/22 06:27:59.0570 3660 ALCXSENS (ba88534a3ceb6161e7432438b9ea4f54) C:\WINDOWS\system32\drivers\ALCXSENS.SYS
2011/03/22 06:27:59.0741 3660 ALCXWDM (9a6a99f0d75b457e3a2267776ebe9f47) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
2011/03/22 06:27:59.0991 3660 AmdK7 (8fce268cdbdd83b23419d1f35f42c7b1) C:\WINDOWS\system32\DRIVERS\amdk7.sys
2011/03/22 06:28:00.0382 3660 Aspi32 (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\system32\drivers\aspi32.sys
2011/03/22 06:28:00.0507 3660 aswFsBlk (1c2e6bb4fe8621b1b863855b02bc33eb) C:\WINDOWS\system32\drivers\aswFsBlk.sys
2011/03/22 06:28:00.0648 3660 aswMon2 (452d0ecd14fa02f9b061f42c8a30dd49) C:\WINDOWS\system32\drivers\aswMon2.sys
2011/03/22 06:28:00.0804 3660 aswRdr (b6a9373619d851be80fb5f1b5eed0d4e) C:\WINDOWS\system32\drivers\aswRdr.sys
2011/03/22 06:28:00.0945 3660 aswSnx (9be41c1ae8bc481eb662d85c98d979c2) C:\WINDOWS\system32\drivers\aswSnx.sys
2011/03/22 06:28:01.0163 3660 aswSP (4b1a54ba2bc5873a774df6b70ab8b0b3) C:\WINDOWS\system32\drivers\aswSP.sys
2011/03/22 06:28:01.0320 3660 aswTdi (c7f1cea32766184911293f4e1ee653f5) C:\WINDOWS\system32\drivers\aswTdi.sys
2011/03/22 06:28:01.0554 3660 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/22 06:28:01.0648 3660 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/22 06:28:01.0835 3660 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/22 06:28:01.0945 3660 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/22 06:28:02.0070 3660 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/22 06:28:02.0163 3660 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/22 06:28:02.0335 3660 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/22 06:28:02.0429 3660 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/22 06:28:02.0570 3660 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/22 06:28:03.0054 3660 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/22 06:28:03.0179 3660 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/22 06:28:03.0304 3660 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/22 06:28:03.0429 3660 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/22 06:28:03.0538 3660 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/22 06:28:03.0710 3660 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/22 06:28:03.0851 3660 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/22 06:28:03.0991 3660 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/03/22 06:28:04.0132 3660 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/22 06:28:04.0226 3660 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/03/22 06:28:04.0335 3660 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/03/22 06:28:04.0445 3660 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/22 06:28:04.0507 3660 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/22 06:28:04.0601 3660 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/22 06:28:04.0788 3660 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/22 06:28:04.0960 3660 HPZid412 (9f1d80908658eb7f1bf70809e0b51470) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/22 06:28:05.0070 3660 HPZipr12 (f7e3e9d50f9cd3de28085a8fdaa0a1c3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/22 06:28:05.0195 3660 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/22 06:28:05.0335 3660 HSFHWBS2 (c27c1231a205086d35088e13817985b0) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys
2011/03/22 06:28:05.0538 3660 HSF_DP (73d70d6b8516075fb4de65726f74a121) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys
2011/03/22 06:28:05.0757 3660 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/22 06:28:06.0038 3660 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/22 06:28:06.0163 3660 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/22 06:28:06.0460 3660 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/03/22 06:28:06.0570 3660 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/22 06:28:06.0679 3660 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/22 06:28:06.0773 3660 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/22 06:28:06.0866 3660 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/22 06:28:06.0976 3660 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/22 06:28:07.0101 3660 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/22 06:28:07.0226 3660 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/22 06:28:07.0335 3660 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/03/22 06:28:07.0476 3660 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/22 06:28:07.0601 3660 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/22 06:28:07.0851 3660 mdmxsdk (3c318b9cd391371bed62126581ee9961) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/22 06:28:07.0960 3660 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/22 06:28:08.0070 3660 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/22 06:28:08.0179 3660 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2011/03/22 06:28:08.0288 3660 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/22 06:28:08.0382 3660 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/22 06:28:08.0538 3660 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/22 06:28:08.0663 3660 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/22 06:28:08.0851 3660 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/22 06:28:08.0960 3660 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/22 06:28:09.0070 3660 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/22 06:28:09.0179 3660 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/22 06:28:09.0304 3660 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/22 06:28:09.0413 3660 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/22 06:28:09.0538 3660 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/22 06:28:09.0679 3660 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/22 06:28:09.0788 3660 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/22 06:28:09.0882 3660 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/22 06:28:09.0991 3660 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/22 06:28:10.0101 3660 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/22 06:28:10.0195 3660 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/22 06:28:10.0398 3660 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/22 06:28:10.0554 3660 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/22 06:28:10.0741 3660 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/22 06:28:10.0851 3660 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/22 06:28:10.0976 3660 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/22 06:28:11.0148 3660 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/03/22 06:28:11.0273 3660 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/22 06:28:11.0382 3660 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/22 06:28:11.0491 3660 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/22 06:28:11.0679 3660 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/03/22 06:28:11.0788 3660 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/22 06:28:11.0898 3660 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
2011/03/22 06:28:12.0445 3660 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/22 06:28:12.0585 3660 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/22 06:28:12.0804 3660 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/22 06:28:13.0195 3660 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/22 06:28:13.0304 3660 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/22 06:28:13.0460 3660 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/22 06:28:13.0616 3660 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/22 06:28:13.0757 3660 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/22 06:28:13.0898 3660 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/22 06:28:14.0023 3660 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/22 06:28:14.0179 3660 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/22 06:28:14.0413 3660 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/22 06:28:14.0554 3660 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/03/22 06:28:14.0663 3660 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/03/22 06:28:14.0804 3660 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/22 06:28:15.0007 3660 SiS315 (5229a7f27cbe7645a17e7744770dda6b) C:\WINDOWS\system32\DRIVERS\sisgrp.sys
2011/03/22 06:28:15.0163 3660 SISAGP (61ca562def09a782d26b3e7edec5369a) C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
2011/03/22 06:28:15.0288 3660 SiSide (b4485881bd8aed9b157a2e6cf43c2d51) C:\WINDOWS\system32\DRIVERS\siside.sys
2011/03/22 06:28:15.0413 3660 sisidex (6225224b8e846ac230f8d9b343635910) C:\WINDOWS\system32\drivers\sisidex.sys
2011/03/22 06:28:15.0538 3660 SiSkp (a93b5b3710f4b94f1190f71edf6a8296) C:\WINDOWS\system32\DRIVERS\srvkp.sys
2011/03/22 06:28:15.0679 3660 SISNIC (8204c49cde112f7b9c2f15707fe2cc5a) C:\WINDOWS\system32\DRIVERS\sisnic.sys
2011/03/22 06:28:15.0788 3660 sisperf (596d4a7052002d2bd344d8937da6f66d) C:\WINDOWS\system32\drivers\sisperf.sys
2011/03/22 06:28:15.0976 3660 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/22 06:28:16.0179 3660 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/22 06:28:16.0366 3660 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/22 06:28:16.0585 3660 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/22 06:28:16.0710 3660 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/22 06:28:17.0038 3660 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/22 06:28:17.0195 3660 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/22 06:28:17.0335 3660 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/22 06:28:17.0429 3660 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/22 06:28:17.0554 3660 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/22 06:28:17.0741 3660 uagp35 (d85938f272d1bcf3db3a31fc0a048928) C:\WINDOWS\system32\DRIVERS\uagp35.sys
2011/03/22 06:28:17.0851 3660 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/22 06:28:18.0070 3660 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/22 06:28:18.0273 3660 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/22 06:28:18.0382 3660 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/22 06:28:18.0491 3660 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/22 06:28:18.0632 3660 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/03/22 06:28:18.0757 3660 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/22 06:28:18.0851 3660 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/22 06:28:18.0945 3660 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/22 06:28:19.0054 3660 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/22 06:28:19.0226 3660 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/22 06:28:19.0366 3660 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/22 06:28:19.0538 3660 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/22 06:28:19.0695 3660 winachsf (9c26534a3d2aa00352ffcd23bfef1399) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/22 06:28:19.0991 3660 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\DRIVERS\wpdusb.sys
2011/03/22 06:28:20.0195 3660 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/22 06:28:20.0320 3660 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:20.0601 3660 Scan finished
2011/03/22 06:28:20.0601 3660 ================================================================================
2011/03/22 06:28:53.0273 3424 Deinitialize success
Thank you!!
Debby
Hello glass ninja
Please download OTL© by OldTimer from one of the links below and save it to your desktop.
Link 1
Link 2
Scan with OTL
- Double click on OTL.exe to run it.
- Make sure all the Use SafeList options is checked (ticked). There are six of them.
- Check Scan All Users.
- At the lower right corner, check LOP Check and Purity Check.
- Click on Run Scan at the top left hand corner. This might take a while.
- When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. One log per reply please.
Note: These files are saved as OTL.txt and Extras.txt on the desktop.
--------------------
Please post back:
1. the OTL logs (OTL.txt and Extras.txt)
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.
Your donation helps in improving Spybot-S&D!
Hello-
Here are the logs you requested.
Thanks!!
Debby
OTL logfile created on: 3/22/2011 12:58:49 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS
Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
PRC - [2011/03/03 10:46:54 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/02/23 10:04:20 | 003,451,496 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusService.exe
PRC - [2010/08/04 16:21:31 | 004,754,744 | ---- | M] (Yahoo! Inc.) -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\BrowserPlusCore.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/05/12 17:23:42 | 000,335,872 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) -- C:\Program Files\UPHClean\uphclean.exe
PRC - [2004/02/26 16:53:30 | 000,065,024 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
========== Modules (SafeList) ==========
MOD - [2011/03/22 12:57:21 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Debby\My Documents\Downloads\OTL.exe
MOD - [2011/02/23 10:04:17 | 000,197,208 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- -- (NMIndexingService)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/02/23 10:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2004/09/29 13:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/03/05 01:45:34 | 000,192,573 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\UPHClean\uphclean.exe -- (UPHClean)
========== Driver Services (SafeList) ==========
DRV - [2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/09/22 07:04:00 | 000,019,072 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2008/09/22 06:42:32 | 000,323,584 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2005/11/21 01:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2004/11/02 16:31:02 | 000,219,520 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/11/02 16:30:02 | 000,702,592 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/11/02 16:29:28 | 001,036,544 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/03/19 20:02:08 | 000,613,244 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/02/24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/07/18 09:58:20 | 000,036,992 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/03/25 17:50:46 | 000,004,096 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\siside.sys -- (SiSide)
DRV - [2002/10/17 15:14:46 | 000,049,024 | R--- | M] (Windows (R) 2000 DDK provider) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\sisidex.sys -- (sisidex)
DRV - [2002/08/20 17:19:08 | 000,009,472 | R--- | M] (Silicon Integrated Systems Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sisperf.sys -- (sisperf)
DRV - [2002/07/10 23:39:34 | 000,032,256 | R--- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-1547161642-113007714-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.4
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: wrc@avast.com:20110101
FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\Documents and Settings\All Users\Application Data\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2008/11/13 05:07:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/21 14:07:11 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/03 10:47:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/03 10:47:00 | 000,000,000 | ---D | M]
[2008/11/16 15:59:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Extensions
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions
[2010/09/20 11:42:54 | 000,000,000 | ---D | M] (Image Zoom) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/01/07 09:10:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/20 11:42:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Debby\Application Data\Mozilla\Firefox\Profiles\hv7ie5sc.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/03/22 07:11:41 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/03/21 14:07:11 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2009/01/24 14:42:02 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2008/11/13 04:18:52 | 000,288,002 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 mpa.one.microsoft.com
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.123haustiereundmehr.com
O1 - Hosts: 9925 more lines...
O2 - BHO: (StumbleUpon Launcher) - {145B29F4-A56B-4b90-BBAC-45784EBEBBB7} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (StumbleUpon Toolbar) - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll (stumbleupon.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - Startup: C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - Reg Error: Key error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite....x/qtplugin.cab (QuickTime Plugin Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/micr...?1226554902171 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/27 08:40:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\AutoRun\command - "" = nemoj\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\explore\command - "" = nemoj\\\meni.exe
O33 - MountPoints2\{6b353cb8-1d6c-11df-91d2-00016cb2ae88}\Shell\open\command - "" = nemoj\\\meni.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/03/21 14:08:05 | 000,301,528 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/03/21 14:08:05 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/03/21 14:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/03/21 14:08:00 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/03/21 14:08:00 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/03/21 14:07:59 | 000,371,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/03/21 14:07:58 | 000,102,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/03/21 14:07:58 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/03/21 14:07:58 | 000,030,680 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/03/21 14:07:09 | 000,040,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/03/21 14:07:08 | 000,190,016 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/03/21 14:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/03/20 18:52:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Temp
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2011/03/19 13:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2011/03/15 17:47:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\My Documents\fark
[2011/02/22 14:16:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Start Menu\Programs\BrowserPlus
[2011/02/22 14:16:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Debby\Local Settings\Application Data\Yahoo!
[2008/11/12 14:53:00 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Debby\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/03/22 12:43:13 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/03/21 14:08:06 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 14:07:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/03/21 13:30:51 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 13:30:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 08:11:54 | 000,305,992 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:35 | 002,359,350 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | M] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:47 | 000,000,145 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/03/13 16:13:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 06:57:09 | 000,465,072 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 06:57:08 | 000,078,958 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/04 11:01:06 | 000,016,233 | ---- | M] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2011/02/25 08:46:51 | 000,000,148 | ---- | M] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2011/02/23 10:04:21 | 000,040,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/02/23 10:04:17 | 000,190,016 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/02/23 09:56:55 | 000,371,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/02/23 09:56:45 | 000,301,528 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/02/23 09:55:49 | 000,049,240 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/02/23 09:55:47 | 000,102,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/02/23 09:55:44 | 000,096,344 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/02/23 09:55:10 | 000,025,432 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/02/23 09:54:57 | 000,030,680 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/02/23 09:54:55 | 000,019,544 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/03/21 14:08:06 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2011/03/21 08:11:54 | 000,305,992 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.JPG
[2011/03/21 08:02:33 | 002,359,350 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\addremove.bmp
[2011/03/20 13:27:02 | 000,003,348 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach2.zip
[2011/03/19 13:43:01 | 000,003,359 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\Attach.zip
[2011/03/19 13:27:32 | 000,000,767 | ---- | C] () -- C:\Documents and Settings\Debby\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2011/03/19 13:27:25 | 000,000,592 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\ERUNT.lnk
[2011/03/19 12:54:46 | 000,000,145 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/04 11:01:00 | 000,016,233 | ---- | C] () -- C:\Documents and Settings\Debby\Desktop\reseller.jpg
[2010/09/06 17:52:06 | 000,000,120 | ---- | C] () -- C:\WINDOWS\System32\winsusrx.dll
[2010/09/06 17:52:04 | 000,000,264 | ---- | C] () -- C:\WINDOWS\System32\winsusrm.dll
[2010/09/06 17:50:54 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\Tracer.dll
[2010/09/06 17:50:54 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\SheriffNet.dll
[2009/12/07 01:15:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/21 11:32:45 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/02/13 12:24:52 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\wklnhst.dat
[2008/12/28 22:01:19 | 000,113,167 | ---- | C] () -- C:\WINDOWS\hpoins07.dat
[2008/12/28 22:01:18 | 000,021,124 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2008/11/30 09:06:43 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2008/11/24 08:07:40 | 000,000,024 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2008/11/16 16:06:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/11/16 15:59:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/11/12 14:57:22 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/11/12 14:53:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\inst.exe
[2008/11/12 14:53:00 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.cat
[2008/11/12 14:53:00 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Debby\Application Data\pcouffin.inf
[2008/10/27 09:18:47 | 000,096,256 | ---- | C] () -- C:\Documents and Settings\Debby\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 09:07:29 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2008/10/27 09:07:27 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2008/10/27 09:02:02 | 000,032,768 | ---- | C] () -- C:\WINDOWS\SIS_LIB.DLL
[2008/10/27 09:01:36 | 000,108,021 | R--- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/10/27 09:01:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis760.bin
[2008/10/27 09:01:28 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\sis741.bin
[2008/10/27 09:01:28 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis660.bin
[2008/10/27 09:01:02 | 000,102,683 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/10/27 08:53:30 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/10/27 08:43:44 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/27 08:37:17 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/27 03:17:09 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/27 03:15:49 | 000,298,048 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/05/26 22:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 22:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2007/09/27 11:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 11:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 11:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/02/28 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,465,072 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,078,958 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\b.dll
[2006/02/28 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2001/07/06 16:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini
========== LOP Check ==========
[2008/11/23 15:37:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2731C
[2011/03/21 14:06:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2009/04/04 22:39:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/04/07 20:41:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2008/11/23 23:46:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2008/12/26 08:38:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/06 20:39:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\FrostWire
[2011/02/08 13:19:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Image Zone Express
[2008/11/12 15:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\InterVideo
[2008/12/26 09:26:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\iWin
[2008/12/18 09:01:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Leadertech
[2009/10/10 00:09:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\LimeWire
[2010/12/12 05:31:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\StumbleUpon
[2009/02/13 12:24:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Template
[2010/12/21 11:47:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Vso
[2008/11/13 02:02:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Desktop Search
[2009/04/08 09:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Debby\Application Data\Windows Search
[2009/06/17 10:22:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Leadertech
[2008/12/28 13:22:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\josephus\Application Data\Windows Desktop Search
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F59BA980
< End of report >
and the extras:
OTL Extras logfile created on: 3/22/2011 12:58:50 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Debby\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
479.00 Mb Total Physical Memory | 114.00 Mb Available Physical Memory | 24.00% Memory free
1.00 Gb Paging File | 0.00 Gb Available in Paging File | 44.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 93.16 Gb Total Space | 69.25 Gb Free Space | 74.34% Space Free | Partition Type: NTFS
Computer Name: DEBBYSDIPLOMAT | User Name: Debby | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\InterVideo\DVD7\WinDVD.exe" = C:\Program Files\InterVideo\DVD7\WinDVD.exe:*:Enabled:WinDVD
"C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe" = C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware
"C:\Program Files\CCleaner\CCleaner.exe" = C:\Program Files\CCleaner\CCleaner.exe:*:Enabled:CCleaner -- (Piriform Ltd)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe" = C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird
"C:\Program Files\Outlook Express\msimn.exe" = C:\Program Files\Outlook Express\msimn.exe:*:Enabled:Outlook Express -- (Microsoft Corporation)
"C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe" = C:\Program Files\Lavasoft\Ad-Aware\lsupdatemanager.exe:*:Enabled:Software update
"C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" = C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe:*:Enabled:Spybot - Search & Destroy -- (Safer Networking Limited)
"C:\Program Files\SpywareBlaster\spywareblaster.exe" = C:\Program Files\SpywareBlaster\spywareblaster.exe:*:Enabled:SpywareBlaster
"C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe" = C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe:*:Enabled:Start Avira AntiVir Personal
"C:\Program Files\Windows Defender\MSASCui.exe" = C:\Program Files\Windows Defender\MSASCui.exe:*:Enabled:Windows Defender
"C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe:*:Enabled:Update Spybot-S&D -- (Safer Networking Limited)
"C:\Program Files\TCPOptimizer\TCPOptimizer.exe" = C:\Program Files\TCPOptimizer\TCPOptimizer.exe:*:Enabled:TCPOptimizer -- (Speed Guide Inc.)
"C:\Program Files\CodeStuff\Starter\Starter.exe" = C:\Program Files\CodeStuff\Starter\Starter.exe:*:Enabled:Starter
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe" = C:\Documents and Settings\Debby\Application Data\Macromedia\Flash Player\http://www.macromedia.com\bin\octosh...bled:Octoshape add-in for Adobe Flash Player
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Disabled:Microsoft Management Console -- (Microsoft Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2466E904-7E48-4597-9321-722CF02930EB}" = 5600
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{54E3707F-808E-4fd4-95C9-15D1AB077E5D}" = NewCopy
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}" = HP PSC & OfficeJet 5.3.B
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6BB6627C-694F-4FDC-A3E5-C7F4BED4C724}" = DocProc
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{7850A6D2-CBEA-4728-9877-F1BEDEA9F619}" = AiOSoftware
"{7C9B95B7-B598-4398-B30F-7F6827192E6C}" = ProductContext
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{923A7F5A-1E8C-4FBE-8DF6-85940A60A79F}" = Readme
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{A195B13E-A5E3-4BAF-A995-7F70F445CD06}" = ScannerCopy
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BF755CD9-E185-498A-AAFB-E9F8470AB1CC}" = User Profile Hive Cleanup Service
"{BFD5AC8A-5884-4da8-9873-3DF8E3DCCE18}" = 5600Trb
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC7984C5-020D-4944-85A0-58D09D4A8BFB}" = 5600_Help
"{CE24344F-DFD8-40C8-8FD8-C9740B5F25AC}" = Fax
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"{F87A8E11-02A4-4875-A3A5-5961081B0E4E}" = OpenOffice.org 2.4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FE64AE29-0883-4C70-8388-DC026019C900}" = HP Image Zone Express
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Illustrator 9.0" = Adobe Illustrator 9.0
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"avast" = avast! Free Antivirus
"AviSynth" = AviSynth 2.5
"Bejeweled Twist 1.0" = Bejeweled Twist 1.0
"CCleaner" = CCleaner (remove only)
"CNXT_MODEM_PCI_VEN_14F1&DEV_2702&SUBSYS_200314F1" = Creative Modem Blaster PCI Value DI5652-1
"Doc Scrubber_is1" = Doc Scrubber v1.1
"EasyRecovery" = EasyRecovery Professional Edition
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Free YouTube to Mp3 Converter_is1" = Free YouTube to Mp3 Converter version 3.1
"Glass Eye 2000" = Glass Eye 2000
"Google Updater" = Google Updater
"GoogleVideoPlayer" = Google Video Player
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"Jewel Quest III 1.00" = Jewel Quest III 1.00
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.17)" = Mozilla Firefox (3.5.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetAlyzer_is1" = NetAlyzer 0.3
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SpywareBlaster_is1" = SpywareBlaster 4.1
"StumbleUponIEToolbar" = StumbleUpon IE Toolbar
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-1547161642-113007714-682003330-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.8
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 2/17/2011 4:48:58 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.
Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)
Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)
Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)
Error - 2/17/2011 4:52:35 PM | Computer Name = DEBBYSDIPLOMAT | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application
Details:
The
content index cannot be read. (0xc0041800)
Error - 2/17/2011 7:28:01 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.
Error - 2/18/2011 5:13:10 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
msvcr80.dll, version 8.0.50727.3053, fault address 0x00008aa0.
Error - 2/20/2011 9:37:59 AM | Computer Name = DEBBYSDIPLOMAT | Source = Application Error | ID = 1000
Description = Faulting application jewelquest3.rwg, version 1.0.6.0, faulting module
sdl.dll, version 1.2.7.0, fault address 0x0002638e.
Error - 2/28/2011 1:51:09 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application Photoshp.exe, version 6.0.128.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 3/1/2011 5:41:23 PM | Computer Name = DEBBYSDIPLOMAT | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.1.3986, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
[ OSession Events ]
Error - 9/12/2009 5:59:00 AM | Computer Name = DEBBYSDIPLOMAT | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6215.1000. This session lasted 32902
seconds with 480 seconds of active time. This session ended with a crash.
[ System Events ]
Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:06 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
Error - 3/22/2011 6:21:07 AM | Computer Name = DEBBYSDIPLOMAT | Source = Service Control Manager | ID = 7023
Description = The Application Management service terminated with the following error:
%%126
< End of report >
Hello glass ninja
I need you to explain a bit more about the symptoms. Are they happening for both Internet Explorer and Firefox? What sites do you get redirect to? Please provide example in this manner: badsite[dot]com. When did it start?
--------------------
Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
- Click here to go to ESET Online Scanner page.
- Click on Run ESET Online Scanner. A new window will open.
For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.- After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
- You will be prompted to install an ActiveX Control from ESET. Please install.
- At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
- Then, check Scan archives.
- Now, click on Advanced settings and make sure all these are checked:
- Scan for potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Click on Scan to proceed.
- When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
- Post the contents in your reply.
If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.
--------------------
Please post back:
1. the answers to my questions
2. the ESET online scan result
Jack&Jill
MRU Teacher of Malware Removal University.
Member of ASAP and UNITE.
Your donation helps in improving Spybot-S&D!
Good morning-
to answer your questions: the redirecting started about 6 days ago. I was looking to buy a certain product wholesale, so i did a google search. I believe one of the sites I clicked was "bad" and infected me. It was right after that I started getting redirected - mostly to other shopping sites. When it first started, it was happening both in IE and firefox. And it was still happening in BOTH yesterday. But today when I tried to get you an example in firefox, the redirecting seemed to have stopped in firefox. But it IS still happening in IE. Here is an example:
I did a google search through the toolbar for "malware removal". The first result I got was:
search.us.b00kmarks[dot]com/search.php?keyword=malware+removal
I did the same search, clicked on the same link, and got:
stopzilla[dot]com/products/stopzilla/antivirus.do?aid=10273&cid=malware3152-FA342BBD_malware+removal
After I click on the link, and am waiting to get "redirected", there are several things that flash through the address bar. I tried to write one of them down, but they go too fast for me to get.
and here is the log from the ESET sscan:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=6fbc1179dacc21448a0b8bd0f787a43a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-23 04:32:54
# local_time=2011-03-23 12:32:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=52873
# found=5
# cleaned=0
# scan_time=7876
C:\Documents and Settings\Debby\Application Data\Sun\Java\Deployment\cache\6.0\48\24c80fb0-301a3bd8 Java/TrojanDownloader.OpenStream.NBL trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\explorer.exe a variant of Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\b.dll Win32/Bamital.FA trojan (unable to clean) 00000000000000000000000000000000 I
C:\WINDOWS\system32\winlogon.exe Win32/Bamital.FH trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Bamital.FH trojan 00000000000000000000000000000000 I
Thanks!!
Debby
Last edited by Jack&Jill; 2011-03-23 at 18:06. Reason: Remove live links
Posting Permissions
