Inactive Google redirect problem

Status
Not open for further replies.
H

HendrixLove

Posts: 12   +0
I keep getting redirected to other sites when clicking on links through google. I've had this problem for weeks now.

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7475

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

8/15/2011 5:54:54 PM
mbam-log-2011-08-15 (17-54-53).txt

Scan type: Quick scan
Objects scanned: 153975
Time elapsed: 7 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\localservice\application data\02000000ee67bfa11406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ee67bfa11406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ee67bfa11406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\documents and settings\localservice\application data\02000000ee67bfa11406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ee67bfa11406c.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ee67bfa11406o.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ee67bfa11406p.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\02000000ee67bfa11406s.manifest (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\atkctrs32.dll (Trojan.Tracur) -> Quarantined and deleted successfully.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-15 19:43:35
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 WDC_WD800JB-00JJC0 rev.05.01C05
Running: wsxpi9qb.exe; Driver: C:\DOCUME~1\BUDDYR~1\LOCALS~1\Temp\pflcapow.sys


---- System - GMER 1.0.15 ----

SSDT F8C7919C ZwClose
SSDT F8C79156 ZwCreateKey
SSDT F8C791A6 ZwCreateSection
SSDT F8C7914C ZwCreateThread
SSDT F8C7915B ZwDeleteKey
SSDT F8C79165 ZwDeleteValueKey
SSDT F8C79197 ZwDuplicateObject
SSDT F8C7916A ZwLoadKey
SSDT F8C79138 ZwOpenProcess
SSDT F8C7913D ZwOpenThread
SSDT F8C79174 ZwReplaceKey
SSDT F8C7916F ZwRestoreKey
SSDT F8C791AB ZwSetContextThread
SSDT F8C79160 ZwSetValueKey
SSDT F8C79147 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? uplwpmqn.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Real\RealPlayer\update\realsched.exe[2656] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] ntdll.dll!LdrLoadDll 7C91632D 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!getaddrinfo 71AB2A6F 5 Bytes JMP 008D2B4B C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!closesocket 71AB3E2B 5 Bytes JMP 008D2AD5 C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!WSASocketW 71AB404E 7 Bytes JMP 008D29FC C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!bind 71AB4480 5 Bytes JMP 008D2986 C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!connect 71AB4A07 5 Bytes JMP 008D2A5F C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!gethostbyname 71AB5355 5 Bytes JMP 008D2AFF C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!WSAAsyncGetHostByName 71ABE99D 5 Bytes JMP 008D2B99 C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\firefox.exe[2792] WS2_32.dll!WSAConnect 71AC0C81 5 Bytes JMP 008D2A94 C:\WINDOWS\system32\netevent32.dll (BulletStorm/People Can Fly)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2988] USER32.dll!GetWindowInfo 7E42C49C 5 Bytes JMP 104A5451 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[2988] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104A5A99 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_22
Run by Buddy Rich at 19:49:44 on 2011-08-15
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.173 [GMT -7:00]
.
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\WINDOWS\system32\kbdtat32.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\atkctrs32.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Real\RealPlayer\update\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
BHO: {18C2AE25-2A33-41EC-9A42-48F721A64C8e} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAEMAQQBNADEANQAtAEEAWgBZADQAOAAtAFQATAA2AFkAOAAtADkAVQBCAFUAUgAtADcAVABHAFYAUwAtADQARgBTAFUANgA"&"inst=NwA2AC0ANwA2ADEAMAA1ADgAOAA2ADcALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA"&"prod=92"&"ver=9.0.894
StartupFolder: c:\docume~1\buddyr~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\amazon~1.lnk - c:\program files\amazon\amazon unbox video\ADVWindowsClientSystemTray.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289537335031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: TPSvc - TPSvc.dll
AppInit_DLLs: c:\windows\system32\netevent32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\buddy rich\application data\mozilla\firefox\profiles\khu7bv1a.default\
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\buddy rich\application data\mozilla\firefox\profiles\khu7bv1a.default\extensions\battlefieldheroespatcher@ea.com\plugins\npBFHUpdater.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-8-15 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-8-15 136360]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-8-15 269480]
R2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\kbdtat32.exe [2011-8-15 715776]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-8-15 66616]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-23 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-23 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-3 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-23 41272]
.
=============== Created Last 30 ================
.
2011-08-15 23:56:20 -------- d-----w- c:\windows\system32\NtmsData
2011-08-15 23:50:29 -------- d-----w- c:\documents and settings\buddy rich\application data\Avira
2011-08-15 23:48:05 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-15 23:48:01 -------- d-----w- c:\program files\Avira
2011-08-15 23:48:01 -------- d-----w- c:\documents and settings\all users\application data\Avira
2011-08-15 14:06:30 715776 ----a-w- c:\windows\system32\atkctrs32.exe
2011-08-15 14:06:29 157184 ----a-w- c:\windows\system32\netevent32.dll
2011-08-15 14:06:28 715776 ----a-w- c:\windows\system32\kbdtat32.exe
2011-08-11 04:38:20 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 04:38:19 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 10:16:24 -------- d-----w- c:\documents and settings\buddy rich\local settings\application data\Temp
2011-08-03 10:15:49 -------- d-----w- c:\documents and settings\buddy rich\local settings\application data\Google
2011-08-02 08:18:28 -------- d-----w- c:\program files\Amazon
2011-07-31 06:31:53 -------- d-----w- c:\program files\Project64 1.6
2011-07-24 01:43:33 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 08:30:05 -------- d-----w- c:\documents and settings\buddy rich\application data\Malwarebytes
2011-07-23 08:29:59 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-23 08:29:58 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-07-23 08:29:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 08:29:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-23 08:06:54 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-07-23 07:01:17 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-23 07:01:13 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-23 07:00:56 -------- d-----w- c:\windows\Logs
2011-07-22 23:16:13 -------- d-----w- c:\documents and settings\buddy rich\local settings\application data\ApplicationHistory
2011-07-22 22:26:00 0 ---ha-w- c:\documents and settings\buddy rich\xwgmlgcanr.tmp
2011-07-22 06:02:03 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-22 06:02:03 138056 ----a-w- c:\documents and settings\buddy rich\application data\PnkBstrK.sys
2011-07-22 06:01:46 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-22 06:01:46 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-22 06:01:42 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-22 04:43:43 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-22 04:43:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2011-07-22 04:42:34 -------- d-----w- c:\program files\ATI Technologies
2011-07-22 04:41:54 32768 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2011-07-22 04:41:54 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2011-07-22 04:41:54 176128 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2011-07-22 04:41:53 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2011-07-22 04:41:53 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2011-07-22 04:41:03 -------- d-----w- C:\6.5_Win2kXP9250AGPAnd9550AGP
2011-07-18 06:13:05 -------- d-----w- c:\program files\New Folder
.
==================== Find3M ====================
.
2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45:58 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45:57 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45:57 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45:57 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47:20 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44:52 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02:05 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 00:30:07 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-31 00:30:07 472808 ----a-w- c:\windows\system32\deployJava1.dll
.
============= FINISH: 19:51:00.60 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/11/2010 5:35:20 PM
System Uptime: 8/15/2011 5:56:25 PM (2 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P4B-LA
Processor: Intel(R) Pentium(R) 4 CPU 1.50GHz | PGA 478 | 1494/100mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 19.715 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP359: 8/13/2011 11:45:53 PM - System Checkpoint
RP360: 8/15/2011 6:41:04 AM - System Checkpoint
RP361: 8/15/2011 4:40:05 PM - Removed HiJackThis
RP362: 8/15/2011 4:40:43 PM - Removed Project64 1.6
.
==== Installed Programs ======================
.
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.0
Amazon Unbox Video
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Avira AntiVir Personal - Free Antivirus
AVS Update Manager 1.0
AVS Video Converter 8
AVS4YOU Software Navigator 1.4
BitTornado 0.3.17
Bonjour
Cisco Connect
DivX Setup
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB954550-v5)
hp deskjet 845c series (Remove only)
iTunes
Java Auto Updater
Java(TM) 6 Update 22
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 5.0 (x86 en-US)
NetAssistant
NetAssistant for Firefox
Octoshape add-in for Adobe Flash Player
QuickTime
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 7 (KB2360131)
Security Update for Windows Internet Explorer 7 (KB2416400)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB2530548)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2559049)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB923789)
TouchCopy 09
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.7
WebFldrs XP
Wiley CPA Exam: How to Master Simulations
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
8/8/2011 3:37:18 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference error message: The referenced assembly is not installed on your system. .
8/8/2011 3:37:18 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll. Reference error message: The operation completed successfully. .
8/8/2011 3:37:18 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC90.DebugCRT could not be found and Last Error was The referenced assembly is not installed on your system.
8/15/2011 6:11:27 PM, error: atapi [9] - The device, \Device\Ide\IdePort0, did not respond within the timeout period.
8/15/2011 6:05:53 PM, error: E100B [4] - Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down
8/15/2011 5:28:01 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Amazon Unbox Video Service service to connect.
8/15/2011 4:40:08 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
8/13/2011 9:56:12 PM, error: HTTP [15005] - Unable to bind to the underlying transport for 0.0.0.0:2869. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine. The data field contains the error number.
8/13/2011 3:07:21 AM, error: Dhcp [1002] - The IP address lease 192.168.1.141 for the Network Card with network address 00E01845525B has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan:


On completion of the scan click "Save log", save it to your desktop and post in your next reply:


NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

==============================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-15 21:31:45
-----------------------------
21:31:45.546 OS Version: Windows 5.1.2600 Service Pack 3
21:31:45.546 Number of processors: 1 586 0x102
21:31:45.546 ComputerName: RAUL-597EO7NO90 UserName: Buddy Rich
21:31:47.078 Initialize success
21:33:33.578 AVAST engine defs: 11081501
21:33:59.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:33:59.421 Disk 0 Vendor: WDC_WD800JB-00JJC0 05.01C05 Size: 76319MB BusType: 3
21:34:01.578 Disk 0 MBR read successfully
21:34:01.578 Disk 0 MBR scan
21:34:01.781 Disk 0 Windows XP default MBR code
21:34:01.906 Disk 0 scanning sectors +156280320
21:34:02.390 Disk 0 scanning C:\WINDOWS\system32\drivers
21:35:19.390 Service scanning
21:35:21.015 Modules scanning
21:36:28.343 Disk 0 trace - called modules:
21:36:28.390 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys intelide.sys PCIIDEX.SYS
21:36:28.390 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82389ab8]
21:36:28.390 3 CLASSPNP.SYS[f8585fd7] -> nt!IofCallDriver -> \Device\00000055[0x8239af18]
21:36:28.406 5 ACPI.sys[f84ec620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8238d940]
21:36:28.984 AVAST engine scan C:\WINDOWS
21:37:00.562 AVAST engine scan C:\WINDOWS\system32
21:48:34.656 AVAST engine scan C:\WINDOWS\system32\drivers
21:50:51.578 AVAST engine scan C:\Documents and Settings\Buddy Rich
21:55:27.406 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Buddy Rich\Desktop\MBR.dat"
21:55:27.421 The log file has been saved successfully to "C:\Documents and Settings\Buddy Rich\Desktop\aswMBR.txt"


ComboFix 11-08-15.08 - Buddy Rich 08/15/2011 23:03:47.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.277 [GMT -7:00]
Running from: c:\documents and settings\Buddy Rich\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\{d0cd8e64-6c96-4811-aba6-6784c37366f8}
c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\{d0cd8e64-6c96-4811-aba6-6784c37366f8}\chrome.manifest
c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\{d0cd8e64-6c96-4811-aba6-6784c37366f8}\chrome\xulcache.jar
c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\{d0cd8e64-6c96-4811-aba6-6784c37366f8}\defaults\preferences\xulcache.js
c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\{d0cd8e64-6c96-4811-aba6-6784c37366f8}\install.rdf
c:\documents and settings\Buddy Rich\xwgmlgcanr.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-07-16 to 2011-08-16 )))))))))))))))))))))))))))))))
.
.
2011-08-15 23:56 . 2011-08-16 00:17 -------- d-----w- c:\windows\system32\NtmsData
2011-08-15 23:50 . 2011-08-15 23:50 -------- d-----w- c:\documents and settings\Buddy Rich\Application Data\Avira
2011-08-15 23:48 . 2011-07-21 19:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-15 23:48 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-15 23:48 . 2011-07-21 19:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-15 23:48 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-15 23:48 . 2011-08-15 23:48 -------- d-----w- c:\program files\Avira
2011-08-15 23:48 . 2011-08-15 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-15 14:06 . 2011-08-15 14:06 715776 ----a-w- c:\windows\system32\atkctrs32.exe
2011-08-15 14:06 . 2011-08-15 14:06 157184 ----a-w- c:\windows\system32\netevent32.dll
2011-08-15 14:06 . 2011-08-15 14:06 715776 ----a-w- c:\windows\system32\kbdtat32.exe
2011-08-11 04:38 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 04:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 10:21 . 2011-08-03 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-03 10:16 . 2011-08-03 10:21 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\Temp
2011-08-03 10:16 . 2011-08-03 10:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-03 10:15 . 2011-08-03 10:20 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\Google
2011-08-03 10:15 . 2011-08-03 10:17 -------- d-----w- c:\program files\Google
2011-08-02 08:18 . 2011-08-02 08:18 -------- d-----w- c:\program files\Amazon
2011-07-31 06:31 . 2011-08-15 23:40 -------- d-----w- c:\program files\Project64 1.6
2011-07-24 01:43 . 2011-07-24 01:43 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 08:30 . 2011-07-23 08:30 -------- d-----w- c:\documents and settings\Buddy Rich\Application Data\Malwarebytes
2011-07-23 08:29 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-23 08:29 . 2011-08-03 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-23 08:29 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 08:06 . 2011-07-23 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-23 07:01 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-23 07:01 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-23 07:00 . 2011-08-03 10:23 -------- d-----w- c:\windows\Logs
2011-07-22 23:16 . 2011-07-23 19:04 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\ApplicationHistory
2011-07-22 06:02 . 2011-07-22 06:02 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-22 06:02 . 2011-07-22 06:02 138056 ----a-w- c:\documents and settings\Buddy Rich\Application Data\PnkBstrK.sys
2011-07-22 06:01 . 2011-07-22 06:01 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-22 06:01 . 2011-07-22 06:01 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-22 06:01 . 2011-07-22 06:01 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-22 04:43 . 2011-07-22 04:43 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-22 04:43 . 2005-12-12 04:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2011-07-22 04:42 . 2011-07-22 04:42 -------- d-----w- c:\program files\ATI Technologies
2011-07-22 04:41 . 2011-07-22 04:41 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-22 04:41 . 2011-07-22 04:41 -------- d-----w- C:\6.5_Win2kXP9250AGPAnd9550AGP
2011-07-18 06:13 . 2011-08-16 03:52 -------- d-----w- c:\program files\New Folder
2011-07-17 06:15 . 2011-07-17 06:15 -------- d-----w- c:\program files\Microsoft Silverlight
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2003-03-31 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-11-12 01:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2006-06-23 19:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2003-03-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 00:30 . 2011-05-31 00:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-31 00:30 . 2011-05-31 00:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-07-11 00:14 . 2011-05-25 07:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-05 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-17 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAEMAQQBNADEANQAtAEEAWgBZADQAOAAtAFQATAA2AFkAOAAtADkAVQBCAFUAUgAtADcAVABHAFYAUwAtADQARgBTAFUANgA&inst=NwA2AC0ANwA2ADEAMAA1ADgAOAA2ADcALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA&prod=92&ver=9.0.894" [?]
.
c:\documents and settings\Buddy Rich\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\netevent32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2011 4:48 PM 136360]
R2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\kbdtat32.exe [8/15/2011 7:06 AM 715776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/23/2011 1:29 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/23/2011 1:29 AM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2011 3:16 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2011 3:16 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [7/23/2011 1:29 AM 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 10:15]
.
2011-08-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 10:15]
.
2011-08-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-08-16 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.5.244.5 8.15.12.6 192.168.1.1
FF - ProfilePath - c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{18C2AE25-2A33-41EC-9A42-48F721A64C8e} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-TPSvc - TPSvc.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-15 23:13
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-15 23:17:47
ComboFix-quarantined-files.txt 2011-08-16 06:17
.
Pre-Run: 21,086,666,752 bytes free
Post-Run: 21,287,862,272 bytes free
.
- - End Of File - - CBAE6F8CAFF33BE128BBC33D2DA2BE7F
 
Looks good :)

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Scan All Users checkbox.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
This morning when I got on I was still getting redirected. I'd click on a link and it would take me to a blank page that said "Submit Query" on the top left hand corner of the page. It would stay on that page or just redirect me to something else like find-answers.com for example.

OTL logfile created on: 8/16/2011 3:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buddy Rich\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 124.04 Mb Available Physical Memory | 24.25% Memory free
1.22 Gb Paging File | 0.56 Gb Available in Paging File | 45.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.66 Gb Free Space | 25.04% Space Free | Partition Type: NTFS

Computer Name: RAUL-597EO7NO90 | User Name: Buddy Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 15:55:18 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Buddy Rich\My Documents\Downloads\OTL.exe
PRC - [2011/08/15 07:06:07 | 000,715,776 | ---- | M] (People Can Fly) -- C:\WINDOWS\system32\kbdtat32.exe
PRC - [2011/08/15 07:06:07 | 000,715,776 | ---- | M] (People Can Fly) -- C:\WINDOWS\system32\atkctrs32.exe
PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/07/10 17:14:44 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/06 19:52:38 | 000,449,584 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/04/21 07:54:05 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2011/04/21 07:53:33 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/11/17 01:09:58 | 000,274,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe


========== Modules (No Company Name) ==========

MOD - [2011/07/21 15:12:31 | 000,355,688 | ---- | M] () -- C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2011/07/10 17:14:43 | 001,850,328 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/12/09 12:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010/12/09 12:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010/11/11 21:21:22 | 005,971,408 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2010/02/05 11:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/02/14 06:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/08/15 07:06:07 | 000,715,776 | ---- | M] (People Can Fly) [Auto | Running] -- C:\WINDOWS\system32\kbdtat32.exe -- (aspnet_state32)
SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/07/06 19:52:38 | 000,366,640 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/09/13 11:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/07/06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2011/07/06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2010/06/17 15:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/06/17 15:27:12 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2008/04/13 11:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2005/12/11 19:40:42 | 001,414,656 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2003/03/31 15:29:00 | 000,625,537 | ---- | M] (LT) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 AE C2 18 33 2A EC 41 9A 42 48 F7 21 A6 4C 8E [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 AE C2 18 33 2A EC 41 9A 42 48 F7 21 A6 4C 8E [binary data]
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 AE C2 18 33 2A EC 41 9A 42 48 F7 21 A6 4C 8E [binary data]
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 AE C2 18 33 2A EC 41 9A 42 48 F7 21 A6 4C 8E [binary data]
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
IE - HKU\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 25 AE C2 18 33 2A EC 41 9A 42 48 F7 21 A6 4C 8E [binary data]
IE - HKU\S-1-5-21-2000478354-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2000478354-688789844-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\System32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/11/17 01:10:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/07/10 17:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/30 17:30:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1266764D-FC4F-4FA7-B63B-884D53B1680F}: C:\Documents and Settings\Buddy Rich\Application Data\NetAssistant\ [2011/05/24 23:41:03 | 000,000,000 | ---D | M]

[2011/05/25 00:04:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy Rich\Application Data\Mozilla\Extensions
[2011/08/15 23:12:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions
[2011/07/21 22:45:31 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Documents and Settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\extensions\battlefieldheroespatcher@ea.com
[2011/05/30 17:30:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/30 17:30:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) --
[2011/05/30 17:30:08 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/28 22:46:20 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/07/10 17:14:44 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/30 17:30:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/15 23:13:33 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb03.exe (HP)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2000478354-688789844-725345543-1004\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKU\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1289537335031 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.5.244.5 8.15.12.6 192.168.1.1
O20 - AppInit_DLLs: (C:\WINDOWS\system32\netevent32.dll) - C:\WINDOWS\system32\netevent32.dll (People Can Fly)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/11/11 18:32:12 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2000478354-688789844-725345543-1004\...exe [@ = exefile] -- Reg Error: Key error. File not found

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.yv12 - C:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/08/16 03:58:55 | 000,331,776 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\atkctrs32.dll
[2011/08/15 23:19:03 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/15 22:27:16 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/08/15 22:24:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/15 22:24:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/15 22:24:43 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/15 22:24:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/15 22:24:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/15 22:24:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/15 22:01:16 | 004,173,282 | R--- | C] (Swearware) -- C:\Documents and Settings\Buddy Rich\Desktop\ComboFix.exe
[2011/08/15 16:56:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011/08/15 16:50:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\Application Data\Avira
[2011/08/15 16:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Avira
[2011/08/15 16:48:07 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2011/08/15 16:48:06 | 000,138,192 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/08/15 16:48:06 | 000,022,360 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntmgr.sys
[2011/08/15 16:48:05 | 000,066,616 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/08/15 16:48:05 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntdd.sys
[2011/08/15 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/15 16:48:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Avira
[2011/08/15 07:06:30 | 000,715,776 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\atkctrs32.exe
[2011/08/15 07:06:29 | 000,157,184 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\netevent32.dll
[2011/08/15 07:06:28 | 000,715,776 | ---- | C] (People Can Fly) -- C:\WINDOWS\System32\kbdtat32.exe
[2011/08/14 10:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/08/14 10:37:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/08/13 22:44:17 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Buddy Rich\Recent
[2011/08/03 03:21:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google
[2011/08/03 03:17:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Chrome
[2011/08/03 03:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\Local Settings\Application Data\Temp
[2011/08/03 03:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2011/08/03 03:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/08/03 03:15:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\Local Settings\Application Data\Google
[2011/08/02 01:18:28 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2011/08/02 01:17:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Amazon
[2011/07/30 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files\Project64 1.6
[2011/07/26 14:02:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\My Documents\Downloads
[2011/07/23 18:43:33 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/07/23 01:30:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\Application Data\Malwarebytes
[2011/07/23 01:29:59 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/07/23 01:29:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/07/23 01:29:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/07/23 01:29:55 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/07/23 01:29:55 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/07/23 01:06:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2011/07/23 00:00:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\Logs
[2011/07/22 16:16:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Buddy Rich\Local Settings\Application Data\ApplicationHistory
[2011/07/21 21:43:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\URTTEMP
[2011/07/21 21:42:34 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2011/07/21 21:41:50 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2011/07/21 21:41:03 | 000,000,000 | ---D | C] -- C:\6.5_Win2kXP9250AGPAnd9550AGP
[2011/07/17 23:13:05 | 000,000,000 | ---D | C] -- C:\Program Files\New Folder
[2011/05/17 21:20:37 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/16 15:26:02 | 000,000,894 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/16 15:17:43 | 000,000,021 | ---- | M] () -- C:\WINDOWS\System32\58c930d1
[2011/08/16 12:28:17 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-688789844-725345543-1004.job
[2011/08/16 12:28:16 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-688789844-725345543-1004.job
[2011/08/16 12:28:13 | 000,000,890 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/16 12:28:09 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/16 12:25:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/16 12:24:57 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/15 23:55:19 | 000,148,480 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/15 23:13:33 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/15 22:27:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/08/15 22:02:11 | 004,173,282 | R--- | M] (Swearware) -- C:\Documents and Settings\Buddy Rich\Desktop\ComboFix.exe
[2011/08/15 21:55:27 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Desktop\MBR.dat
[2011/08/15 07:06:29 | 000,157,184 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\netevent32.dll
[2011/08/15 07:06:29 | 000,000,105 | ---- | M] () -- C:\WINDOWS\System32\1927749793
[2011/08/15 07:06:07 | 000,715,776 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\kbdtat32.exe
[2011/08/15 07:06:07 | 000,715,776 | ---- | M] (People Can Fly) -- C:\WINDOWS\System32\atkctrs32.exe
[2011/08/11 02:29:53 | 000,444,146 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/11 02:29:53 | 000,072,404 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/06 11:37:15 | 1471,276,812 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\My Documents\Win Win.avi
[2011/08/03 03:17:42 | 000,001,791 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/02 01:17:55 | 000,001,701 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/07/23 11:41:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/07/23 01:20:03 | 000,000,512 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/21 23:02:03 | 000,138,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/07/21 23:02:03 | 000,138,056 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Application Data\PnkBstrK.sys
[2011/07/21 23:01:46 | 000,189,248 | ---- | M] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/07/21 22:07:45 | 000,000,531 | ---- | M] () -- C:\WINDOWS\eReg.dat
[2011/07/21 21:42:34 | 000,001,321 | ---- | M] () -- C:\WINDOWS\ATICIM.INI
[2011/07/21 12:15:21 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011/07/21 12:15:19 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2011/07/20 21:04:47 | 000,001,744 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/07/18 21:02:59 | 000,001,632 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/15 22:27:21 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/08/15 22:27:18 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/08/15 22:24:43 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/15 22:24:43 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/15 22:24:43 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/15 22:24:43 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/15 22:24:43 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/15 21:55:27 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Buddy Rich\Desktop\MBR.dat
[2011/08/15 20:18:33 | 000,000,021 | ---- | C] () -- C:\WINDOWS\System32\58c930d1
[2011/08/15 13:00:04 | 1471,276,812 | ---- | C] () -- C:\Documents and Settings\Buddy Rich\My Documents\Win Win.avi
[2011/08/03 03:17:42 | 000,001,791 | ---- | C] () -- C:\Documents and Settings\Buddy Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/08/03 03:16:15 | 000,000,894 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/03 03:16:13 | 000,000,890 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/02 01:17:55 | 000,001,701 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk
[2011/07/23 01:19:51 | 000,000,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2011/07/22 15:22:45 | 000,000,105 | ---- | C] () -- C:\WINDOWS\System32\1927749793
[2011/07/21 23:02:03 | 000,138,056 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2011/07/21 23:02:03 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Buddy Rich\Application Data\PnkBstrK.sys
[2011/07/21 23:01:46 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2011/07/21 23:01:46 | 000,189,248 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.ex0
[2011/07/21 23:01:42 | 000,075,136 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2011/07/21 22:07:45 | 000,000,531 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2011/07/21 21:43:05 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2011/07/21 21:42:34 | 000,001,321 | ---- | C] () -- C:\WINDOWS\ATICIM.INI
[2011/07/21 21:09:39 | 536,449,024 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/17 21:22:35 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2011/05/17 21:20:42 | 000,000,134 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/05/17 21:20:37 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/05/17 21:20:37 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2011/05/17 21:20:37 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/05/17 21:20:37 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/05/17 21:20:37 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2011/01/23 15:00:09 | 000,001,632 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/11/14 22:47:21 | 000,000,376 | ---- | C] () -- C:\WINDOWS\mozregistry.dat
[2010/11/14 13:54:52 | 000,148,480 | ---- | C] () -- C:\Documents and Settings\Buddy Rich\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/12 20:06:08 | 000,001,744 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/11/12 13:44:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010/11/11 18:42:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/11/11 18:35:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/11/11 18:28:46 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/11/11 10:17:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/11/11 10:16:07 | 000,267,800 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/12/08 14:01:06 | 000,112,421 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,444,146 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,072,404 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/08/02 01:18:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/03/02 15:53:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2011/03/30 00:51:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/07/23 01:27:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/11/26 20:41:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/02/27 16:38:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy Rich\Application Data\.BitTornado
[2011/05/24 23:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy Rich\Application Data\NetAssistant
[2011/08/16 13:27:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Buddy Rich\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/11/11 18:32:12 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/12 19:46:22 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/08/15 22:27:22 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/08/15 23:17:49 | 000,012,821 | ---- | M] () -- C:\ComboFix.txt
[2010/11/11 18:32:12 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/08/16 12:24:57 | 536,449,024 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/11 18:32:12 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2010/11/11 18:32:12 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/12 19:40:13 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/11/14 20:42:55 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/08/16 12:24:55 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >
[2006/04/18 16:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 15:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 16:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 15:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/11/11 18:31:41 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 05:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/10/26 20:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 03:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/11/11 10:15:21 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/11/11 10:15:21 | 000,602,112 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/11/11 10:15:21 | 000,389,120 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/11/14 20:48:41 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/13 00:48:11 | 000,000,177 | -HS- | M] () -- C:\Documents and Settings\Buddy Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/11/11 18:39:30 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/08/15 22:02:11 | 004,173,282 | R--- | M] (Swearware) -- C:\Documents and Settings\Buddy Rich\Desktop\ComboFix.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/13 00:48:11 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Buddy Rich\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/08/16 15:37:26 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Buddy Rich\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 23:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 17:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/12/17 11:23:28 | 000,015,692 | ---- | M] () -- C:\Program Files\Messenger\license.txt
[2002/12/17 11:23:22 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/12/17 11:23:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/12/17 11:23:28 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 07:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 10:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 17:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 16:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/12/17 11:23:18 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/12/17 11:23:18 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/12/17 11:23:18 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/12/17 11:23:24 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< End of report >
 
OTL Extras logfile created on: 8/16/2011 3:56:55 PM - Run 1
OTL by OldTimer - Version 3.2.26.4 Folder = C:\Documents and Settings\Buddy Rich\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.53 Mb Total Physical Memory | 124.04 Mb Available Physical Memory | 24.25% Memory free
1.22 Gb Paging File | 0.56 Gb Available in Paging File | 45.76% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 18.66 Gb Free Space | 25.04% Space Free | Partition Type: NTFS

Computer Name: RAUL-597EO7NO90 | User Name: Buddy Rich | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\BitTornado\btdownloadgui.exe" = C:\Program Files\BitTornado\btdownloadgui.exe:*:Enabled:btdownloadgui -- ()
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1266764D-FC4F-4FA7-B63B-884D53B1680F}" = NetAssistant
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{538183EA-2FDB-450C-84A1-56AEA6FF1DFA}" = TouchCopy 09
"{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{926CC8AE-8414-43DF-8EB4-CF26D9C3C663}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.4
"AVS4YOU Video Converter 7_is1" = AVS Video Converter 8
"BitTornado" = BitTornado 0.3.17
"Cisco Connect" = Cisco Connect
"DivX Setup.divx.com" = DivX Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Chrome" = Google Chrome
"hp deskjet 845c series" = hp deskjet 845c series (Remove only)
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{54A4839E-87F8-4BD1-9682-A349E9943F0A}" = Amazon Unbox Video
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 12.0" = RealPlayer
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.7
"Wiley CPA Exam: How to Master Simulations" = Wiley CPA Exam: How to Master Simulations
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2000478354-688789844-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"NetAssistant" = NetAssistant for Firefox
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/18/2011 1:37:51 AM | Computer Name = RAUL-597EO7NO90 | Source = Application Hang | ID = 1002
Description = Hanging application explorer.exe, version 6.0.2900.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/19/2011 2:43:15 AM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03fc9296.

Error - 5/25/2011 2:15:02 AM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03ea4000.

Error - 5/30/2011 12:49:03 AM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module divxdec.ax, version 7.1.1.14, fault address 0x000792a4.

Error - 6/5/2011 8:01:28 PM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03da92a3.

Error - 6/5/2011 10:03:49 PM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x040a7000.

Error - 6/9/2011 2:18:00 PM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03c29295.

Error - 6/10/2011 8:31:07 PM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 6/15/2011 3:56:15 PM | Computer Name = RAUL-597EO7NO90 | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module unknown, version 0.0.0.0, fault address 0x03c79292.

Error - 6/16/2011 4:35:01 AM | Computer Name = RAUL-597EO7NO90 | Source = Application Hang | ID = 1002
Description = Hanging application iTunes.exe, version 10.1.0.56, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/15/2011 9:05:53 PM | Computer Name = RAUL-597EO7NO90 | Source = E100B | ID = 262148
Description = Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Error - 8/15/2011 9:11:27 PM | Computer Name = RAUL-597EO7NO90 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/15/2011 9:25:16 PM | Computer Name = RAUL-597EO7NO90 | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 8/15/2011 10:49:19 PM | Computer Name = RAUL-597EO7NO90 | Source = E100B | ID = 262148
Description = Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Down

Error - 8/16/2011 3:25:55 PM | Computer Name = RAUL-597EO7NO90 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Amazon Unbox Video Service
service to connect.

Error - 8/16/2011 5:11:12 PM | Computer Name = RAUL-597EO7NO90 | Source = Service Control Manager | ID = 7034
Description = The ASP.NET State Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 8/16/2011 6:18:30 PM | Computer Name = RAUL-597EO7NO90 | Source = Service Control Manager | ID = 7034
Description = The ASP.NET State Service service terminated unexpectedly. It has
done this 2 time(s).

Error - 8/16/2011 6:37:26 PM | Computer Name = RAUL-597EO7NO90 | Source = SideBySide | ID = 16842784
Description = Dependent Assembly Microsoft.VC90.DebugCRT could not be found and
Last Error was The referenced assembly is not installed on your system.

Error - 8/16/2011 6:37:26 PM | Computer Name = RAUL-597EO7NO90 | Source = SideBySide | ID = 16842811
Description = Resolve Partial Assembly failed for Microsoft.VC90.DebugCRT. Reference
error message: The referenced assembly is not installed on your system. .

Error - 8/16/2011 6:37:26 PM | Computer Name = RAUL-597EO7NO90 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context failed for C:\Program Files\Real\RealPlayer\plugins\rmxrend.dll.
Reference
error message: The operation completed successfully. .


< End of report >
 
Download TDSSKiller and save it to your desktop.
  • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
2011/08/17 19:21:03.0078 4992 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/17 19:21:04.0093 4992 ================================================================================
2011/08/17 19:21:04.0093 4992 SystemInfo:
2011/08/17 19:21:04.0093 4992
2011/08/17 19:21:04.0093 4992 OS Version: 5.1.2600 ServicePack: 3.0
2011/08/17 19:21:04.0093 4992 Product type: Workstation
2011/08/17 19:21:04.0093 4992 ComputerName: RAUL-597EO7NO90
2011/08/17 19:21:04.0093 4992 UserName: Buddy Rich
2011/08/17 19:21:04.0093 4992 Windows directory: C:\WINDOWS
2011/08/17 19:21:04.0093 4992 System windows directory: C:\WINDOWS
2011/08/17 19:21:04.0093 4992 Processor architecture: Intel x86
2011/08/17 19:21:04.0093 4992 Number of processors: 1
2011/08/17 19:21:04.0093 4992 Page size: 0x1000
2011/08/17 19:21:04.0093 4992 Boot type: Normal boot
2011/08/17 19:21:04.0093 4992 ================================================================================
2011/08/17 19:21:05.0906 4992 Initialize success
2011/08/17 19:21:24.0265 5176 ================================================================================
2011/08/17 19:21:24.0265 5176 Scan started
2011/08/17 19:21:24.0265 5176 Mode: Manual;
2011/08/17 19:21:24.0265 5176 ================================================================================
2011/08/17 19:21:25.0421 5176 ac97intc (0f2d66d5f08ebe2f77bb904288dcf6f0) C:\WINDOWS\system32\drivers\ac97intc.sys
2011/08/17 19:21:25.0515 5176 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/08/17 19:21:25.0656 5176 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/08/17 19:21:25.0859 5176 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/08/17 19:21:25.0968 5176 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys
2011/08/17 19:21:26.0046 5176 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/08/17 19:21:26.0937 5176 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/08/17 19:21:27.0015 5176 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/08/17 19:21:27.0343 5176 ati2mtag (956c7ec3a9de96f785b829beb41e3c3e) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/08/17 19:21:27.0625 5176 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/08/17 19:21:27.0781 5176 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/08/17 19:21:27.0921 5176 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
2011/08/17 19:21:28.0015 5176 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
2011/08/17 19:21:28.0109 5176 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\WINDOWS\system32\DRIVERS\avipbb.sys
2011/08/17 19:21:28.0234 5176 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/08/17 19:21:28.0593 5176 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/08/17 19:21:28.0781 5176 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/08/17 19:21:28.0859 5176 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/08/17 19:21:28.0968 5176 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/08/17 19:21:29.0593 5176 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/08/17 19:21:29.0750 5176 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/08/17 19:21:29.0906 5176 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/08/17 19:21:30.0000 5176 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/08/17 19:21:30.0125 5176 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/08/17 19:21:30.0375 5176 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/08/17 19:21:30.0453 5176 E100B (3fca03cbca11269f973b70fa483c88ef) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2011/08/17 19:21:30.0609 5176 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/08/17 19:21:30.0734 5176 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/08/17 19:21:30.0812 5176 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/08/17 19:21:30.0890 5176 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/08/17 19:21:31.0078 5176 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/08/17 19:21:31.0203 5176 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/08/17 19:21:31.0296 5176 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/08/17 19:21:31.0390 5176 gameenum (065639773d8b03f33577f6cdaea21063) C:\WINDOWS\system32\DRIVERS\gameenum.sys
2011/08/17 19:21:31.0500 5176 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/08/17 19:21:31.0609 5176 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/08/17 19:21:31.0734 5176 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/08/17 19:21:31.0937 5176 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/08/17 19:21:32.0187 5176 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/08/17 19:21:32.0281 5176 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/08/17 19:21:32.0453 5176 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/08/17 19:21:32.0593 5176 ip6fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/08/17 19:21:32.0671 5176 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/08/17 19:21:32.0750 5176 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/08/17 19:21:32.0906 5176 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/08/17 19:21:33.0046 5176 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/08/17 19:21:33.0187 5176 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/08/17 19:21:33.0296 5176 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/08/17 19:21:33.0406 5176 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/08/17 19:21:33.0515 5176 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/08/17 19:21:33.0625 5176 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/08/17 19:21:33.0968 5176 ltmodem5 (fa2ed4a054360f3f873c15420f1f19cc) C:\WINDOWS\system32\DRIVERS\ltmdmnt.sys
2011/08/17 19:21:34.0125 5176 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\WINDOWS\system32\drivers\mbam.sys
2011/08/17 19:21:34.0281 5176 MBAMSwissArmy (b18225739ed9caa83ba2df966e9f43e8) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2011/08/17 19:21:34.0531 5176 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/08/17 19:21:34.0640 5176 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/08/17 19:21:34.0734 5176 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/08/17 19:21:34.0859 5176 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/08/17 19:21:34.0937 5176 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/08/17 19:21:35.0109 5176 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/08/17 19:21:35.0250 5176 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/08/17 19:21:35.0375 5176 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/08/17 19:21:35.0468 5176 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/08/17 19:21:35.0578 5176 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/08/17 19:21:35.0656 5176 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/08/17 19:21:35.0734 5176 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/08/17 19:21:35.0859 5176 ms_mpu401 (ca3e22598f411199adc2dfee76cd0ae0) C:\WINDOWS\system32\drivers\msmpu401.sys
2011/08/17 19:21:35.0984 5176 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
2011/08/17 19:21:36.0093 5176 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/08/17 19:21:36.0203 5176 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/08/17 19:21:36.0343 5176 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/08/17 19:21:36.0421 5176 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/08/17 19:21:36.0500 5176 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/08/17 19:21:36.0593 5176 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/08/17 19:21:36.0703 5176 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/08/17 19:21:36.0890 5176 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/08/17 19:21:37.0031 5176 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/08/17 19:21:37.0187 5176 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/08/17 19:21:37.0390 5176 nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/08/17 19:21:37.0593 5176 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/08/17 19:21:37.0687 5176 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/08/17 19:21:37.0843 5176 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/08/17 19:21:37.0953 5176 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/08/17 19:21:38.0062 5176 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/08/17 19:21:38.0171 5176 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/08/17 19:21:38.0437 5176 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/08/17 19:21:39.0062 5176 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/08/17 19:21:39.0156 5176 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/08/17 19:21:39.0250 5176 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/08/17 19:21:39.0343 5176 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/08/17 19:21:39.0468 5176 PxHelp20 (e42e3433dbb4cffe8fdd91eab29aea8e) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/08/17 19:21:39.0921 5176 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/08/17 19:21:40.0015 5176 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/08/17 19:21:40.0140 5176 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/08/17 19:21:40.0187 5176 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/08/17 19:21:40.0281 5176 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/08/17 19:21:40.0390 5176 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/08/17 19:21:40.0531 5176 RDPWD (fc105dd312ed64eb66bff111e8ec6eac) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/08/17 19:21:40.0671 5176 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/08/17 19:21:40.0921 5176 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/08/17 19:21:41.0062 5176 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/08/17 19:21:41.0125 5176 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/08/17 19:21:41.0250 5176 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/08/17 19:21:41.0500 5176 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/08/17 19:21:41.0609 5176 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/08/17 19:21:41.0750 5176 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/08/17 19:21:41.0906 5176 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
2011/08/17 19:21:42.0015 5176 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/08/17 19:21:42.0078 5176 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/08/17 19:21:42.0437 5176 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/08/17 19:21:42.0609 5176 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/08/17 19:21:42.0718 5176 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/08/17 19:21:42.0812 5176 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/08/17 19:21:42.0906 5176 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/08/17 19:21:43.0125 5176 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/08/17 19:21:43.0312 5176 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/08/17 19:21:43.0484 5176 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/08/17 19:21:43.0546 5176 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/08/17 19:21:43.0625 5176 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/08/17 19:21:43.0718 5176 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/08/17 19:21:43.0796 5176 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/08/17 19:21:43.0906 5176 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/08/17 19:21:43.0984 5176 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/08/17 19:21:44.0109 5176 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/08/17 19:21:44.0265 5176 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/08/17 19:21:44.0421 5176 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/08/17 19:21:44.0796 5176 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/08/17 19:21:44.0906 5176 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/08/17 19:21:45.0046 5176 MBR (0x1B8) (cdac57608c39097805c8c958f1f73d97) \Device\Harddisk0\DR0
2011/08/17 19:21:45.0093 5176 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.a (0)
2011/08/17 19:21:45.0125 5176 Boot (0x1200) (16abaf7d661f45c9049fcb0ee7850104) \Device\Harddisk0\DR0\Partition0
2011/08/17 19:21:45.0171 5176 ================================================================================
2011/08/17 19:21:45.0171 5176 Scan finished
2011/08/17 19:21:45.0171 5176 ================================================================================
2011/08/17 19:21:45.0218 4952 Detected object count: 1
2011/08/17 19:21:45.0218 4952 Actual detected object count: 1
2011/08/17 19:22:08.0640 4952 \Device\Harddisk0\DR0 (Rootkit.Boot.Pihar.a) - will be cured after reboot
2011/08/17 19:22:08.0640 4952 \Device\Harddisk0\DR0 - ok
2011/08/17 19:22:08.0640 4952 Rootkit.Boot.Pihar.a(\Device\Harddisk0\DR0) - User select action: Cure
2011/08/17 19:22:48.0921 1936 Deinitialize success
 
ComboFix 11-08-17.03 - Buddy Rich 08/17/2011 23:14:44.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.512.278 [GMT -7:00]
Running from: c:\documents and settings\Buddy Rich\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\LocalService\Application Data\02000000ee67bfa11406C.manifest
c:\documents and settings\LocalService\Application Data\02000000ee67bfa11406O.manifest
c:\documents and settings\LocalService\Application Data\02000000ee67bfa11406P.manifest
c:\documents and settings\LocalService\Application Data\02000000ee67bfa11406S.manifest
c:\program files\messenger\msmsgsin.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-18 to 2011-08-18 )))))))))))))))))))))))))))))))
.
.
2011-08-18 05:20 . 2011-08-18 05:20 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-17 15:23 . 2011-08-17 15:23 331776 ----a-w- c:\windows\system32\atkctrs32.dll
2011-08-15 23:56 . 2011-08-16 00:17 -------- d-----w- c:\windows\system32\NtmsData
2011-08-15 23:50 . 2011-08-15 23:50 -------- d-----w- c:\documents and settings\Buddy Rich\Application Data\Avira
2011-08-15 23:48 . 2011-07-21 19:15 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-08-15 23:48 . 2010-06-17 22:27 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2011-08-15 23:48 . 2011-07-21 19:15 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-08-15 23:48 . 2010-06-17 22:27 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2011-08-15 23:48 . 2011-08-15 23:48 -------- d-----w- c:\program files\Avira
2011-08-15 23:48 . 2011-08-15 23:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2011-08-15 14:06 . 2011-08-15 14:06 715776 ----a-w- c:\windows\system32\atkctrs32.exe
2011-08-15 14:06 . 2011-08-15 14:06 157184 ----a-w- c:\windows\system32\netevent32.dll
2011-08-15 14:06 . 2011-08-15 14:06 715776 ----a-w- c:\windows\system32\kbdtat32.exe
2011-08-11 04:38 . 2011-06-24 14:10 139656 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2011-08-11 04:38 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2011-08-03 10:21 . 2011-08-03 10:21 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-08-03 10:16 . 2011-08-03 10:21 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\Temp
2011-08-03 10:16 . 2011-08-03 10:16 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-08-03 10:15 . 2011-08-03 10:20 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\Google
2011-08-03 10:15 . 2011-08-03 10:17 -------- d-----w- c:\program files\Google
2011-08-02 08:18 . 2011-08-02 08:18 -------- d-----w- c:\program files\Amazon
2011-07-31 06:31 . 2011-08-15 23:40 -------- d-----w- c:\program files\Project64 1.6
2011-07-24 01:43 . 2011-07-24 01:43 -------- d-----w- c:\program files\Enigma Software Group
2011-07-23 08:30 . 2011-07-23 08:30 -------- d-----w- c:\documents and settings\Buddy Rich\Application Data\Malwarebytes
2011-07-23 08:29 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-23 08:29 . 2011-07-23 08:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-23 08:29 . 2011-08-03 14:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-23 08:29 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-23 08:06 . 2011-07-23 08:27 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-07-23 07:01 . 2010-05-26 18:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2011-07-23 07:01 . 2010-05-26 18:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2011-07-23 07:00 . 2011-08-03 10:23 -------- d-----w- c:\windows\Logs
2011-07-22 23:16 . 2011-07-23 19:04 -------- d-----w- c:\documents and settings\Buddy Rich\Local Settings\Application Data\ApplicationHistory
2011-07-22 06:02 . 2011-07-22 06:02 138056 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-07-22 06:02 . 2011-07-22 06:02 138056 ----a-w- c:\documents and settings\Buddy Rich\Application Data\PnkBstrK.sys
2011-07-22 06:01 . 2011-07-22 06:01 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-07-22 06:01 . 2011-07-22 06:01 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-07-22 06:01 . 2011-07-22 06:01 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-07-22 04:43 . 2011-07-22 04:43 -------- d-----w- c:\windows\system32\URTTEMP
2011-07-22 04:43 . 2005-12-12 04:05 520192 ------w- c:\windows\system32\ati2sgag.exe
2011-07-22 04:42 . 2011-07-22 04:42 -------- d-----w- c:\program files\ATI Technologies
2011-07-22 04:41 . 2011-07-22 04:41 -------- d-----w- c:\program files\Common Files\InstallShield
2011-07-22 04:41 . 2011-07-22 04:41 -------- d-----w- C:\6.5_Win2kXP9250AGPAnd9550AGP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-15 13:29 . 2003-03-31 12:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-08 14:02 . 2003-03-31 12:00 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-06-24 14:10 . 2010-11-12 01:26 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-21 18:45 . 2006-06-23 19:33 832512 ----a-w- c:\windows\system32\wininet.dll
2011-06-21 18:45 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2011-06-21 18:45 . 2003-03-31 12:00 1830912 ------w- c:\windows\system32\inetcpl.cpl
2011-06-21 18:45 . 2003-03-31 12:00 17408 ------w- c:\windows\system32\corpol.dll
2011-06-21 11:47 . 2004-08-04 05:59 389120 ------w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2003-03-31 12:00 293376 ----a-w- c:\windows\system32\winsrv.dll
2011-06-02 14:02 . 2003-03-31 12:00 1858944 ----a-w- c:\windows\system32\win32k.sys
2011-05-31 00:30 . 2011-05-31 00:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-31 00:30 . 2011-05-31 00:30 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-18 05:18 . 2011-05-25 07:03 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-16_06.13.48 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-08-18 02:27 . 2011-08-18 02:27 16384 c:\windows\TEMP\Perflib_Perfdata_3b8.dat
+ 2010-11-13 03:06 . 2011-08-18 00:01 2404 c:\windows\system32\d3d9caps.dat
+ 2011-08-18 05:20 . 2011-08-18 05:20 243360 c:\windows\system32\Macromed\Flash\FlashUtil10v_Plugin.exe
+ 2011-08-18 00:01 . 2011-07-23 08:29 142836 c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
+ 2010-11-12 04:21 . 2011-08-18 05:20 6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb03.exe" [2001-07-05 200704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2010-11-17 274608]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-11-18 421160]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBJAEMAQQBNADEANQAtAEEAWgBZADQAOAAtAFQATAA2AFkAOAAtADkAVQBCAFUAUgAtADcAVABHAFYAUwAtADQARgBTAFUANgA&inst=NwA2AC0ANwA2ADEAMAA1ADgAOAA2ADcALQBQAEwAKwA5AC0ATgAxAEQAKwAxAA&prod=92&ver=9.0.894" [?]
.
c:\documents and settings\Buddy Rich\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Amazon Unbox.lnk - c:\program files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe [2010-9-13 97384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\netevent32.dll
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
.
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/15/2011 4:48 PM 136360]
R2 aspnet_state32;ASP.NET State Service ;c:\windows\system32\kbdtat32.exe [8/15/2011 7:06 AM 715776]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [7/23/2011 1:29 AM 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [7/23/2011 1:29 AM 22712]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2011 3:16 AM 136176]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [8/3/2011 3:16 AM 136176]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 19:50]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 10:15]
.
2011-08-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-03 10:15]
.
2011-08-18 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2000478354-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
2011-08-18 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2000478354-688789844-725345543-1004.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-11-05 19:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 8.5.244.5 8.15.12.6 192.168.1.1
FF - ProfilePath - c:\documents and settings\Buddy Rich\Application Data\Mozilla\Firefox\Profiles\khu7bv1a.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-17 23:25
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(616)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2011-08-17 23:29:22
ComboFix-quarantined-files.txt 2011-08-18 06:29
.
Pre-Run: 20,076,130,304 bytes free
Post-Run: 20,108,996,608 bytes free
.
- - End Of File - - E2203A8D55E81EECFAA5E35BD49EB553
 
Let's reset your router...

Go Start>Run (Start search in Vista), type in:
cmd
Click OK (Vista and Windows 7 users: while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Turn the computer off.

On your router, you'll find a pinhole marked "Reset".
Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
NOTE. Simple router disconnecting from a power source will NOT do.
Restart computer and check for redirections.

NOTE. You may need to re-check your router security settings, as described HERE
 
Well I don't know what happened but this morning my computer would not let me get to my home screen(the screen would go blank and stay there after the HP loading screen. I just decided to format my hard-drive and start off new. I reset my router just in case like you said so it would not infect my new start-up. I really appreciated you taking the time to help me. Thank you
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
797
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back