TechSpot

Hijacked IE browser, etc.

By haybert
Jul 19, 2010
  1. Hello all,

    the last few days I've been experiencing some weird symptoms. The first is that, when conducting a search via Google, directly clicking a link sends me to some random site - I have to open a new tab to get anywhere, and sometimes that doesn't even work. And, while browser the 'net, a new window will sometimes crop up.
    Just a note, I have IE set to prompt me of any and all cookies (I block most by default and re-enable them if needed). I've gotten some IP-attacks as well.
    Also, Windows/Microsoft Update isnt responding at all. I get the "0x80072EFF" eror message, along with "The website has encountered a problem and cannot display the page you are trying to view." Though, this particular message isn't in their FAQ and whatnot.
    I also had an issue where my DNS settings would be changed from automatic to some weird address (never wrote it down); so far, though, they haven't cropped back up.
    I've run a full scan with AVG 9.0, Avast! 5 (both full scan and pre-boot scan) and Antimalwarebytes.

    I've followed the (revised) 8-step guide that's stickied; DDS was fine, but GMER resulted in Windows crashing about 5 minutes into the scan in the 3 times that I used it (twice in safe mode, once with all protection disabled). Here are the logs I have. Any and all help is much appreciated.

    All logs will be in the following post(s).
     
  2. haybert

    haybert TS Rookie Topic Starter Posts: 24

    logs

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4052

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    7/18/2010 9:04:40 PM
    mbam-log-2010-07-18 (21-04-40).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 90172
    Time elapsed: 2 hour(s), 9 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. haybert

    haybert TS Rookie Topic Starter Posts: 24

    logs

    Just as a side issue, I can't past DDS.txt - I'm attaching a zipped version along with Attach.zip. Still can't get GMER to run.
     

    Attached Files:

  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Never zip any logs, because nobody has time to unzip them.
    Please, repost with straight files attached.
     
  5. haybert

    haybert TS Rookie Topic Starter Posts: 24

    Attach.txt

    Sorry, I was just following the instructions.

    Attach.txt is attached; DDS will follow (can't attach the thing for some reason).





    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Haybert at 1:20:49.89 on Mon 07/19/2010
    Internet Explorer: 8.0.6001.18702
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1493 [GMT -4:00]

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\DAEMON Tools Lite\DTLite.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\msiexec.exe
    C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
    C:\Documents and Settings\Haybert\Desktop\dds.scr
     

    Attached Files:

  6. haybert

    haybert TS Rookie Topic Starter Posts: 24

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://yahoo.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [JDK5SWFMZY] c:\windows\temp\Zsd.exe
    dRun: [ieftblti] c:\documents and settings\networkservice\local settings\application data\upjvbhhjr\rtnelsetssd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
     
  7. haybert

    haybert TS Rookie Topic Starter Posts: 24

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://yahoo.com/
    uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q106&bd=pavilion&pf=laptop
    uInternet Settings,ProxyServer = http=127.0.0.1:5643
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
    TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
    mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
    mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
    mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    dRun: [JDK5SWFMZY] c:\windows\temp\Zsd.exe
    dRun: [ieftblti] c:\documents and settings\networkservice\local settings\application data\upjvbhhjr\rtnelsetssd.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
    mPolicies-system: EnableLUA = 0 (0x0)
     
  8. haybert

    haybert TS Rookie Topic Starter Posts: 24

    IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
    IE: &Download with &DAP - c:\program files\dap\dapextie.htm
    IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
     
  9. haybert

    haybert TS Rookie Topic Starter Posts: 24

    x86/client/wuweb_site.cab?1264542495658
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1264545846538
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
    DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 93.188.162.65,93.188.161.205
    TCP: {8B402738-3B49-4BAE-8067-F2232D0EEB3F} = 93.188.162.65,93.188.161.205
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-18 162768]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-26 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-26 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-26 243024]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-18 19024]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-18 40384]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-15 308136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-18 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-18 40384]
    S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
    S3 PortTalk;PortTalk;c:\windows\system32\drivers\porttalk.sys [2010-5-15 3567]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-07-19 00:29:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Alwil Software
    2010-07-15 17:13:02 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-07-15 01:30:29 0 d-----w- C:\spoolerlogs
    2010-07-15 00:07:33 34304 ----a-w- c:\windows\system32\drivers\AmdLLD.sys
    2010-07-15 00:07:32 0 d-----w- c:\program files\AMD
    2010-07-15 00:07:17 0 d-----w- c:\windows\system32\AGEIA
    2010-07-14 21:36:18 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-07-13 20:42:19 172032 ----a-w- c:\windows\system32\igfxres.dll
    2010-07-13 20:39:14 920088 ----a-w- c:\windows\system32\igxpun.exe
    2010-07-13 20:39:14 0 d-----w- c:\windows\system32\Lang
    2010-07-13 19:34:03 713728 ----a-w- c:\windows\opengl32.dll
    2010-07-13 19:11:11 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
    2010-07-13 19:11:10 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
    2010-07-13 19:11:10 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
    2010-07-13 19:11:10 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
    2010-07-13 19:11:09 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
    2010-07-13 19:11:09 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
    2010-07-13 19:11:09 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
    2010-07-13 19:11:09 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
    2010-07-13 09:18:15 0 d-----w- c:\program files\CONEXANT
    2010-07-13 00:07:32 675840 ----a-w- c:\windows\system32\NETw5c32.dll
    2010-07-13 00:07:32 6608512 ----a-w- c:\windows\system32\drivers\NETw5x32.sys
    2010-07-13 00:07:32 2756608 ----a-w- c:\windows\system32\NETw5r32.dll
    2010-07-12 18:31:37 0 d-----w- c:\windows\pss
    2010-07-12 18:25:55 101888 ----a-w- c:\windows\system32\dllcache\adpu160m.sys
    2010-07-09 20:42:22 0 d-----w- c:\program files\Convert VOB to AVI
    2010-07-02 02:21:29 0 d-----w- C:\Download
    2010-07-02 02:20:19 0 d-----w- c:\windows\XSxS
    2010-07-02 02:20:19 0 d-----w- c:\program files\Xenocode
    2010-07-01 22:32:24 0 d-----w- c:\docume~1\haybert\applic~1\Moyea
    2010-07-01 22:32:05 0 d-----w- c:\program files\Moyea
    2010-06-30 17:02:21 117760 ----a-w- c:\windows\system32\hpzll64X.dll
    2010-06-30 16:58:51 0 d-----w- c:\docume~1\haybert\applic~1\HpUpdate
    2010-06-30 15:08:12 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-06-30 15:08:12 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-06-22 19:41:48 0 d-----w- c:\program files\STARSCAPE

    ==================== Find3M ====================

    2010-07-15 17:13:05 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
    2010-07-15 17:12:11 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-06-06 16:35:50 444952 ----a-w- c:\windows\system32\wrap_oal.dll
    2010-06-06 16:35:50 109080 ----a-w- c:\windows\system32\OpenAL32.dll
    2010-06-03 19:58:01 249856 ------w- c:\windows\Setup1.exe
    2010-06-03 19:58:00 73216 ----a-w- c:\windows\ST6UNST.EXE
    2010-05-18 20:35:16 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-05-18 20:35:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-05-09 16:21:04 50628 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-05-06 10:51:23 271704 ----a-w- c:\windows\system32\hpzids01.dll
    2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
    2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
    2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
    2006-06-04 00:55:16 0 --sha-w- c:\windows\sminst\HPCD.SYS

    ============= FINISH: 1:22:15.96 ===============
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, Avast and AVG. One of them has to go.
    If AVG, make sure, you use AVG Remover: http://www.avg.com/us-en/download-tools

    When done...

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  11. haybert

    haybert TS Rookie Topic Starter Posts: 24

    MBRCheck

    Here's what it had to say:

    MBRCheck, version 1.1.1

    (c) 2010, AD



    \\.\C: --> \\.\PhysicalDrive0

    \\.\D: --> \\.\PhysicalDrive0



    Size Device Name MBR Status

    --------------------------------------------

    74 GB \\.\PhysicalDrive0 Unknown MBR code





    Found non-standard or infected MBR.

    Enter 'Y' and hit ENTER for more options, or 'N' to exit:
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Rerun MBRCheck and select option "2".
    When asked for physical disk number, enter 0 (zero).
    Next, enter 0 (zero) for MBR code.
    Post resulting log and restart computer.
     
  13. haybert

    haybert TS Rookie Topic Starter Posts: 24

    MBRCheck, version 1.1.1

    (c) 2010, AD



    \\.\C: --> \\.\PhysicalDrive0

    \\.\D: --> \\.\PhysicalDrive0



    Size Device Name MBR Status

    --------------------------------------------

    74 GB \\.\PhysicalDrive0 Unknown MBR code





    Found non-standard or infected MBR.

    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Options:

    [1] Dump the MBR of a physical disk to file.

    [2] Restore the MBR of a physical disk with a standard boot code.

    [3] Exit.



    Enter your choice: Enter the physical disk number to fix (0-99, -1 to cancel): Available MBR codes:

    [ 0] Default (Windows XP)

    [ 1] Windows XP

    [ 2] Windows Server 2003

    [ 3] Windows Vista

    [ 4] Windows 2008

    [ 5] Windows 7

    [-1] Cancel



    Please select the MBR code to write to this drive:

    Do you want to fix the MBR code? Type 'YES' and hit ENTER to continue: Successfully wrote new MBR code!

    Please reboot your computer to complete the fix.





    Done! Press ENTER to exit...



    Rebooting now.
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good :)
    If you restarted computer already, check for issues and let me know, if there are any.
     
  15. haybert

    haybert TS Rookie Topic Starter Posts: 24

    Thank you for your help so far - thank you very much!
    My issues with Google (the redirecting and such) seem to be gone, at least so far. But Microsoft Update still brings up the same error.

    Scratch that - IE is stillbeing redirected.
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    That's fine. We just fixed one issue.
    There may be others...

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  17. haybert

    haybert TS Rookie Topic Starter Posts: 24

    ComboFix

    I ran combofix; it had an issue with Daemon Tools, but it disabled it automatically.
    Here's the log, attached.
     

    Attached Files:

  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You still didn't comply with this:
    How is redirection now?
     
  19. haybert

    haybert TS Rookie Topic Starter Posts: 24

    So far, so good. I'm gonna see if I can recreate the behavior (without a new infection, of course).
    I meant to remove AVG; though, is having two AV programs that detrimental? I guess they can conflict, but AVG finds a lot of little infections - though I like Avast!'s real-time protection. How important is it that I remove one?


    EDIT:

    Oh, and Micosoft Update is working. Thank you so much!
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    It's a must. They'll conflict, they may produce false positives and they WILL slow your computer down.

    When done with removing one of them, post fresh Combofix log.

    Personally, I'm not a big fan of AVG. I prefer and I use Avast on this computer.
     
  21. haybert

    haybert TS Rookie Topic Starter Posts: 24

    I removed AVG with the tool you linked me to. Afterward I re-ran ComboFix - here's the log.
     

    Attached Files:

  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Looks good :)

    Uninstall Combofix:
    Go Start > Run [Vista users, go Start>"Start search"]
    Type in:
    Combofix /Uninstall
    Note the space between the "Combofix" and the "/Uninstall"
    Click OK (Vista users - press Enter).
    Restart computer.

    =====================================================================

    Download OTL to your Desktop.

    * Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    * Under the Custom Scan box paste this in:



    netsvcs
    drivers32 /all
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\system32\*.wt
    %systemroot%\system32\*.ruy
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\system32\spool\prtprocs\w32x86\*.tmp
    %systemroot%\*. /mp /s
    /md5start
    /md5stop
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\user32.dll /md5
    %systemroot%\system32\ws2_32.dll /md5
    %systemroot%\system32\ws2help.dll /md5
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs



    * Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  23. haybert

    haybert TS Rookie Topic Starter Posts: 24

    OTL logfile created on: 7/19/2010 3:21:46 PM - Run 1
    OTL by OldTimer - Version 3.2.9.1 Folder = C:\Documents and Settings\Haybert\Desktop\VIRUS
    Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.18702)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 79.00% Memory free
    5.00 Gb Paging File | 5.00 Gb Available in Paging File | 95.00% Paging File free
    Paging file location(s): C:\pagefile.sys 3055 3055 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 65.70 Gb Total Space | 10.65 Gb Free Space | 16.21% Space Free | Partition Type: NTFS
    Drive D: | 7.83 Gb Total Space | 4.46 Gb Free Space | 56.90% Space Free | Partition Type: NTFS
    E: Drive not present or media not loaded
    F: Drive not present or media not loaded
    G: Drive not present or media not loaded
    H: Drive not present or media not loaded
    I: Drive not present or media not loaded

    Computer Name: GLADOS
    Current User Name: Haybert
    Logged in as Administrator.

    Current Boot Mode: Normal
    Scan Mode: Current user
    Company Name Whitelist: On
    Skip Microsoft Files: On
    File Age = 90 Days
    Output = Standard
    Quick Scan

    ========== Processes (SafeList) ==========

    PRC - [2010/07/19 15:19:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haybert\Desktop\VIRUS\OTL.exe
    PRC - [2010/06/28 16:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2005/10/21 12:48:08 | 000,483,414 | R--- | M] () -- C:\Program Files\HPQ\Shared\HpqToaster.exe
    PRC - [2005/10/20 10:15:00 | 000,090,112 | ---- | M] () -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
    PRC - [2005/09/24 04:42:32 | 000,475,136 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/07/19 15:19:59 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Haybert\Desktop\VIRUS\OTL.exe
    MOD - [2008/04/13 20:12:06 | 000,250,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\sptip.dll
    MOD - [2008/04/13 20:12:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
    MOD - [2008/04/13 20:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
    MOD - [2008/04/13 12:43:18 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ime\spgrmr.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)
    SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV - [2010/06/28 16:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2005/10/20 10:15:00 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe -- (USBDeviceService)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Haybert\LOCALS~1\Temp\catchme.sys -- (catchme)
    DRV - [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
    DRV - [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
    DRV - [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
    DRV - [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
    DRV - [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV - [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
    DRV - [2010/05/31 14:58:35 | 006,608,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
    DRV - [2010/01/26 18:02:36 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
    DRV - [2009/12/18 11:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2009/04/08 14:29:52 | 000,056,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\xusb21.sys -- (xusb21)
    DRV - [2009/01/18 11:19:10 | 000,003,567 | ---- | M] (Beyond Logic http://www.beyondlogic.org) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\porttalk.sys -- (PortTalk)
    DRV - [2008/04/13 12:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
    DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)
    DRV - [2007/06/29 14:47:34 | 000,034,304 | ---- | M] (AMD, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AmdLLD.sys -- (AmdLLD)
    DRV - [2006/04/18 18:29:06 | 000,569,856 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)
    DRV - [2005/12/17 08:17:56 | 001,428,096 | ---- | M] (IntelĀ® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
    DRV - [2005/11/30 02:34:56 | 000,050,560 | ---- | M] (Micro Vision Co.,Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mvc25U870.sys -- (Mvc25U870_VID_1262&PID_25FD)
    DRV - [2005/11/16 00:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
    DRV - [2005/11/11 02:50:38 | 000,191,936 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
    DRV - [2005/10/31 22:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
    DRV - [2005/10/31 21:54:50 | 000,051,584 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
    DRV - [2005/10/12 21:07:12 | 000,874,240 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iaStor.sys -- (iaStor)
    DRV - [2005/08/21 20:07:00 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
    DRV - [2005/08/21 20:06:16 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
    DRV - [2005/08/21 20:06:10 | 000,718,464 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
    DRV - [2005/08/18 04:22:54 | 000,056,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
    DRV - [2005/05/05 14:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
    DRV - [2005/05/05 14:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
    DRV - [2001/08/17 16:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
    DRV - [2001/08/17 11:51:56 | 000,005,248 | ---- | M] (Acer Laboratories Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5643



    O1 HOSTS File: ([2010/07/19 13:31:51 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
    O4 - HKLM..\Run: [High Definition Audio Property Page Shortcut] C:\WINDOWS\System32\CHDAudPropShortcut.exe (Windows (R) Server 2003 DDK provider)
    O4 - HKLM..\Run: [RecGuard] C:\WINDOWS\SMINST\Recguard.exe ()
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Development Company, L.P.)
    O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE (Microsoft Corporation)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm ()
    O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm ()
    O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm ()
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.10.115.cab (CDownloadCtrl Object)
    O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab (Reg Error: Key error.)
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264542495658 (WUWebControl Class)
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1264545846538 (MUWebControl Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} http://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab (Enlite 2.x Simulation Engine Installer)
    O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.1.66.0.cab (SysInfo Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Haybert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Haybert\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
    NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
    NetSvcs: WmdmPmSp - File not found
     
  24. haybert

    haybert TS Rookie Topic Starter Posts: 24

    Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
    Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
    Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
    Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
    Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
    Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: VIDC.IYUV - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found
    Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
    Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
    Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
    Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
    Drivers32: VIDC.UYVY - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
    Drivers32: VIDC.YUY2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
    Drivers32: VIDC.YVYU - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
    Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
    Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 90 Days ==========

    [2010/07/19 13:33:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/07/19 13:12:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
    [2010/07/19 13:06:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
    [2010/07/19 10:55:02 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/07/19 09:50:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Desktop\VIRUS
    [2010/07/18 20:30:03 | 000,165,456 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/07/18 20:30:03 | 000,017,744 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/07/18 20:30:02 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/07/18 20:30:02 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/07/18 20:30:00 | 000,100,176 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/07/18 20:30:00 | 000,094,544 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/07/18 20:30:00 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/07/18 20:29:25 | 000,165,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/07/18 20:29:14 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
    [2010/07/18 20:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/07/16 12:29:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
    [2010/07/16 12:29:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
    [2010/07/14 21:30:29 | 000,000,000 | ---D | C] -- C:\spoolerlogs
    [2010/07/14 21:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
    [2010/07/14 21:12:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
    [2010/07/14 20:07:33 | 000,034,304 | ---- | C] (AMD, Inc.) -- C:\WINDOWS\System32\drivers\AmdLLD.sys
    [2010/07/14 20:07:32 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
    [2010/07/14 20:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Local Settings\Application Data\Downloaded Installations
    [2010/07/14 20:07:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
    [2010/07/13 16:39:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Lang
    [2010/07/13 05:19:17 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
    [2010/07/13 05:18:15 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
    [2010/07/12 14:31:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
    [2010/07/12 14:26:33 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2010/07/12 14:25:54 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2010/07/12 14:25:54 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2010/07/12 14:25:53 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2010/07/12 14:25:53 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2010/07/12 14:25:53 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2010/07/12 14:25:52 | 000,020,160 | ---- | C] (ADMtek Incorporated) -- C:\WINDOWS\System32\dllcache\adm8511.sys
    [2010/07/12 14:25:51 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2010/07/12 14:25:50 | 000,297,728 | ---- | C] (Silicon Integrated Systems Corp.) -- C:\WINDOWS\System32\dllcache\ac97sis.sys
    [2010/07/12 14:25:48 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2010/07/12 14:25:48 | 000,098,304 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
    [2010/07/12 14:25:47 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2010/07/12 14:25:46 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2010/07/12 14:25:46 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2010/07/09 16:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Convert VOB to AVI
    [2010/07/06 23:53:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Application Data\AdobeUM
    [2010/07/01 22:21:29 | 000,000,000 | ---D | C] -- C:\Download
    [2010/07/01 22:20:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\XSxS
    [2010/07/01 22:20:19 | 000,000,000 | ---D | C] -- C:\Program Files\Xenocode
    [2010/07/01 18:32:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Application Data\Moyea
    [2010/07/01 18:32:05 | 000,000,000 | ---D | C] -- C:\Program Files\Moyea
    [2010/06/30 12:58:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Application Data\HpUpdate
    [2010/06/30 12:55:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Application Data\HP
    [2010/06/30 11:08:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
    [2010/06/22 15:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\STARSCAPE
    [2010/06/22 09:55:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\STARSCAPE
    [2010/06/21 09:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\PHONE
    [2010/06/14 19:20:47 | 000,000,000 | ---D | C] -- C:\My Games
    [2010/06/07 07:23:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Runic
    [2010/06/06 20:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\Torchlight v1.15 (Official Runic)
    [2010/06/06 12:27:09 | 000,000,000 | ---D | C] -- C:\Program Files\Runic Games
    [2010/06/04 22:35:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\Application Data\runic games
    [2010/06/03 15:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\WinBig
    [2010/06/03 15:57:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\HOMEWORLD
    [2010/06/03 12:59:48 | 000,000,000 | ---D | C] -- C:\Sierra
    [2010/05/28 18:41:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\NFS Most Wanted
    [2010/05/28 18:26:51 | 000,000,000 | ---D | C] -- C:\Program Files\EA GAMES
    [2010/05/15 10:32:22 | 000,003,567 | ---- | C] (Beyond Logic http://www.beyondlogic.org) -- C:\WINDOWS\System32\drivers\porttalk.sys
    [2010/05/12 18:17:56 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator
    [2010/05/05 12:32:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\My eBooks
    [2010/04/29 18:43:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\CONDITION ZERO
    [2010/04/29 18:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Haybert\My Documents\My Downloads
    [2010/04/29 15:58:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
    [2010/04/28 20:12:31 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite
    [2010/04/25 09:33:18 | 000,000,000 | ---D | C] -- C:\Program Files\MagicISO

    ========== Files - Modified Within 90 Days ==========

    [2010/07/19 15:16:56 | 000,002,347 | -HS- | M] () -- C:\hpqp.ini
    [2010/07/19 15:16:52 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini
    [2010/07/19 15:16:42 | 000,000,431 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
    [2010/07/19 15:16:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
    [2010/07/19 15:16:02 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/07/19 15:15:59 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/19 15:14:27 | 005,505,024 | -H-- | M] () -- C:\Documents and Settings\Haybert\NTUSER.DAT
    [2010/07/19 15:14:27 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Haybert\ntuser.ini
    [2010/07/19 14:28:31 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
    [2010/07/19 14:01:45 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/07/19 13:31:51 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/07/19 13:13:05 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2010/07/19 10:55:16 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
    [2010/07/18 20:30:04 | 000,001,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/07/16 15:39:21 | 000,000,507 | ---- | M] () -- C:\WINDOWS\win.ini
    [2010/07/16 15:39:21 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/07/16 13:21:55 | 000,492,150 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
    [2010/07/16 13:21:55 | 000,422,636 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/07/16 13:21:55 | 000,062,172 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/07/16 12:30:05 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/07/15 16:26:01 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\Haybert\Desktop\Nero.lnk
    [2010/07/14 21:31:01 | 002,108,052 | -H-- | M] () -- C:\Documents and Settings\Haybert\Local Settings\Application Data\IconCache.db
    [2010/07/12 22:45:38 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/07/09 20:32:28 | 000,013,824 | ---- | M] () -- C:\Documents and Settings\Haybert\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/07/09 16:24:30 | 000,000,731 | ---- | M] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
    [2010/07/07 21:00:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
    [2010/07/07 21:00:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
    [2010/07/06 11:12:09 | 000,000,800 | ---- | M] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
    [2010/06/28 16:57:33 | 000,038,848 | ---- | M] (ALWIL Software) -- C:\WINDOWS\avastSS.scr
    [2010/06/28 16:57:12 | 000,165,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
    [2010/06/28 16:37:52 | 000,046,672 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
    [2010/06/28 16:37:30 | 000,165,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
    [2010/06/28 16:33:13 | 000,023,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
    [2010/06/28 16:32:45 | 000,100,176 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
    [2010/06/28 16:32:42 | 000,094,544 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
    [2010/06/28 16:32:33 | 000,017,744 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
    [2010/06/28 16:32:16 | 000,028,880 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
    [2010/06/25 09:43:18 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/25 09:41:39 | 000,000,714 | ---- | M] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk
    [2010/06/09 22:03:18 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
    [2010/06/09 21:20:55 | 000,251,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/06/06 12:35:50 | 000,444,952 | ---- | M] (Creative Labs) -- C:\WINDOWS\System32\wrap_oal.dll
    [2010/06/06 12:35:50 | 000,109,080 | ---- | M] (Portions (C) Creative Labs Inc. and NVIDIA Corp.) -- C:\WINDOWS\System32\OpenAL32.dll
    [2010/06/03 13:02:18 | 000,000,287 | ---- | M] () -- C:\WINDOWS\SIERRA.INI
    [2010/05/28 12:07:13 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\Vuze.lnk
    [2010/05/28 12:07:13 | 000,001,505 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Vuze.lnk
    [2010/05/15 10:09:15 | 000,000,600 | ---- | M] () -- C:\WINDOWS\Rtcw.INI
    [2010/05/09 12:21:04 | 000,050,628 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/09 10:37:29 | 000,677,028 | ---- | M] () -- C:\Documents and Settings\Haybert\My Documents\Mass_Effect_Checklist_v2_Teryx.pdf
    [2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
    [2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
    [2010/04/28 22:05:08 | 000,001,492 | ---- | M] () -- C:\Documents and Settings\Haybert\Desktop\Steam.lnk

    ========== Files Created - No Company Name ==========
     
  25. haybert

    haybert TS Rookie Topic Starter Posts: 24

    [2010/07/19 13:13:05 | 000,000,223 | ---- | C] () -- C:\Boot.bak
    [2010/07/19 13:13:01 | 000,260,272 | ---- | C] () -- C:\cmldr
    [2010/07/19 06:49:13 | 2137,051,136 | -HS- | C] () -- C:\hiberfil.sys
    [2010/07/18 20:30:04 | 000,001,700 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
    [2010/07/15 16:26:03 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\Haybert\Desktop\Nero.lnk
    [2010/07/13 15:59:21 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
    [2010/07/13 15:59:21 | 000,027,024 | ---- | C] () -- C:\WINDOWS\System32\igxpxs32.vp
    [2010/07/13 15:59:21 | 000,002,096 | ---- | C] () -- C:\WINDOWS\System32\igxpxk32.vp
    [2010/07/13 10:59:42 | 000,001,808 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    [2010/07/13 10:59:42 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
    [2010/07/13 10:59:42 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
    [2010/07/09 16:24:30 | 000,000,731 | ---- | C] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\VLC media player.lnk
    [2010/06/25 09:43:18 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Haybert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2010/06/20 08:22:56 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
    [2010/06/06 09:37:52 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
    [2010/06/03 13:00:31 | 000,000,287 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
    [2010/05/17 12:16:18 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
    [2010/05/17 12:16:18 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
    [2010/05/17 12:16:18 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
    [2010/05/17 12:16:18 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
    [2010/05/17 12:16:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
    [2010/05/17 12:16:18 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
    [2010/05/17 12:16:17 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
    [2010/05/17 12:16:17 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
    [2010/05/17 12:16:17 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
    [2010/05/17 12:16:16 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
    [2010/05/17 12:16:16 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
    [2010/05/17 12:16:16 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
    [2010/05/17 12:16:16 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
    [2010/05/17 12:16:16 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
    [2010/05/17 12:16:16 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
    [2010/05/12 18:17:59 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll
    [2010/05/09 12:21:04 | 000,050,628 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
    [2010/05/09 10:37:29 | 000,677,028 | ---- | C] () -- C:\Documents and Settings\Haybert\My Documents\Mass_Effect_Checklist_v2_Teryx.pdf
    [2010/04/25 09:44:01 | 000,000,600 | ---- | C] () -- C:\WINDOWS\Rtcw.INI
    [2010/03/02 19:03:37 | 000,625,152 | ---- | C] () -- C:\WINDOWS\System32\mp3tsshx.dll
    [2010/02/20 19:14:00 | 000,000,027 | ---- | C] () -- C:\WINDOWS\SmartAudio.INI
    [2009/11/04 23:19:08 | 000,000,024 | ---- | C] () -- C:\WINDOWS\LogonStudio.ini
    [2009/11/04 16:42:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
    [2009/04/22 00:19:06 | 000,172,173 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
    [2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
    [2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
    [2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
    [2005/12/28 13:04:20 | 000,000,698 | ---- | C] () -- C:\WINDOWS\NSSetDefaultBrowser.ini
    [2005/12/28 12:49:32 | 000,000,056 | ---- | C] () -- C:\WINDOWS\WININIT.INI
    [2005/12/28 12:47:25 | 000,000,031 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
    [2005/12/28 12:43:02 | 000,028,836 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
    [2005/11/01 15:02:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
    [2005/05/05 22:06:32 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
    [2004/08/07 09:16:44 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
    [2004/08/07 09:10:08 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini

    ========== LOP Check ==========

    [2009/12/06 11:45:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy
    [2010/07/18 20:29:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
    [2010/07/19 14:12:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
    [2009/11/05 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/11/04 21:26:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/11/04 23:22:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
    [2010/04/19 18:58:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\myitlab
    [2009/11/04 19:42:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpeedBit
    [2009/12/23 20:30:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Westwood Studios
    [2010/07/15 16:26:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haybert\Application Data\Azureus
    [2010/01/26 17:33:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haybert\Application Data\DAEMON Tools Lite
    [2010/07/01 18:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haybert\Application Data\Moyea
    [2010/06/06 12:51:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haybert\Application Data\runic games
    [2010/07/09 20:32:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Haybert\Application Data\Vso

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/07/16 15:39:21 | 000,000,223 | ---- | M] () -- C:\Boot.bak
    [2010/07/19 13:13:05 | 000,000,293 | RHS- | M] () -- C:\boot.ini
    [2010/04/03 18:01:14 | 000,002,533 | ---- | M] () -- C:\bos.cfg
    [2010/04/03 18:01:14 | 000,000,000 | ---- | M] () -- C:\bos_log.txt
    [2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
    [2010/05/06 14:06:45 | 000,003,637 | ---- | M] () -- C:\deltaStartup.log
    [2010/04/21 15:14:33 | 000,000,081 | ---- | M] () -- C:\DVDPATH.TXT
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2008/04/11 11:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2010/03/06 09:10:11 | 000,001,492 | ---- | M] () -- C:\ff8input.cfg
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2010/07/19 15:15:59 | 2137,051,136 | -HS- | M] () -- C:\hiberfil.sys
    [2010/07/19 15:16:56 | 000,002,347 | -HS- | M] () -- C:\hpqp.ini
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2008/04/11 09:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 09:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 09:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 09:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 09:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 09:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 11:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 09:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 09:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2010/02/21 12:09:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/02/21 12:09:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/04 04:00:00 | 000,047,564 | RHS- | M] () -- C:\ntdetect.com
    [2010/01/26 19:05:20 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2010/07/19 15:15:57 | 3203,399,680 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI
    [2010/07/19 15:16:52 | 000,000,039 | ---- | M] () -- C:\XP_TV.ini

    < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
    [2006/10/14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
    [2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp5ha.dll
    [2008/08/18 11:39:04 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\hpzpp64X.dll

    < %systemroot%\system32\*.wt >

    < %systemroot%\system32\*.ruy >

    < %systemroot%\Fonts\*.com >
    [2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >
    [2005/09/24 04:49:16 | 000,012,288 | ---- | M] (Hewlett-Packard Development Company, L.P.) -- C:\WINDOWS\Fonts\RandFont.dll

    < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

    < %systemroot%\*. /mp /s >


    < %systemroot%\system32\*.dll /lockedfiles >

    < %systemroot%\Tasks\*.job /lockedfiles >

    < %systemroot%\System32\config\*.sav >
    [2004/08/07 01:45:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2004/08/07 01:45:26 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2004/08/07 01:45:26 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %systemroot%\system32\user32.dll /md5 >
    [2008/04/13 20:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll

    < %systemroot%\system32\ws2_32.dll /md5 >
    [2008/04/13 20:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll

    < %systemroot%\system32\ws2help.dll /md5 >
    [2008/04/13 20:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
    < End of report >
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...