Jump to content

dharmadave

Members
 View Profile  See their activity

  • Posts

    16

  • Joined

  • Last visited

Tech Info

  • Experience
    very_experienced
  • System: windows_vista_home

dharmadave's Achievements

Newbie

Newbie (1/14)

0

Reputation

  1. dharmadave
    PS: However, yes, I did click donate -- and then quit when I realized I didn't remember any of my PayPal info.
  2. dharmadave
    Thanks, guys. The donation acknowledgment included a specific very small amount, which is what really made me wonder: Some clever creep rolling a test and a taunt into one? And yes, I will now go about changing all my passwords, etc. Thanks again!
  3. dharmadave
    Thanks again. I'll perform these final steps shortly. In the meantime, there is something else you may want to know about. (You may want this as a security post.) I received thanks for a donation from you, but I hadn't made one yet. I only just got my PayPal account set up. If your system pulled up a donation I made a few years ago, that's okay -- if not, then I'm going to guess that it's a taunt. It certainly coincides with an unsuccessful (thankfully) attempt at using my credit card to make a $1,295 purchase from Dell Computers, who alerted me. (I then canceled the card, of course. Now I have to wait for my new card, then change my PayPal info before I can do anything else, naturally.) Someone has my full name, address, and telephone number, along with my credit card type and (now defunct) number. Very unsettling!
  4. dharmadave
    Thanks, guys. Not sure if this is it, but it was hiding in C program files. I had looked there initially but missed it. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=e305eff33d798544bea5fbc2ac83128a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-23 11:15:43 # local_time=2011-08-23 07:15:43 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 0 150738723 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=255811 # found=4 # cleaned=4 # scan_time=10147 C:\System Recovery Files\C\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d72d13-7b372180 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Recovery Files\C\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\633e29f8-32f7c512 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d72d13-7b372180 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\633e29f8-32f7c512 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C
  5. dharmadave
    A million thanks, Starbuck! You probably saved me hundreds of dollars in repairs and weeks without my computer. I will certainly make a donation to you and your fellow stalwart volunteers! Java update was no problem. ESET scan took hours, but eventually found and eliminated four threats. For some reason, it did not save the report after I asked it to export to text file. I can tell you that all four threats were labeled as trojans. I wish now that I had simply copied and pasted from the field, but it's too late for that. The good news is all systems are running smoothly and normally.
  6. dharmadave
    Thanks a million, Starbuck! It is finally cured! This one found it, and since rebooting, I am finally able to do regular searches without getting redirected. Free at last! Here's the report: 2011/08/04 12:26:21.0955 0304 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/04 12:26:22.0329 0304 ================================================================================ 2011/08/04 12:26:22.0329 0304 SystemInfo: 2011/08/04 12:26:22.0329 0304 2011/08/04 12:26:22.0329 0304 OS Version: 6.0.6002 ServicePack: 2.0 2011/08/04 12:26:22.0329 0304 Product type: Workstation 2011/08/04 12:26:22.0329 0304 ComputerName: OWNER-PC 2011/08/04 12:26:22.0329 0304 UserName: owner 2011/08/04 12:26:22.0329 0304 Windows directory: C:\Windows 2011/08/04 12:26:22.0329 0304 System windows directory: C:\Windows 2011/08/04 12:26:22.0329 0304 Processor architecture: Intel x86 2011/08/04 12:26:22.0329 0304 Number of processors: 2 2011/08/04 12:26:22.0329 0304 Page size: 0x1000 2011/08/04 12:26:22.0329 0304 Boot type: Normal boot 2011/08/04 12:26:22.0329 0304 ================================================================================ 2011/08/04 12:26:22.0765 0304 Initialize success 2011/08/04 12:26:27.0932 0304 ================================================================================ 2011/08/04 12:26:27.0932 0304 Scan started 2011/08/04 12:26:27.0932 0304 Mode: Manual; 2011/08/04 12:26:27.0932 0304 ================================================================================ 2011/08/04 12:26:32.0581 0304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/08/04 12:26:32.0893 0304 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/08/04 12:26:33.0127 0304 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/08/04 12:26:33.0345 0304 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/08/04 12:26:33.0517 0304 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/08/04 12:26:33.0719 0304 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/08/04 12:26:34.0016 0304 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/08/04 12:26:34.0219 0304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/08/04 12:26:34.0343 0304 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys 2011/08/04 12:26:34.0546 0304 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/08/04 12:26:34.0687 0304 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys 2011/08/04 12:26:34.0827 0304 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/08/04 12:26:35.0077 0304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/04 12:26:35.0264 0304 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/08/04 12:26:35.0389 0304 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/08/04 12:26:35.0545 0304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/04 12:26:35.0763 0304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/08/04 12:26:35.0981 0304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/08/04 12:26:36.0325 0304 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/04 12:26:36.0496 0304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/08/04 12:26:36.0699 0304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/08/04 12:26:36.0886 0304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/08/04 12:26:36.0995 0304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/08/04 12:26:37.0167 0304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/08/04 12:26:37.0323 0304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/08/04 12:26:37.0463 0304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/08/04 12:26:37.0713 0304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/04 12:26:37.0869 0304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/04 12:26:37.0994 0304 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/08/04 12:26:38.0150 0304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/08/04 12:26:38.0275 0304 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys 2011/08/04 12:26:38.0431 0304 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2011/08/04 12:26:38.0587 0304 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/08/04 12:26:38.0711 0304 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/08/04 12:26:38.0867 0304 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/08/04 12:26:39.0055 0304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/08/04 12:26:39.0211 0304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/08/04 12:26:39.0351 0304 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/04 12:26:39.0569 0304 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/08/04 12:26:39.0694 0304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/08/04 12:26:39.0835 0304 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/08/04 12:26:40.0022 0304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/08/04 12:26:40.0131 0304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/08/04 12:26:40.0256 0304 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/04 12:26:40.0396 0304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/08/04 12:26:40.0505 0304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/08/04 12:26:40.0583 0304 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/04 12:26:40.0708 0304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/08/04 12:26:40.0849 0304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/04 12:26:40.0927 0304 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/08/04 12:26:41.0067 0304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/08/04 12:26:41.0239 0304 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/08/04 12:26:41.0410 0304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/04 12:26:41.0519 0304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/08/04 12:26:41.0629 0304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/08/04 12:26:41.0722 0304 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2011/08/04 12:26:41.0847 0304 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/08/04 12:26:42.0019 0304 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys 2011/08/04 12:26:42.0175 0304 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 2011/08/04 12:26:42.0237 0304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/08/04 12:26:42.0346 0304 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/08/04 12:26:42.0533 0304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/04 12:26:42.0627 0304 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/08/04 12:26:42.0752 0304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/08/04 12:26:42.0939 0304 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys 2011/08/04 12:26:43.0111 0304 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys 2011/08/04 12:26:43.0235 0304 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/04 12:26:43.0485 0304 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/08/04 12:26:43.0610 0304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/08/04 12:26:43.0781 0304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/08/04 12:26:43.0922 0304 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/08/04 12:26:44.0078 0304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/04 12:26:44.0203 0304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/08/04 12:26:44.0327 0304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/08/04 12:26:44.0483 0304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/04 12:26:44.0624 0304 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/08/04 12:26:44.0811 0304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/04 12:26:45.0045 0304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/04 12:26:45.0201 0304 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/08/04 12:26:45.0310 0304 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/08/04 12:26:45.0419 0304 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/08/04 12:26:45.0560 0304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/08/04 12:26:45.0716 0304 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys 2011/08/04 12:26:45.0919 0304 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys 2011/08/04 12:26:46.0246 0304 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys 2011/08/04 12:26:47.0198 0304 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/08/04 12:26:47.0369 0304 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys 2011/08/04 12:26:47.0759 0304 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/08/04 12:26:48.0383 0304 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/08/04 12:26:49.0179 0304 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/08/04 12:26:49.0304 0304 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/08/04 12:26:49.0616 0304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/08/04 12:26:49.0975 0304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/04 12:26:50.0146 0304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/04 12:26:50.0271 0304 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys 2011/08/04 12:26:50.0552 0304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/08/04 12:26:50.0895 0304 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/08/04 12:26:51.0191 0304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/04 12:26:51.0535 0304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/08/04 12:26:51.0737 0304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/08/04 12:26:51.0987 0304 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/04 12:26:52.0237 0304 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/04 12:26:52.0393 0304 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/04 12:26:52.0673 0304 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys 2011/08/04 12:26:53.0048 0304 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/08/04 12:26:53.0360 0304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/08/04 12:26:53.0641 0304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/08/04 12:26:53.0859 0304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/04 12:26:54.0046 0304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/04 12:26:54.0202 0304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/08/04 12:26:54.0343 0304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/08/04 12:26:54.0540 0304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/04 12:26:54.0750 0304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/08/04 12:26:54.0870 0304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/08/04 12:26:55.0060 0304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/04 12:26:55.0230 0304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/08/04 12:26:55.0380 0304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/04 12:26:55.0630 0304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/04 12:26:55.0800 0304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/04 12:26:56.0080 0304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/08/04 12:26:56.0320 0304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/04 12:26:56.0580 0304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/04 12:26:56.0860 0304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/08/04 12:26:57.0030 0304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/08/04 12:26:57.0190 0304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/04 12:26:57.0560 0304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/08/04 12:26:57.0800 0304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/08/04 12:26:57.0940 0304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/08/04 12:26:58.0200 0304 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/08/04 12:26:58.0630 0304 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/04 12:26:59.0170 0304 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/08/04 12:26:59.0260 0304 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/08/04 12:26:59.0300 0304 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/08/04 12:26:59.0430 0304 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/08/04 12:26:59.0590 0304 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/04 12:26:59.0750 0304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/08/04 12:26:59.0870 0304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/08/04 12:26:59.0950 0304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/08/04 12:27:00.0100 0304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/08/04 12:27:00.0170 0304 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/08/04 12:27:00.0220 0304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/08/04 12:27:00.0320 0304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/08/04 12:27:00.0505 0304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/04 12:27:00.0693 0304 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/08/04 12:27:00.0863 0304 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys 2011/08/04 12:27:00.0989 0304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/04 12:27:01.0093 0304 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/08/04 12:27:01.0320 0304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/08/04 12:27:01.0477 0304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/04 12:27:01.0649 0304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/04 12:27:01.0782 0304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/04 12:27:01.0910 0304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/04 12:27:02.0041 0304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/04 12:27:02.0184 0304 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/04 12:27:02.0321 0304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/04 12:27:02.0505 0304 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/08/04 12:27:02.0628 0304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/04 12:27:02.0894 0304 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/08/04 12:27:03.0129 0304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/04 12:27:03.0287 0304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/08/04 12:27:03.0405 0304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/04 12:27:03.0536 0304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/08/04 12:27:03.0704 0304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/08/04 12:27:03.0872 0304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/08/04 12:27:04.0366 0304 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2011/08/04 12:27:04.0854 0304 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/04 12:27:05.0154 0304 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/04 12:27:05.0437 0304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/08/04 12:27:06.0008 0304 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/08/04 12:27:06.0360 0304 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/08/04 12:27:06.0888 0304 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/08/04 12:27:07.0277 0304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/08/04 12:27:07.0444 0304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/08/04 12:27:07.0880 0304 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/08/04 12:27:08.0162 0304 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/04 12:27:08.0379 0304 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/04 12:27:08.0924 0304 ssfmonm (3199c2d24366ee02b279f0a065936703) C:\Windows\system32\DRIVERS\ssfmonm.sys 2011/08/04 12:27:09.0300 0304 SSHRMD (44533a8b02355f05015dbeac869c1d91) C:\Windows\system32\Drivers\SSHRMD.SYS 2011/08/04 12:27:09.0511 0304 SSIDRV (22ff2bde8b5362b29778de58b3261514) C:\Windows\system32\Drivers\SSIDRV.SYS 2011/08/04 12:27:09.0878 0304 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys 2011/08/04 12:27:10.0206 0304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/04 12:27:10.0354 0304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/08/04 12:27:10.0977 0304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/08/04 12:27:11.0115 0304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/08/04 12:27:11.0286 0304 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/08/04 12:27:11.0567 0304 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/04 12:27:11.0940 0304 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/04 12:27:12.0081 0304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/08/04 12:27:12.0224 0304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/08/04 12:27:12.0346 0304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/04 12:27:12.0539 0304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/04 12:27:12.0714 0304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/04 12:27:12.0845 0304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/08/04 12:27:13.0015 0304 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/04 12:27:13.0127 0304 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/08/04 12:27:13.0272 0304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/04 12:27:13.0453 0304 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/04 12:27:13.0550 0304 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/08/04 12:27:13.0676 0304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/08/04 12:27:13.0805 0304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/08/04 12:27:13.0930 0304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/04 12:27:14.0072 0304 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/08/04 12:27:14.0213 0304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/04 12:27:14.0403 0304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/08/04 12:27:14.0846 0304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/04 12:27:15.0051 0304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/04 12:27:15.0180 0304 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/08/04 12:27:15.0328 0304 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/04 12:27:15.0760 0304 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/08/04 12:27:16.0015 0304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/04 12:27:16.0420 0304 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/04 12:27:16.0792 0304 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/04 12:27:17.0077 0304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/08/04 12:27:17.0240 0304 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/08/04 12:27:17.0592 0304 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/08/04 12:27:17.0946 0304 viaide (61acdd65bc5d6e4936297610506281d7) C:\Windows\system32\drivers\viaide.sys 2011/08/04 12:27:18.0281 0304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/08/04 12:27:18.0493 0304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/08/04 12:27:18.0821 0304 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys 2011/08/04 12:27:18.0846 0304 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093 2011/08/04 12:27:18.0852 0304 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/08/04 12:27:18.0989 0304 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/08/04 12:27:19.0170 0304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/08/04 12:27:19.0412 0304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 12:27:19.0487 0304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 12:27:19.0593 0304 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/08/04 12:27:19.0771 0304 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/04 12:27:20.0091 0304 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/08/04 12:27:20.0355 0304 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/04 12:27:20.0574 0304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/04 12:27:20.0853 0304 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/04 12:27:20.0993 0304 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 2011/08/04 12:27:21.0045 0304 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0 2011/08/04 12:27:21.0621 0304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 2011/08/04 12:27:21.0650 0304 Boot (0x1200) (ee14924b78bcd9ea34adfc189ccbada7) \Device\Harddisk0\DR0\Partition0 2011/08/04 12:27:21.0715 0304 Boot (0x1200) (52f353a4b0740bf3944277f92ff1cf97) \Device\Harddisk0\DR0\Partition1 2011/08/04 12:27:21.0729 0304 Boot (0x1200) (56d66235a39ca288bbbf507af9de6a04) \Device\Harddisk1\DR1\Partition0 2011/08/04 12:27:21.0745 0304 ================================================================================ 2011/08/04 12:27:21.0745 0304 Scan finished 2011/08/04 12:27:21.0745 0304 ================================================================================ 2011/08/04 12:27:21.0774 4884 Detected object count: 1 2011/08/04 12:27:21.0774 4884 Actual detected object count: 1 2011/08/04 12:27:35.0111 4884 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys 2011/08/04 12:27:35.0112 4884 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093 2011/08/04 12:27:40.0050 4884 Backup copy found, using it.. 2011/08/04 12:27:40.0087 4884 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot 2011/08/04 12:27:40.0087 4884 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure 2011/08/04 12:27:46.0855 4920 Deinitialize success
  7. dharmadave
    Hello, Starbuck. I ran ComboFix, and it seems to say everything is normal, doesn't it? All my security systems have been saying the same, but I still get sent to pages I don't want when I do a search. Very frustrating! If I look at the immediate history by right-clicking the 'back" arrow (which I actually have to do in order to escape the unwanted page) it says "Redirect" every time. Before that will be another entry, evidently the specific page it has picked for me. When I tried it a moment ago, it was 266.mobi/. Here is the ComboFix log: ComboFix 11-07-22.02 - owner 07/22/2011 14:30:34.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1839 [GMT -4:00] Running from: c:\users\owner\Desktop\Combo-Fix.exe AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR683A.tmp c:\users\owner\Desktop\Setup.exe c:\windows\system32\AutoRun.inf c:\windows\system32\jusched.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))))) . . 2011-07-22 18:37 . 2011-07-22 18:41 -------- d-----w- c:\users\owner\AppData\Local\temp 2011-07-22 18:37 . 2011-07-22 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-22 15:40 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BECD7D4F-C6A1-45CE-8A29-6A01CE93798A}\mpengine.dll 2011-07-16 19:48 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-16 19:48 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-16 19:48 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-08 11:48 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-07-08 11:48 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-08 11:48 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-08 11:45 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-07-08 11:45 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-07-08 11:45 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-07-08 11:45 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-07-08 11:45 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-07-08 11:45 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-07-08 11:44 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-07-08 11:44 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-08 11:44 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-07-08 11:44 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 11:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-07-08 11:37 . 2011-07-08 12:36 -------- d-----w- c:\program files\Microsoft Silverlight 2011-07-08 11:34 . 2011-07-08 11:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-08 04:56 . 2011-07-08 04:56 -------- d-----w- C:\Temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 23:14 . 2009-10-02 16:18 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-18 1378352] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-15 15:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2009-09-25 20:51 55072 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1519445603-4158389630-228418807-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-04-18 47120] S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-18 3276136] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:56] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:56] . 2011-04-28 c:\windows\Tasks\HPCeeScheduleForowner.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-08 00:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jvyv1xqu.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 14:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97, 02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7 "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:37,e7,a9,ef,87,f4,cb,01 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-07-22 14:45:06 ComboFix-quarantined-files.txt 2011-07-22 18:45 . Pre-Run: 199,504,695,296 bytes free Post-Run: 203,713,216,512 bytes free . - - End Of File - - 12934F34C4E8096D53A1CBA34ADC7578
  8. dharmadave
    Sorry about that, Starbuck. I'm back now, and here it is: OTL logfile created on: 7/9/2011 6:32:24 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.47% Memory free 7.11 Gb Paging File | 6.04 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.03 Gb Free Space | 63.77% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 287.37 Gb Free Space | 96.41% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr PRC - [2011/05/18 10:20:24 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe PRC - [2011/05/18 10:20:23 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe PRC - [2011/04/18 18:04:44 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009/12/03 12:02:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/13 01:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFA.EXE PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2007/05/11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (SafeList) ========== MOD - [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll ========== Win32 Services (SafeList) ========== SRV - [2011/05/18 10:20:24 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService) SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) ========== Driver Services (SafeList) ========== DRV - [2011/04/18 18:05:08 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV) DRV - [2011/04/18 18:05:06 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD) DRV - [2011/04/18 18:05:04 | 000,047,120 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm) DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/10/11 21:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\owner\Pictures\Zips IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 14:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 14:18:27 | 000,000,000 | ---D | M] [2009/07/29 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions [2009/09/25 17:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/28 11:53:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/12/03 12:03:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/07/15 14:50:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/07/15 14:50:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/07/15 14:50:22 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/07/15 14:50:22 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/07 16:15:13 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus NX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HPADVISOR] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O30 - LSA: Authentication Packages - (ows\s) - File not found O30 - LSA: Security Packages - (9630-228418807-1000) - File not found O30 - LSA: Security Packages - (秸&) - File not found O30 - LSA: Security Packages - (䝷) - File not found O30 - LSA: Security Packages - (o) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/09 18:27:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/07/08 07:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/07/08 07:48:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/07/08 07:48:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/07/08 07:48:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/07/08 07:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/07/08 07:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/07/08 07:34:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/07/08 00:56:22 | 000,000,000 | ---D | C] -- C:\Temp [2011/06/24 11:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight(12) [2011/06/22 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine [2011/06/14 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Windows Live [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/09 18:29:54 | 000,516,608 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/07/09 18:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/09 18:03:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/09 18:03:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/09 18:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/09 18:02:51 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys [2011/07/09 12:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/08 15:01:51 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/08 15:01:51 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/07/08 08:36:34 | 000,288,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/08 07:34:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/09 18:29:53 | 000,516,608 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/07/07 20:47:52 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\owner\AppData\Local\134502167mflfy6tq7nm854uuf7ypcum [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\134502167mflfy6tq7nm854uuf7ypcum [2011/03/03 18:17:17 | 000,005,049 | ---- | C] () -- C:\Users\owner\AppData\Roaming\94BC.B54 [2011/02/15 17:41:38 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2011/02/15 17:41:38 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2010/09/01 20:19:12 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/09/25 16:35:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009/09/25 16:35:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009/09/25 16:35:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009/09/25 16:35:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009/09/25 16:35:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009/09/25 16:35:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009/09/25 16:35:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009/09/25 16:35:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009/09/25 16:35:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009/09/25 16:35:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/09/25 16:35:58 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009/09/25 16:35:58 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009/09/25 16:33:58 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini [2009/08/12 13:20:03 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/29 14:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/06/09 01:34:29 | 000,000,182 | ---- | C] () -- C:\ProgramData\nbinst.ini [2009/05/28 13:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/28 13:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/04/29 13:19:42 | 000,000,961 | ---- | C] () -- C:\Windows\cdplayer.ini [2008/09/12 14:45:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/03/24 19:08:42 | 000,122,316 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008/02/20 11:35:41 | 000,009,030 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat [2008/02/19 02:10:24 | 000,166,912 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/12 15:09:15 | 000,002,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT [2008/02/07 15:23:42 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat [2007/12/08 04:35:58 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/12/08 04:18:45 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/12/08 04:15:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007/12/08 04:15:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,288,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report >
  9. dharmadave
    PS: I'll be away for a week, but I'll tackle whatever you suggest when I get back. Thanks for all your help!
  10. dharmadave
    Thanks and greetings, Starbuck. I've been noticing some very bizarre stuff. Example: When I closed RK after running it, I distinctly saw the word "hijack," which is nowhere in the report. I have been noticing since getting back in that every time I close something, there is a split-second flash of a word or an image. This is getting to be scary stuff. I believe it all started when I opened an e-mail that said it was from my lady, so I clicked the link -- I just naturally figured she had sent me something she wanted me to see. It turned out to be a link to a cheap prescriptions mail-order place in France. A bunch of us got the e-mail -- evidently someone hacked her Hotmail account and grabbed her entire address book. (She heard from a bunch of us right away, cancelled that account, and started another elsewhere.) Also, every time I boot up, Webroot says that "a serious threat has been Quarantined." There are two it keeps identifying as five-bar threats: af770ecl and Troj/Fake AV-ECB. Anyway, here are the reports: RogueKiller V5.2.7 [06/30/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Scan -- Date : 07/09/2011 18:30:49 Bad processes: 0 Registry Entries: 3 [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: ::1 localhost Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt OTL Extras logfile created on: 7/9/2011 6:32:24 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.47% Memory free 7.11 Gb Paging File | 6.04 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.03 Gb Free Space | 63.77% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 287.37 Gb Free Space | 96.41% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1519445603-4158389630-228418807-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C7F4A87-A0BB-48D0-9A9A-A0F3247B7662}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1EB419E5-0C73-4FF4-A40C-C5EC88831521}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{25FEA733-009D-4CED-9470-0D079EDADC57}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{28CA2D66-5FD9-4E33-ABE4-06E8B00B007A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{2E71B571-87A8-436C-B4E2-42DB32A0E837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{45637D1B-6EFA-4505-859E-B84C5EC96245}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{76824760-A35A-49FC-AB21-D98654A94EF7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{80D74A82-3F73-4CC8-87D5-3F46F87E6689}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B247C17A-5926-4556-87CA-60C4EFA860A4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{CEDF4F9E-3F9B-4873-9C00-B68E45303623}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D8A63779-DE67-4893-8248-E26B0DADCA72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{DE376A6E-ADC5-41F2-ABD0-3C4A4FC97672}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6ECEC39-D7C8-4BCC-A7B2-6A973DD53D35}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{231D47EF-0532-4754-A558-73DD4BB925C6}C:0\techwizard.exe" = protocol=6 | dir=in | app=c:0\techwizard.exe | "TCP Query User{9AE95E08-CA40-4A5B-B292-49924F6E0A01}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FDFD601B-CCA8-4133-8FCC-7D9A8950BAC7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{9C84FD0D-6CE1-4410-8F1E-5B55CA2A803B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{CEAC029C-BFF1-46CC-A86E-570FE5147533}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D699C113-F708-43AC-AF02-4C9CB4407A6C}C:0\techwizard.exe" = protocol=17 | dir=in | app=c:0\techwizard.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 20 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{493CCEF3-B98C-4979-92F4-F848C365A82B}" = Verizon FiOS Connection Wizard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Scanner" = EPSON Scan "EPSON Stylus NX200 Series" = EPSON Stylus NX200 Series Printer Uninstall "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1) "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Microsoft Office Home and Student 60 day trial "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "RealPlayer 12.0" = RealPlayer "Silent Package Run-Time Sample" = EPSON NX200 User's Guide "Verizon FiOS Activation_is1" = Verizon FiOS Activation "Webroot Software" = Webroot Software "WildTangent hp Master Uninstall" = My HP Games "WinGimp-2.0_is1" = Gimp 2.6.2 Debug ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/12/2009 2:46:08 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xde4ba900, process id 0x1fa0, application start time 0x01ca7b5ae5ac3eee. Error - 12/17/2009 5:58:13 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module yt.dll, version 2008.1.8.1, time stamp 0x4783ed78, exception code 0xc0000005, fault offset 0x00070a1f, process id 0x1480, application start time 0x01ca7f63cfa509f0. Error - 2/8/2010 2:09:20 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2/8/2010 2:09:20 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 3/1/2010 12:12:37 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0c0c0c0c, process id 0x1240, application start time 0x01cab95a00314124. Error - 3/1/2010 10:12:39 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4609 Description = Error - 3/4/2010 12:31:15 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 12b4 Start Time: 01cabbb603ce63a0 Termination Time: 0 Error - 3/5/2010 12:56:55 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1c4 Start Time: 01cabba8491e196b Termination Time: 103 Error - 3/5/2010 1:03:56 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1d54 Start Time: 01cabc2047609dd0 Termination Time: 66 Error - 3/18/2010 2:29:39 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2ec Start Time: 01cac6b368e460f2 Termination Time: 42 [ System Events ] Error - 7/8/2011 7:33:30 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = DCOM | ID = 10005 Description = Error - 7/8/2011 8:36:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 12:57:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 1:39:00 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 10:52:54 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 12:40:38 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 6:03:11 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = < End of report >
  11. dharmadave
    Hello again, Starbuck. Startup Repair got me nowhere, but System Restore got it done. Many thanks. The unit still behaves a bit oddly, especially when I do any Internet searching -- I'll get regular Google search links, but if I click one, I get diverted to other searches through another entity like "Shopping Links" or some such nonsense. I'm guessing malware still inside, right? When I did a system backup, in fact, I saw a few as it scrolled through the process. I noticed "animalware" on three occasions in particular. Should I return to RogueKiller or OTL? I've since backed up everything to an external, so I'm no longer worried if the answer is to get drastic (wipe hard disk, etc.)
  12. dharmadave
    Thanks, Starbuck. Tried it, but it just does what it did when I tried safe mode earlier: lists all my drivers, then goes to blue screen with a large white cursor. Is it system restore time? I have the discs. If that's the next step, is there any way to recover the docs I haven't backed up?
  13. dharmadave
    Well, I've been away because of an unexpected and unfortunate occurrence: The very next time I tried to boot up, I got the dread BSOD. The unit at least starts to boot normally, but just before it reaches the part when it asks for my password, it blues me away.
  14. dharmadave
    A million thanks, Starbuck! as soon as I ran RogueKiller, I could get back on the net the regular way. Here are the print-outs on the latest two moves: RogueKiller: RogueKiller V5.2.3 [06/16/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Remove -- Date : 06/24/2011 10:27:46 Bad processes: 0 Registry Entries: 12 [ROGUE ST] HKCU\[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> DELETED [sUSP PATH] HKCU\[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> DELETED [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [FILE ASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> REPLACED : ("%1" %*) [FILE ASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> REPLACED : ("%1" %*) [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe") [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode) [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED : ("C:\Program Files\internet explorer\iexplore.exe") HOSTS File: ::1 localhost Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt OTL: OTL logfile created on: 6/29/2011 12:22:13 PM - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 63.05% Memory free 7.11 Gb Paging File | 6.06 Gb Available in Paging File | 85.24% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.07 Gb Free Space | 63.78% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\owner\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. ) PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe () PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Users\owner\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\owner\Pictures\Zips IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 14:18:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 14:18:27 | 000,000,000 | ---D | M] [2009/07/29 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions [2009/09/25 17:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/28 11:53:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/12/03 12:03:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/07/15 14:50:22 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/07/15 14:50:22 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/07/15 14:50:22 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/07/15 14:50:22 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/07 16:15:13 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus NX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HPADVISOR] File not found O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O30 - LSA: Authentication Packages - (ows\s) - File not found O30 - LSA: Security Packages - (9630-228418807-1000) - File not found O30 - LSA: Security Packages - (秸&) - File not found O30 - LSA: Security Packages - (䝷) - File not found O30 - LSA: Security Packages - (o) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: HPAdvisor - hkey= - key= - File not found MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SunJavaUpdateReg - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/06/25 12:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/06/24 11:27:43 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/06/24 11:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/06/22 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine [2011/06/15 10:51:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/06/15 10:51:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/06/15 10:51:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/06/15 10:51:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/06/14 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Windows Live [2011/06/14 12:56:53 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/29 12:14:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/29 12:14:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/29 11:59:58 | 000,167,424 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/29 11:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/29 09:33:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/29 08:14:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/29 08:14:53 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys [2011/06/28 22:46:49 | 000,288,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/06/24 11:47:46 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011/06/24 11:27:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/06/22 00:00:03 | 000,603,136 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/06/15 10:49:44 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/15 10:49:44 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/15 10:38:31 | 000,002,305 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/30 13:41:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/22 00:00:05 | 000,603,136 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\owner\AppData\Local\134502167mflfy6tq7nm854uuf7ypcum [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\134502167mflfy6tq7nm854uuf7ypcum [2011/03/03 18:17:17 | 000,005,049 | ---- | C] () -- C:\Users\owner\AppData\Roaming\94BC.B54 [2011/02/15 17:41:38 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2011/02/15 17:41:38 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2010/09/01 20:19:12 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/09/25 16:35:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009/09/25 16:35:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009/09/25 16:35:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009/09/25 16:35:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009/09/25 16:35:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009/09/25 16:35:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009/09/25 16:35:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009/09/25 16:35:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009/09/25 16:35:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009/09/25 16:35:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/09/25 16:35:58 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009/09/25 16:35:58 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009/09/25 16:33:58 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini [2009/08/12 13:20:03 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/29 14:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/06/09 01:34:29 | 000,000,182 | ---- | C] () -- C:\ProgramData\nbinst.ini [2009/05/28 13:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/28 13:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/04/29 13:19:42 | 000,000,961 | ---- | C] () -- C:\Windows\cdplayer.ini [2008/09/12 14:45:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/03/24 19:08:42 | 000,122,316 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008/02/20 11:35:41 | 000,009,030 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat [2008/02/19 02:10:24 | 000,167,424 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/12 15:09:15 | 000,002,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT [2008/02/07 15:23:42 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat [2007/12/08 04:35:58 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/12/08 04:18:45 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/12/08 04:15:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007/12/08 04:15:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,288,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/11/23 19:37:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity [2010/10/01 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EPSON [2010/10/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0 [2011/05/11 08:55:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Image Zone Express [2009/09/25 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech [2008/05/10 12:31:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\muvee Technologies [2008/02/12 14:48:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nuance [2010/10/01 16:37:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Printer Info Cache [2008/02/07 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Snapfish [2008/02/21 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template [2008/02/16 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch [2011/06/29 00:35:26 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007/12/08 03:50:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/03/23 15:43:43 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT [2011/06/29 08:14:53 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys [2009/02/09 17:12:55 | 000,000,164 | ---- | M] () -- C:\install.dat [2009/05/04 14:14:15 | 000,000,571 | ---- | M] () -- C:\NTDClient.log [2011/06/29 08:14:52 | 330,301,439 | -HS- | M] () -- C:\pagefile.sys [2008/09/25 14:51:18 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll [2008/08/17 22:09:04 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp64X.dll [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011/04/18 18:04:54 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2010/10/15 10:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe [2011/04/18 18:04:42 | 000,017,472 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\SsiEfr.exe < %systemroot%\System32\config\*.sav > [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/07/01 12:37:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) < End of report >
  15. dharmadave
    Many thanks, Starbuck. I don't have MalwareBytes, but I do have multiple protection via Verizon FiOs, WebRoot and SpySweeper. An addendum to the symptoms: I've found that I can get online by opening any saved webpage doc, then going to Google on my toolbar. Anyway, here's the RogueKiller report: RogueKiller V5.2.3 [06/16/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Scan -- Date : 06/22/2011 00:15:22 Bad processes: 0 Registry Entries: 16 [ROGUE ST] HKCU\[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> FOUND [sUSP PATH] HKCU\[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> FOUND [ROGUE ST] HKUS\S-1-5-21-1519445603-4158389630-228418807-1000[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> FOUND [sUSP PATH] HKUS\S-1-5-21-1519445603-4158389630-228418807-1000[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND HOSTS File: ::1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt
×
×
  • Create New...