Solved Google Redirects and unauthorized attempts to connect to Sites, Vista

Status
Not open for further replies.
Good news :)

Finally went through after deleting some PEV.cxxe file that avast detected as suspicious rootkit
Click to expand...
Never do anything else, but what I ask you to do.
The above file is Combofix file.

Please, re-run OTL "Quick scan" and post the log.
 
OTL logfile created on: 11/3/2010 12:41:26 PM - Run 4
OTL by OldTimer - Version 3.2.17.2 Folder = C:\Users\WulfTop\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 35.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 63.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 111.79 Gb Total Space | 16.17 Gb Free Space | 14.47% Space Free | Partition Type: NTFS

Computer Name: WULFTOP | User Name: WulfTop | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
PRC - [2010/11/03 08:25:22 | 002,245,576 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfpupdat.exe
PRC - [2010/10/29 10:53:30 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/10/29 10:53:29 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
PRC - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
PRC - [2010/02/07 22:27:23 | 001,800,464 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
PRC - [2009/11/08 23:17:50 | 000,180,224 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE
PRC - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009/02/11 17:38:38 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe
PRC - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/01/18 23:33:12 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iashost.exe
PRC - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) -- C:\Program Files\FolderSize\FolderSizeSvc.exe
PRC - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
MOD - [2010/04/05 11:04:25 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcr80.dll
MOD - [2010/02/07 22:56:03 | 000,171,552 | ---- | M] (COMODO) -- C:\Windows\System32\guard32.dll
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetPipeActivator)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetMsmqActivator)
SRV - [2010/02/07 22:27:26 | 000,723,632 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe -- (cmdAgent)
SRV - [2009/09/29 10:17:50 | 000,013,088 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/02/11 17:38:40 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008/10/17 16:32:50 | 000,185,624 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\Inquisitor\InquisitorService.exe -- (InquisitorService)
SRV - [2008/10/15 14:32:16 | 000,589,592 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2008/08/14 13:39:56 | 000,809,296 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2008/01/18 23:38:26 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/14 22:46:00 | 000,131,072 | ---- | M] (Brio) [Auto | Running] -- C:\Program Files\FolderSize\FolderSizeSvc.exe -- (FolderSize)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2006/10/05 11:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTSTOR.SYS -- (RTSTOR)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\motodrv.sys -- (MotDev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\WulfTop\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:30 | 000,050,768 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/08/25 15:41:36 | 000,263,272 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2010/02/07 22:27:27 | 000,130,960 | ---- | M] (COMODO) [File_System | System | Running] -- C:\Windows\System32\drivers\cmdguard.sys -- (cmdGuard)
DRV - [2010/02/07 22:27:27 | 000,074,328 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\inspect.sys -- (Inspect)
DRV - [2010/02/07 22:27:27 | 000,029,520 | ---- | M] (COMODO) [Kernel | System | Running] -- C:\Windows\System32\drivers\cmdhlp.sys -- (cmdHlp)
DRV - [2009/11/08 23:21:18 | 000,059,388 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2009/04/11 00:42:52 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WINUSB)
DRV - [2009/02/26 12:39:50 | 004,569,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2009/02/11 17:11:50 | 000,329,752 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\iaStor.sys -- (iaStor)
DRV - [2008/02/29 03:13:24 | 000,036,880 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2008/02/29 03:13:16 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2007/09/21 04:11:02 | 000,028,432 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2007/05/24 19:13:12 | 000,251,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rtl8187B.sys -- (RTL8187B)
DRV - [2007/04/26 20:38:40 | 000,186,680 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/01/30 16:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2006/11/08 17:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/02 05:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 05:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 05:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 05:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 05:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 05:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 05:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 05:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 05:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 05:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 05:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 05:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 05:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 05:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 05:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 05:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 05:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 05:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 05:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 03:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 46 3E 08 EC 71 CA 01 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: hidecaptionplus-dp@dummy.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: nosquint@urandom.ca:2.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.73
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.4
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.2
FF - prefs.js..extensions.enabledItems: {ee56ecf0-6e7a-479a-8162-e123a991c7e7}:0.4.6
FF - prefs.js..extensions.enabledItems: CompactMenuCE@Merci.chao:4.3.2
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.3
FF - prefs.js..extensions.enabledItems: {3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}:0.9.6
FF - prefs.js..extensions.enabledItems: tabsontop-darthpalpatine@dummy.addons.mozilla.org:1.4.4
FF - prefs.js..extensions.enabledItems: fatcash@fatwallet.com:1.24.157
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://www.google.com/search?btnG=Google+Search&q="
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/01 00:55:39 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/11/01 22:28:42 | 000,000,000 | ---D | M]

[2008/06/19 12:16:19 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Extensions
[2010/11/02 21:50:49 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions
[2009/09/28 20:43:20 | 000,000,000 | ---D | M] (Hide Caption) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{002349F5-59AB-4fdc-8329-BF4248243C95}
[2010/10/29 10:55:41 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010/10/25 23:26:15 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/05/05 12:21:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/07 23:07:08 | 000,000,000 | ---D | M] (Forecastbar Enhanced) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{3CE993BF-A3D9-4fd2-B3B6-768CBBC337F8}
[2010/08/28 16:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/08/28 16:40:51 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/10/24 10:36:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010/04/09 19:56:00 | 000,000,000 | ---D | M] (autoHideStatusbar) -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\{ee56ecf0-6e7a-479a-8162-e123a991c7e7}
[2009/01/14 13:18:08 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\betteryoutube@ginatrapani.org
[2010/04/09 19:49:36 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\CompactMenuCE@Merci.chao
[2010/11/02 23:20:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\fatcash@fatwallet.com
[2010/10/04 12:36:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com
[2010/08/31 17:13:33 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxyproxy@eric.h.jung
[2010/10/25 23:26:16 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\hidecaptionplus-dp@dummy.addons.mozilla.org
[2009/11/05 16:34:48 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\nosquint@urandom.ca
[2010/06/13 14:13:02 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\tabsontop-darthpalpatine@dummy.addons.mozilla.org
[2010/02/06 23:56:01 | 000,002,234 | ---- | M] () -- C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\searchplugins\askcom.xml
[2010/11/02 21:50:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/01 22:28:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2010/11/01 22:28:30 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/07/02 17:20:46 | 000,069,632 | ---- | M] ( ) -- C:\Program Files\Mozilla Firefox\plugins\npijjiFFPlugin1.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2007/03/05 14:59:06 | 000,645,504 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

O1 HOSTS File: ([2010/10/30 01:42:02 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Yahoo! Inquisitor for IE) - {5A263CF7-56A6-4D68-A8CF-345BE45BC911} - C:\Program Files\Yahoo!\Inquisitor\Inquisitor_IE.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra 'Tools' menuitem : Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Users\WulfTop\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O20 - AppInit_DLLs: (C:\Windows\System32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
O24 - Desktop BackupWallPaper: C:\Users\WulfTop\Documents\Gunz\Emblem\20071207171911102687.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/12/14 11:07:20 | 000,048,130 | ---- | M] () - C:\autoruns.chm -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,599,080 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autoruns.exe -- [ NTFS ]
O32 - AutoRun File - [2008/01/09 16:32:44 | 000,504,872 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/03 12:40:38 | 000,576,000 | ---- | C] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
[2010/11/03 08:39:18 | 000,165,584 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2010/11/03 08:39:18 | 000,017,744 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2010/11/03 08:39:17 | 000,046,672 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2010/11/03 08:39:17 | 000,023,376 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr.sys
[2010/11/03 08:39:15 | 000,050,768 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2010/11/03 08:38:48 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/11/03 08:38:47 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2010/11/03 08:25:34 | 002,085,832 | ---- | C] (COMODO) -- C:\Users\WulfTop\Desktop\cispremium_installer.exe
[2010/11/03 08:13:16 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/11/03 08:13:16 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\temp
[2010/11/03 08:11:42 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/11/03 07:51:35 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/11/02 23:30:22 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\WulfTop\Desktop\TDSSKiller.exe
[2010/11/01 22:42:03 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/30 01:22:40 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 01:22:40 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 01:22:40 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/10/30 01:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/10/30 01:21:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/23 12:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\eMule
[2010/10/23 10:46:08 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\eMule
[2010/10/23 10:46:05 | 000,000,000 | ---D | C] -- C:\Program Files\eMule
[2010/10/22 03:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187 Wireless LAN Driver
[2010/10/20 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Local\Microsoft Game Studios
[2010/10/20 11:57:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Games
[2010/10/20 11:55:40 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\Microsoft Game Studios
[2010/10/19 21:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Windows Genuine Advantage
[2010/10/12 11:17:06 | 000,263,272 | ---- | C] (Realtek ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2010/10/12 10:59:22 | 000,526,184 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XceedCry.dll
[2010/10/12 10:59:22 | 000,456,536 | ---- | C] (Xceed Software Inc (450) 442-2626 support@xceedsoft.com www.xceedsoft.com) -- C:\Windows\System32\XCEEDZIP.DLL
[2010/10/12 10:59:21 | 000,000,000 | ---D | C] -- C:\Program Files\Driver Magician
[2010/10/12 10:43:49 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
[2010/10/12 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Documents\DriverGenius
[2010/10/12 10:14:41 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2010/10/12 09:12:54 | 000,000,000 | ---D | C] -- C:\dell
[2010/10/08 15:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\REALTEK RTL8187B Wireless LAN Driver
[2010/10/08 15:22:52 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\AppData\Roaming\InstallShield
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System32\drivers\RTL85n86.sys
[2010/10/08 14:33:22 | 000,361,472 | ---- | C] (Realtek) -- C:\Windows\System\RTL85n86.sys
[2010/10/08 14:33:18 | 000,025,896 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\drivers\RtlProt.sys
[2010/10/08 14:33:17 | 000,000,000 | ---D | C] -- C:\Windows\System32\REALTEK RTL8185 Wireless LAN Driver and Utility
[2010/10/08 00:20:44 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{cea92844-0dbf-4f09-a038-2dc1383c5570}
[2010/10/07 22:57:39 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\BACKUP STUFF
[2010/10/07 22:57:00 | 000,000,000 | ---D | C] -- C:\Program Files\MozBackup
[2010/10/07 17:56:47 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\{8517c860-6671-4a8c-8483-66ad267c2024}
[2010/10/07 00:42:27 | 000,000,000 | ---D | C] -- C:\Users\WulfTop\Desktop\ROOT STUFF
[2010/10/07 00:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Samsung
[2008/06/20 15:12:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\WulfTop\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2010/11/03 12:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/11/03 12:40:40 | 000,576,000 | ---- | M] (OldTimer Tools) -- C:\Users\WulfTop\Desktop\OTL.exe
[2010/11/03 08:39:18 | 000,001,881 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/03 08:39:15 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2010/11/03 08:38:59 | 000,655,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/03 08:38:59 | 000,124,218 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/03 08:32:26 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2010/11/03 08:32:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/03 08:31:03 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/03 08:25:33 | 002,085,832 | ---- | M] (COMODO) -- C:\Users\WulfTop\Desktop\cispremium_installer.exe
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp06
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp04
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp03
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp02
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\svctdss
[2010/11/03 07:44:12 | 000,000,178 | ---- | M] () -- C:\Windows\System32\WareOut00
[2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Zlob01
[2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\WareOut01
[2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\katchNT-OS
[2010/11/03 00:13:08 | 311,265,581 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/02 23:52:31 | 003,899,533 | R--- | M] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
[2010/11/02 23:25:21 | 000,133,632 | ---- | M] () -- C:\Users\WulfTop\Desktop\RKUnhookerLE.EXE
[2010/11/02 18:01:48 | 000,000,973 | ---- | M] () -- C:\Users\WulfTop\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2010/11/02 18:01:33 | 000,000,034 | ---- | M] () -- C:\Windows\System32\BD2140.DAT
[2010/11/02 02:08:46 | 000,086,528 | ---- | M] () -- C:\Windows\MBR.exe
[2010/11/01 18:18:36 | 000,383,080 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/10/30 01:42:02 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 11:19:21 | 000,585,997 | ---- | M] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
[2010/10/26 11:30:08 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\WulfTop\Desktop\TDSSKiller.exe
[2010/10/25 23:22:52 | 000,000,875 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20101025-232443.backup
[2010/10/25 23:17:45 | 000,050,860 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/13 20:25:05 | 000,162,304 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/11 00:19:09 | 000,001,356 | ---- | M] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/10/11 00:09:22 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/10/08 09:47:50 | 000,035,342 | ---- | M] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
[2010/10/04 17:50:27 | 000,072,329 | ---- | M] () -- C:\Users\WulfTop\Documents\sq.wma

========== Files Created - No Company Name ==========

[2010/11/03 08:39:18 | 000,001,881 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp06
[2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp04
[2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp03
[2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\temp02
[2010/11/03 07:44:13 | 000,000,000 | ---- | C] () -- C:\Windows\System32\svctdss
[2010/11/03 07:44:12 | 000,000,178 | ---- | C] () -- C:\Windows\System32\WareOut00
[2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\Zlob01
[2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\WareOut01
[2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\katchNT-OS
[2010/11/02 23:52:26 | 003,899,533 | R--- | C] () -- C:\Users\WulfTop\Desktop\ComboFix.exe
[2010/11/02 23:25:21 | 000,133,632 | ---- | C] () -- C:\Users\WulfTop\Desktop\RKUnhookerLE.EXE
[2010/10/30 01:22:40 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 01:22:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 01:22:40 | 000,086,528 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 01:22:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 01:22:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 11:19:20 | 000,585,997 | ---- | C] () -- C:\Users\WulfTop\Desktop\mir_103010.pdf
[2010/10/26 15:37:57 | 311,265,581 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/25 23:17:41 | 000,050,860 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101025_231738.reg
[2010/10/24 16:50:40 | 000,000,408 | -H-- | C] () -- C:\Windows\tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job
[2010/10/12 11:17:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/10/12 10:59:22 | 000,110,602 | ---- | C] () -- C:\Windows\System32\xcdsfx32.bin
[2010/10/08 09:47:47 | 000,035,342 | ---- | C] () -- C:\Users\WulfTop\Documents\cc_20101008_094740.reg
[2010/10/04 22:14:20 | 000,000,025 | ---- | C] () -- C:\Users\WulfTop\EPIC accesories.txt
[2010/10/04 17:50:26 | 000,072,329 | ---- | C] () -- C:\Users\WulfTop\Documents\sq.wma
[2010/10/04 16:38:53 | 000,000,053 | ---- | C] () -- C:\Users\WulfTop\SPRINT EPIC.txt
[2010/09/27 23:03:16 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/08/15 14:11:22 | 000,000,426 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010/07/02 13:04:10 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2010/03/16 15:46:28 | 000,000,036 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\housecall.guid.cache
[2010/03/16 10:32:08 | 000,301,640 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\farm.bmp
[2010/03/16 10:19:25 | 000,030,595 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\settings.dat
[2010/01/02 16:45:33 | 000,691,592 | ---- | C] () -- C:\Windows\System32\OGACheckControl.DLL
[2009/10/21 15:48:34 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/04/08 08:04:53 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\PUTTY.RND
[2009/04/07 23:21:00 | 000,000,600 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\winscp.rnd
[2009/02/26 09:12:56 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/12/13 14:18:44 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\5EE0EC2705.dll
[2008/11/07 20:41:56 | 000,000,383 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2008/06/20 21:35:37 | 000,000,540 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\AutoGK.ini
[2008/06/20 15:15:38 | 000,000,668 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\vso_ts_preview.xml
[2008/06/20 15:14:07 | 000,000,034 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.log
[2008/06/20 15:12:38 | 000,007,887 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.cat
[2008/06/20 15:12:26 | 000,001,144 | ---- | C] () -- C:\Users\WulfTop\AppData\Roaming\pcouffin.inf
[2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2008/01/02 16:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/01/02 16:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/01/02 16:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2007/12/27 21:48:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2007/12/27 21:34:36 | 000,162,304 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/12/26 23:37:14 | 000,000,031 | ---- | C] () -- C:\Windows\GunzLauncher.INI
[2007/12/26 21:00:33 | 000,001,356 | ---- | C] () -- C:\Users\WulfTop\AppData\Local\d3d9caps.dat
[2007/10/18 10:12:20 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1350.dll
[2007/10/18 10:03:58 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2007/07/25 09:24:28 | 001,559,040 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2007/03/10 07:51:48 | 000,282,624 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/08/16 10:13:34 | 001,382,280 | ---- | C] () -- C:\Windows\System32\fftw3.dll
[2006/03/09 13:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2002/10/15 18:54:04 | 000,153,088 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\Windows\System32\OggDS.dll
[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\Windows\System32\vorbisenc.dll
[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\Windows\System32\vorbis.dll
[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\ogg.dll

========== LOP Check ==========

[2010/01/16 10:11:44 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\abgx360
[2010/01/18 00:04:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\cYo
[2008/12/27 00:37:43 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\DAEMON Tools
[2010/08/31 17:06:54 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\FrostWire
[2010/02/15 23:41:29 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Galactic Magnate
[2010/10/12 10:46:51 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\GetRightToGo
[2007/12/26 23:27:54 | 000,000,000 | -H-D | M] -- C:\Users\WulfTop\AppData\Roaming\ijjigame
[2009/02/12 15:45:07 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\ImgBurn
[2010/01/02 16:59:18 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\My ClickOnce Applications
[2010/06/08 20:59:56 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Opera
[2008/06/20 13:12:17 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Publish Providers
[2010/08/29 23:09:35 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SanDisk
[2008/06/20 13:11:27 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Sony
[2010/09/27 22:38:01 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\SystemRequirementsLab
[2010/10/30 00:40:58 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\uTorrent
[2008/06/20 14:57:24 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\VideoReDo-TVSuite
[2008/06/20 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\WulfTop\AppData\Roaming\Vso
[2010/11/03 08:31:05 | 000,032,654 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/03 12:47:00 | 000,000,422 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{2CD5E54C-4FA3-45DF-A73E-DA2DA128980B}.job
[2010/10/24 16:50:40 | 000,000,408 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{DD8CDFA0-23E3-41C6-8DBC-401A227904AC}.job

========== Purity Check ==========



< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=14196&l=dis
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp06
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp04
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp03
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\temp02
[2010/11/03 07:44:13 | 000,000,000 | ---- | M] () -- C:\Windows\System32\svctdss
[2010/11/03 07:44:12 | 000,000,178 | ---- | M] () -- C:\Windows\System32\WareOut00
[2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\Zlob01
[2010/11/03 07:44:12 | 000,000,000 | ---- | M] () -- C:\Windows\System32\WareOut01
[2010/11/03 07:44:12 | 000,000,000 | ---- | C] () -- C:\Windows\System32\katchNT-OS


:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

======================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Here is the OTL scan with the fix:

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
C:\Windows\System32\temp06 moved successfully.
C:\Windows\System32\temp04 moved successfully.
C:\Windows\System32\temp03 moved successfully.
C:\Windows\System32\temp02 moved successfully.
C:\Windows\System32\svctdss moved successfully.
C:\Windows\System32\WareOut00 moved successfully.
C:\Windows\System32\Zlob01 moved successfully.
C:\Windows\System32\WareOut01 moved successfully.
C:\Windows\System32\katchNT-OS moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: demianwulf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: WulfTop
->Temp folder emptied: 58425443 bytes
->Temporary Internet Files folder emptied: 177143 bytes
->Java cache emptied: 238626 bytes
->FireFox cache emptied: 102577438 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 600896 bytes
->Flash cache emptied: 9707 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 77732 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 155.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: demianwulf
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: WulfTop
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.17.2 log created on 11032010_131820

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
Here is the Security Check log:
Results of screen317's Security Check version 0.99.5
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
avast! Free Antivirus
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 22
Out of date Java installed!
Adobe Flash Player 10.1.85.3
Adobe Reader 8.2.5
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Spybot Teatimer.exe is disabled!
Comodo Firewall cmdagent.exe
Comodo Firewall cfp.exe
Alwil Software Avast5 AvastSvc.exe
Alwil Software Avast5 AvastUI.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````
 
Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions.
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or other garbage.
On this page:

FoxitReaderInstallation.png


make sure, you have both boxes UN-checked AND (important!) click on Decline button
 
Finished the online scan lots of stuff, but nothing of which I don't mind deleting.

C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js Win32/Agent.RQD.Gen trojan
C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar probably a variant of Win32/Agent.FQURCOM trojan
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI.rar a variant of Win32/Keygen.AR application
C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguage.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip probably a variant of Win32/Agent.FQURCOM trojan
C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguage.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip probably a variant of Win32/Agent.FQURCOM trojan
C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_QuickTime_Pro_v7.60.92.zip a variant of Win32/Keygen.AR application
C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip a variant of Win32/Keygen.AF application
C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso probably a variant of Win32/Genetik trojan
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\di-sppkf.zip a variant of Win32/Keygen.AR application
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FIXED.READ.NFO-DI\Keygen.exe a variant of Win32/Keygen.AR application
C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Keygen.And.Patch.WORKING-DI\crack\Keygen.exe a variant of Win32/Keygen.AR application
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe probably a variant of Win32/TrojanClicker.Agent.NJPIQCF trojan
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe Win32/Agent.QTP trojan
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip a variant of Win32/Keygen.AS application
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe a variant of Win32/Keygen.AS application
C:\Windows\txagent.exe probably a variant of Win32/TrojanClicker.Agent.NJPIQCF trojan
 
I assume, that by now, you realize where your infections come from?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL

:Services

:Reg

:Files
C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js 
C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar 
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI.rar 
C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip 
C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip 
C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_Qui ckTime_Pro_v7.60.92.zip 
C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip 
C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso 
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\di-sppkf.zip 
C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\Keygen.exe 
C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Ke ygen.And.Patch.WORKING-DI\crack\Keygen.exe 
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe 
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe 
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip 
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe 
C:\Windows\txagent.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how is your computer doing.
 
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Users\WulfTop\AppData\Roaming\Mozilla\Firefox\Profiles\xivfcrut.default\extensions\foxmarks@kei.com\defaults\preferences\prefs.js moved successfully.
C:\Users\WulfTop\Documents\Downloads\Kraize's Bundle.rar moved successfully.
File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI.rar not found.
File\Folder C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM5.WM6.Incl.Keygen-SyMPDA\sym-3000.zip not found.
File\Folder C:\Users\WulfTop\Documents\Downloads\1209\CooTek.TouchPal.v3.5.Multilanguag e.XScale.WM6.1.Incl.Keygen-SyMPDA\sym-3001.zip not found.
File\Folder C:\Users\WulfTop\Documents\Downloads\Apple_QuickTime_Pro_v7.60.92\Apple_Qui ckTime_Pro_v7.60.92.zip not found.
C:\Users\WulfTop\Documents\Downloads\Karaoke kit\Power CD G To iPod Converter v1.0.21.zip moved successfully.
C:\Users\WulfTop\Documents\Downloads\PC DJ Master Suite 5 in 1\PCDJ.iso moved successfully.
File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\di-sppkf.zip not found.
File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Products.Keygen.and.Patch.Only.FI XED.READ.NFO-DI\Keygen.exe not found.
File\Folder C:\Users\WulfTop\Documents\Downloads\Sony.Vegas.Pro.v8.0b.Build.217.Incl.Ke ygen.And.Patch.WORKING-DI\crack\Keygen.exe not found.
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\setup.exe moved successfully.
C:\Users\WulfTop\Downloads\TurboTax 2009 Home & Business + eFile\taxhost.exe moved successfully.
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\VSO.ConvertXtoDVD.v3.1.0.26.Incl.Keygen-BRD.zip moved successfully.
C:\Users\WulfTop\Downloads\VSO ConvertXtoDVD 3.1.0.26\KeyGen-BRD\Keygen.exe moved successfully.
C:\Windows\txagent.exe moved successfully.

OTL by OldTimer - Version 3.2.17.2 log created on 11042010_003810
 
Ran the fix twice because the first time a log didn't pop up so I ran it again just to be sure....

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: demianwulf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: WulfTop
->Temp folder emptied: 50906 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 58451474 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 2890 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 97360 bytes

Total Files Cleaned = 56.00 mb


[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default

User: Default User

User: demianwulf
->Flash cache emptied: 0 bytes

User: Guest
->Flash cache emptied: 0 bytes

User: Public

User: WulfTop
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb



OTL by OldTimer - Version 3.2.17.2 log created on 11042010_004933

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...
 
I'm running and installing everything else in #2 like you mentioned. Computer is running like its back to normal. I'll definitely keep up to date with scans and updates after this because I wouldn't want to lose data from week to week as I only backup every so often. Thanks for all the help if I don't hear back from you, I really appreciate it.
 
I guess I'm done....right? I added WOT to firefox, got foxit reader and got rid of adobe, added Secunia PSI. Everything is looking good, no redirects, no random shutoffs, and I can surf the internet.
 
Status
Not open for further replies.

Similar threads

liltxkg
Inactive Cleanup Help - File Explorer Freezing
Replies
6
Views
2K
Broni
Broni
S
  • Locked
Inactive Please help: Infected-or-not?
Replies
2
Views
3K
Broni
Broni
B
Solved Is this malware and how to remove it? "Received message from unexpected origin : chrome-extension://efaidnbmnnnibpcajpcglclefindmkaj
Replies
6
Views
8K
Broni
Broni

Latest posts

Back