Google Redirects and unauthorized attempts to connect to Sites, Vista

Solved
By Demianwulf
Oct 29, 2010
Topic Status:
Not open for further replies.
  1. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    On more of a positive note...I'm getting no more redirects while searching with google.
  2. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Good news :)

    Never do anything else, but what I ask you to do.
    The above file is Combofix file.

    Please, re-run OTL "Quick scan" and post the log.
  3. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    OTL logfile created on: 11/3/2010 12:41:26 PM - Run 4
    OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\WulfTop\Desktop
    Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18943)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 111.79 Gb Total Space | 16.17 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

    Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    PRC - [2010/11/03 08:25:22 | 002,245,576 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
    PRC - [2010/10/29 10:53:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
    PRC - [2010/10/29 10:53:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
    PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
    PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
    PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
    PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    PRC - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
    PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
    PRC - [2008/01/18 23:33:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
    PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
    PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
    MOD - [2010/02/07 22:56:03 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
    MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
    MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
    MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
    SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
    SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
    SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
    SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
    SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
    SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
    SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
    SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
    SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
    SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
    SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
    DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
    DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
    DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
    DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
    DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
    DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
    DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
    DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
    DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
    DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
    DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
    DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
    DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
    DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
    DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
    DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
    DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
    DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
    DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
    DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
    DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
    DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
    DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
    DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
    DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
    DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
    DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
    DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
    DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
    DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
    DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
    DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
    DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
    DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
    DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
    DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
    DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
    DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
    DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
    DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
    DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
    DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
    DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
    DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
    DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
    DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
    DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
    DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
    DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
    DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
    DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 46 3E 08 EC 71 CA 01 [binary data]
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: false
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: hidecaptionplus-dp@dummy.addons.mozilla.org:2.0.2
    FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
    FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
    FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
    FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
    FF - prefs.js..extensions.enabledItems: {ee56ecf0-6e7a-479a-8162-e123a991c7e7}:0.4.6
    FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
    FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3
    FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
    FF - prefs.js..extensions.enabledItems: tabsontop-darthpalpatine@dummy.addons.mozilla.org:1.4.4
    FF - prefs.js..extensions.enabledItems: fatcash@fatwallet.com:1.24.157
    FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
    FF - prefs.js..network.proxy.type: 4

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 00:55:39 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 22:28:42 | 000,000,000 | ---D | M]

    [2008/06/19 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Extensions
    [2010/11/02 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions
    [2009/09/28 20:43:20 | 000,000,000 | ---D | M] (Hide Caption) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{002349F5-59AB-4fdc-8329-BF4248243C95}
    [2010/10/29 10:55:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
    [2010/10/25 23:26:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
    [2010/05/05 12:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/06/07 23:07:08 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
    [2010/08/28 16:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
    [2010/08/28 16:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
    [2010/10/24 10:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
    [2010/04/09 19:56:00 | 000,000,000 | ---D | M] (autoHideStatusbar) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{ee56ecf0-6e7a-479a-8162-e123a991c7e7}
    [2009/01/14 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\betteryoutube@ginatrapani.org
    [2010/04/09 19:49:36 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\CompactMenuCE@Merci.chao
    [2010/11/02 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\fatcash@fatwallet.com
    [2010/10/04 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com
    [2010/08/31 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxyproxy@eric.h.jung
    [2010/10/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
    [2009/11/05 16:34:48 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\nosquint@urandom.ca
    [2010/06/13 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
    [2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\searchplugins\askcom.xml
    [2010/11/02 21:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/11/01 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    [2010/11/01 22:28:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
    [2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    [2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

    O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
    O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
    O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
    O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
    O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
    O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
    O24 - Desktop BackupWallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
    O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
    O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/03 12:40:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    [2010/11/03 08:39:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
    [2010/11/03 08:39:18 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
    [2010/11/03 08:39:17 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
    [2010/11/03 08:39:17 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
    [2010/11/03 08:39:15 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
    [2010/11/03 08:38:48 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/11/03 08:38:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
    [2010/11/03 08:25:34 | 002,085,832 | ---- | C] (COMODO) -- C:\Users\WulfTop\Desktop\cispremium_installer.exe
    [2010/11/03 08:13:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2010/11/03 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\temp
    [2010/11/03 08:11:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2010/11/03 07:51:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2010/11/02 23:30:22 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\WulfTop\Desktop\TDSSKiller.exe
    [2010/11/01 22:42:03 | 000,000,000 | ---D | C] -- C:\_OTL
    [2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
    [2010/10/23 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\eMule
    [2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
    [2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
    [2010/10/20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\Microsoft Game Studios
    [2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
    [2010/10/20 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\Microsoft Game Studios
    [2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
    [2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
    [2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
    [2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
    [2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
    [2010/10/12 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
    [2010/10/12 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Documents\DriverGenius
    [2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
    [2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
    [2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
    [2010/10/08 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\InstallShield
    [2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
    [2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
    [2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
    [2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
    [2010/10/08 00:20:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
    [2010/10/07 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\BACKUP STUFF
    [2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
    [2010/10/07 17:56:47 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
    [2010/10/07 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\ROOT STUFF
    [2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
    [2008/06/20 15:12:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WulfTop\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2010/11/03 12:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    [2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
    [2010/11/03 08:39:18 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/03 08:39:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
    [2010/11/03 08:38:59 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2010/11/03 08:38:59 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2010/11/03 08:32:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
    [2010/11/03 08:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/03 08:31:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
    [2010/11/03 08:25:33 | 002,085,832 | ---- | M] (COMODO) -- C:\Users\WulfTop\Desktop\cispremium_installer.exe
    [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp06
    [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp04
    [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp03
    [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp02
    [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\svctdss
    [2010/11/03 07:44:12 | 000,000,178 | ---- | M] () -- C:\Windows\System32\WareOut00
    [2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Zlob01
    [2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\WareOut01
    [2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\katchNT-OS
    [2010/11/03 00:13:08 | 311,265,581 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/02 23:52:31 | 003,899,533 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
    [2010/11/02 23:25:21 | 000,133,632 | ---- | M] () -- C:\Users\WulfTop\Desktop\RKUnhookerLE.EXE
    [2010/11/02 18:01:48 | 000,000,973 | ---- | M] () -- C:\Users\WulfTop\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/11/02 18:01:33 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
    [2010/11/02 02:08:46 | 000,086,528 | ---- | M] () -- C:\Windows\MBR.exe
    [2010/11/01 18:18:36 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2010/10/29 11:19:21 | 000,585,997 | ---- | M] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
    [2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\WulfTop\Desktop\TDSSKiller.exe
    [2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
    [2010/10/25 23:17:45 | 000,050,860 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    [2010/10/13 20:25:05 | 000,162,304 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/11 00:19:09 | 000,001,356 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
    [2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/10/08 09:47:50 | 000,035,342 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
    [2010/10/04 17:50:27 | 000,072,329 | ---- | M] () -- C:\Users\WulfTop\Documents\sq.wma

    ========== Files Created - No Company Name ==========

    [2010/11/03 08:39:18 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp06
    [2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp04
    [2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp03
    [2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp02
    [2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\svctdss
    [2010/11/03 07:44:12 | 000,000,178 | ---- | C] () -- C:\Windows\System32\WareOut00
    [2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Zlob01
    [2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WareOut01
    [2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\katchNT-OS
    [2010/11/02 23:52:26 | 003,899,533 | R--- | C] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
    [2010/11/02 23:25:21 | 000,133,632 | ---- | C] () -- C:\Users\WulfTop\Desktop\RKUnhookerLE.EXE
    [2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2010/10/30 01:22:40 | 000,086,528 | ---- | C] () -- C:\Windows\MBR.exe
    [2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2010/10/29 11:19:20 | 000,585,997 | ---- | C] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
    [2010/10/26 15:37:57 | 311,265,581 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/10/25 23:17:41 | 000,050,860 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
    [2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
    [2010/10/08 09:47:47 | 000,035,342 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
    [2010/10/04 22:14:20 | 000,000,025 | ---- | C] () -- C:\Users\WulfTop\EPIC accesories.txt
    [2010/10/04 17:50:26 | 000,072,329 | ---- | C] () -- C:\Users\WulfTop\Documents\sq.wma
    [2010/10/04 16:38:53 | 000,000,053 | ---- | C] () -- C:\Users\WulfTop\SPRINT EPIC.txt
    [2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
    [2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
    [2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2010/03/16 15:46:28 | 000,000,036 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\housecall.guid.cache
    [2010/03/16 10:32:08 | 000,301,640 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\farm.bmp
    [2010/03/16 10:19:25 | 000,030,595 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\settings.dat
    [2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
    [2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
    [2009/04/08 08:04:53 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\PUTTY.RND
    [2009/04/07 23:21:00 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\winscp.rnd
    [2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
    [2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
    [2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2008/06/20 21:35:37 | 000,000,540 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\AutoGK.ini
    [2008/06/20 15:15:38 | 000,000,668 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\vso_ts_preview.xml
    [2008/06/20 15:14:07 | 000,000,034 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.log
    [2008/06/20 15:12:38 | 000,007,887 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.cat
    [2008/06/20 15:12:26 | 000,001,144 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.inf
    [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
    [2007/12/27 21:34:36 | 000,162,304 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
    [2007/12/26 21:00:33 | 000,001,356 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
    [2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
    [2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
    [2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
    [2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
    [2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
    [2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
    [2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

    ========== LOP Check ==========

    [2010/01/16 10:11:44 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\abgx360
    [2010/01/18 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\cYo
    [2008/12/27 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\DAEMON Tools
    [2010/08/31 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\FrostWire
    [2010/02/15 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Galactic Magnate
    [2010/10/12 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
    [2007/12/26 23:27:54 | 000,000,000 | -H-D | M] -- C:\Users\WulfTop\AppData\Roaming\ijjigame
    [2009/02/12 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\ImgBurn
    [2010/01/02 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\My ClickOnce Applications
    [2010/06/08 20:59:56 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Opera
    [2008/06/20 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Publish Providers
    [2010/08/29 23:09:35 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SanDisk
    [2008/06/20 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Sony
    [2010/09/27 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SystemRequirementsLab
    [2010/10/30 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\uTorrent
    [2008/06/20 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\VideoReDo-TVSuite
    [2008/06/20 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Vso
    [2010/11/03 08:31:05 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
    [2010/11/03 12:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
    [2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

    ========== Purity Check ==========



    < End of report >
  4. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
      IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp06
      [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp04
      [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp03
      [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp02
      [2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\svctdss
      [2010/11/03 07:44:12 | 000,000,178 | ---- | M] () -- C:\Windows\System32\WareOut00
      [2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Zlob01
      [2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\WareOut01
      [2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\katchNT-OS
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  5. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Here is the OTL scan with the fix:

    All processes killed
    ========== OTL ==========
    HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
    HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Windows\System32\temp06 moved successfully.
    C:\Windows\System32\temp04 moved successfully.
    C:\Windows\System32\temp03 moved successfully.
    C:\Windows\System32\temp02 moved successfully.
    C:\Windows\System32\svctdss moved successfully.
    C:\Windows\System32\WareOut00 moved successfully.
    C:\Windows\System32\Zlob01 moved successfully.
    C:\Windows\System32\WareOut01 moved successfully.
    C:\Windows\System32\katchNT-OS moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: demianwulf
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: WulfTop
    ->Temp folder emptied: 58425443 bytes
    ->Temporary Internet Files folder emptied: 177143 bytes
    ->Java cache emptied: 238626 bytes
    ->FireFox cache emptied: 102577438 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 600896 bytes
    ->Flash cache emptied: 9707 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 77732 bytes
    %systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    %systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 155.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: demianwulf
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: WulfTop
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.2 log created on 11032010_131820

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
  6. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Here is the Security Check log:
    Results of screen317's Security Check version 0.99.5
    Windows Vista Service Pack 2 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Disabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    CCleaner
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.85.3
    Adobe Reader 8.2.5
    Out of date Adobe Reader installed!
    Mozilla Firefox (3.6.12) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Spybot Teatimer.exe is disabled!
    Comodo Firewall cmdagent.exe
    Comodo Firewall cfp.exe
    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  7. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
    It's a much smaller file to download and uses a lot less resources than Adobe Reader.
    Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
    On this page:

    [​IMG]

    make sure, you have both boxes UN-checked AND (important!) click on Decline button
  8. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Finished the online scan lots of stuff, but nothing of which I don't mind deleting.

    C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan
    C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar probably a variant of Win32/Agent.FQURCOM trojan
    C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI.rar a variant of Win32/Keygen.AR application
    C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguage.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip probably a variant of Win32/Agent.FQURCOM trojan
    C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguage.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip probably a variant of Win32/Agent.FQURCOM trojan
    C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_QuickTime_Pro_v7.60.92.zip a variant of Win32/Keygen.AR application
    C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip a variant of Win32/Keygen.AF application
    C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso probably a variant of Win32/Genetik trojan
    C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\di-sppkf.zip a variant of Win32/Keygen.AR application
    C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING-DI\crack\Keygen.exe a variant of Win32/Keygen.AR application
    C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe probably a variant of Win32/TrojanClicker.Agent.NJPIQCF trojan
    C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe Win32/Agent.QTP trojan
    C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip a variant of Win32/Keygen.AS application
    C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe a variant of Win32/Keygen.AS application
    C:\Windows\txagent.exe probably a variant of Win32/TrojanClicker.Agent.NJPIQCF trojan
  9. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    I assume, that by now, you realize where your infections come from?

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js 
      C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar 
      C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI.rar 
      C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip 
      C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip 
      C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_Qui ckTime_Pro_v7.60.92.zip 
      C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip 
      C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso 
      C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\di-sppkf.zip 
      C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\Keygen.exe 
      C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Ke ygen.And.Patch.WORKING-DI\crack\Keygen.exe 
      C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe 
      C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe 
      C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip 
      C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe 
      C:\Windows\txagent.exe
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how is your computer doing.
  10. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js moved successfully.
    C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar moved successfully.
    File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI.rar not found.
    File\Folder C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip not found.
    File\Folder C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip not found.
    File\Folder C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_Qui ckTime_Pro_v7.60.92.zip not found.
    C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip moved successfully.
    C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso moved successfully.
    File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\di-sppkf.zip not found.
    File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\Keygen.exe not found.
    File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Ke ygen.And.Patch.WORKING-DI\crack\Keygen.exe not found.
    C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe moved successfully.
    C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe moved successfully.
    C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip moved successfully.
    C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe moved successfully.
    C:\Windows\txagent.exe moved successfully.

    OTL by OldTimer - Version 3.2.17.2 log created on 11042010_003810
  11. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    Ran the fix twice because the first time a log didn't pop up so I ran it again just to be sure....

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: Administrator
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: demianwulf
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->FireFox cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: WulfTop
    ->Temp folder emptied: 50906 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 58451474 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Opera cache emptied: 0 bytes
    ->Flash cache emptied: 2890 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    RecycleBin emptied: 97360 bytes

    Total Files Cleaned = 56.00 mb


    [EMPTYFLASH]

    User: Administrator
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default

    User: Default User

    User: demianwulf
    ->Flash cache emptied: 0 bytes

    User: Guest
    ->Flash cache emptied: 0 bytes

    User: Public

    User: WulfTop
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.17.2 log created on 11042010_004933

    Files\Folders moved on Reboot...
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  12. Broni

    Broni Malware Annihilator Posts: 46,177   +251

  13. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    I'm running and installing everything else in #2 like you mentioned. Computer is running like its back to normal. I'll definitely keep up to date with scans and updates after this because I wouldn't want to lose data from week to week as I only backup every so often. Thanks for all the help if I don't hear back from you, I really appreciate it.
  14. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Give me a final word, when you're ready :)
  15. Demianwulf

    Demianwulf Newcomer, in training Topic Starter Posts: 74

    I guess I'm done....right? I added WOT to firefox, got foxit reader and got rid of adobe, added Secunia PSI. Everything is looking good, no redirects, no random shutoffs, and I can surf the internet.
  16. Broni

    Broni Malware Annihilator Posts: 46,177   +251

    Excellent!

    Way to go!! [​IMG]
    Good luck and stay safe :)
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.