dharmadave Posted June 15, 2011 Posted June 15, 2011 I got bumped off the net, and since then, any attempt to use any browser, run my protection software, delete temp files/cookies etc. or access sys restore is met with "choose which program you want to use to open this file." It preselects iexplore.exe. If I try humoring it with that or pick another one, it just circles me back to that. Am I toast? Quote
Starbuck Posted June 15, 2011 Posted June 15, 2011 Hi dharmadave, This certainly sounds like malware. Let's give this a try: You may have to download it to a usb stick and then transfer it to the bad system. Download RogueKiller and save it to your desktop. Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 1 (SCAN) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Note: If RogueKiller is blocked, do not hesitate to try running it again. If it still fails to run, right click on the downloaded icon and select 'Rename'.....rename it to winlogon and try again. Btw: Do you have MalwareBytes Anti Malware installed? Quote Member of:UNITE
dharmadave Posted June 22, 2011 Author Posted June 22, 2011 Many thanks, Starbuck. I don't have MalwareBytes, but I do have multiple protection via Verizon FiOs, WebRoot and SpySweeper. An addendum to the symptoms: I've found that I can get online by opening any saved webpage doc, then going to Google on my toolbar. Anyway, here's the RogueKiller report: RogueKiller V5.2.3 [06/16/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Scan -- Date : 06/22/2011 00:15:22 Bad processes: 0 Registry Entries: 16 [ROGUE ST] HKCU\[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> FOUND [sUSP PATH] HKCU\[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> FOUND [ROGUE ST] HKUS\S-1-5-21-1519445603-4158389630-228418807-1000[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> FOUND [sUSP PATH] HKUS\S-1-5-21-1519445603-4158389630-228418807-1000[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> FOUND [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [FILEASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCR\[...]exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKCR\[...].exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> FOUND [FILEASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> FOUND HOSTS File: ::1 localhost Finished : << RKreport[1].txt >> RKreport[1].txt Quote
Starbuck Posted June 22, 2011 Posted June 22, 2011 Hi dharmadave I'll move this thread to the malware removal forum. That's a nice little infection you have there, let's take care of things: Step 1 Close all the running processes Double click RogueKiller icon to run the program Vista/Win7 users should right click the icon and select Run as Administrator. When prompted, type 2 (DELETE) and then press Enter A report will open, please copy and paste this report in your next reply. A copy of the RKreport.txt can be found on your desktop. Step 2 Download OTL to your desktop. right click on the link and select 'Save Link/Target As'. if you have problems, try this download link: OTL Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. . http://img.photobucket.com/albums/v708/starbuck50/new/Otllatest.png Now copy the lines in bold below. netsvcs msconfig %SYSTEMDRIVE%\*.* %systemroot%\system32\Spool\prtprocs\w32x86\*.dll %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles %systemroot%\Tasks\*.job /lockedfiles %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\system32\*.exe /lockedfiles %systemroot%\System32\config\*.sav %PROGRAMFILES%\* HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU hklm\software\clients\startmenuinternet|command /rs hklm\software\clients\startmenuinternet|command /64 /rs CREATERESTOREPOINT right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png . Click the Run Scan button. http://img.photobucket.com/albums/v708/starbuck50/runscan.png Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them with your next reply. In your next reply, please submit: RogueKiller report both reports from OTL Thanks. Quote Member of:UNITE
dharmadave Posted June 29, 2011 Author Posted June 29, 2011 A million thanks, Starbuck! as soon as I ran RogueKiller, I could get back on the net the regular way. Here are the print-outs on the latest two moves: RogueKiller: RogueKiller V5.2.3 [06/16/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Remove -- Date : 06/24/2011 10:27:46 Bad processes: 0 Registry Entries: 12 [ROGUE ST] HKCU\[...]\Run : 775698912 ("C:\Users\owner\AppData\Local\ifl.exe") -> DELETED [sUSP PATH] HKCU\[...]\Run : NrIAdsssyo ("C:\ProgramData\NrIAdsssyo.exe") -> DELETED [HJPOL] HKCU\[...]\System : DisableTaskMgr (1) -> DELETED [HJPOL] HKLM\[...]\System : DisableTaskMgr (1) -> DELETED [HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1) [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) [FILE ASSO] HKCU\[...]Software\Classes\.exe\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> REPLACED : ("%1" %*) [FILE ASSO] HKCU\[...]Software\Classes\exefile\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "%1" %*) -> REPLACED : ("%1" %*) [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe") -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe") [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode) [FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command : ("C:\Users\owner\AppData\Local\ifl.exe" -a "C:\Program Files\Internet Explorer\iexplore.exe") -> REPLACED : ("C:\Program Files\internet explorer\iexplore.exe") HOSTS File: ::1 localhost Finished : << RKreport[2].txt >> RKreport[1].txt ; RKreport[2].txt OTL: OTL logfile created on: 6/29/2011 12:22:13 PM - Run 1 OTL by OldTimer - Version 3.2.24.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.81 Gb Available Physical Memory | 63.05% Memory free 7.11 Gb Paging File | 6.06 Gb Available in Paging File | 85.24% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.07 Gb Free Space | 63.78% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 297.99 Gb Free Space | 99.97% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\owner\Desktop\OTL.scr (OldTimer Tools) PRC - C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. ) PRC - C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe (Webroot Software, Inc. (www.webroot.com)) PRC - C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Logitech\QuickCam\Quickcam.exe () PRC - C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () PRC - C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) PRC - C:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) ========== Modules (SafeList) ========== MOD - C:\Users\owner\Desktop\OTL.scr (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll (Logitech Inc.) ========== Win32 Services (SafeList) ========== SRV - (WRConsumerService) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe (Webroot Software, Inc. ) SRV - (WebrootSpySweeperService) -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe (Webroot Software, Inc. (www.webroot.com)) SRV - (LVSrvLauncher) -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.) SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.) ========== Driver Services (SafeList) ========== DRV - (SSIDRV) -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (SSHRMD) -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS (Webroot Software, Inc. (www.webroot.com)) DRV - (ssfmonm) -- C:\Windows\System32\drivers\ssfmonm.sys (Webroot Software, Inc. (www.webroot.com)) DRV - (LVUVC) QuickCam Pro for Notebooks(UVC) -- C:\Windows\System32\drivers\lvuvc.sys (Logitech Inc.) DRV - (LVRS) -- C:\Windows\System32\drivers\lvrs.sys (Logitech Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (HSXHWBS2) -- C:\Windows\System32\drivers\HSXHWBS2.sys (Conexant Systems, Inc.) DRV - (HSF_DP) -- C:\Windows\System32\drivers\HSX_DP.sys (Conexant Systems, Inc.) DRV - (SSKBFD) -- C:\Windows\System32\drivers\sskbfd.sys (Webroot Software Inc (www.webroot.com)) DRV - (nvstor32) -- C:\Windows\system32\DRIVERS\nvstor32.sys (NVIDIA Corporation) DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (lvpopflt) -- C:\Windows\System32\drivers\lvpopflt.sys (Logitech Inc.) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.) DRV - (Ps2) -- C:\Windows\System32\drivers\PS2.sys (Hewlett-Packard Company) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\owner\Pictures\Zips IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 14:18:27 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 14:18:27 | 000,000,000 | ---D | M] [2009/07/29 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions [2009/09/25 17:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/28 11:53:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/12/03 12:03:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2009/07/15 14:50:22 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2009/07/15 14:50:22 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2009/07/15 14:50:22 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2009/07/15 14:50:22 | 000,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/07 16:15:13 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus NX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HPADVISOR] File not found O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O30 - LSA: Authentication Packages - (ows\s) - File not found O30 - LSA: Security Packages - (9630-228418807-1000) - File not found O30 - LSA: Security Packages - (秸&) - File not found O30 - LSA: Security Packages - (䝷) - File not found O30 - LSA: Security Packages - (o) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O35 - HKCU\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk - C:\Program Files\Snapfish Picture Mover\SnapfishMediaDetector.exe - () MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: HPAdvisor - hkey= - key= - File not found MsConfig - StartUpReg: OsdMaestro - hkey= - key= - C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SunJavaUpdateReg - hkey= - key= - File not found MsConfig - State: "startup" - 2 CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2011/06/25 12:22:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/06/24 11:27:43 | 000,579,072 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/06/24 11:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/06/22 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine [2011/06/15 10:51:45 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/06/15 10:51:44 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/06/15 10:51:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/06/15 10:51:44 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/06/14 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Windows Live [2011/06/14 12:56:53 | 000,754,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\webservices.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/06/29 12:14:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/06/29 12:14:58 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/06/29 11:59:58 | 000,167,424 | ---- | M] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/06/29 11:33:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/06/29 09:33:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/06/29 08:14:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/06/29 08:14:53 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys [2011/06/28 22:46:49 | 000,288,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/06/24 11:47:46 | 000,002,281 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk [2011/06/24 11:27:40 | 000,579,072 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/06/22 00:00:03 | 000,603,136 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/06/15 10:49:44 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/06/15 10:49:44 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/06/15 10:38:31 | 000,002,305 | ---- | M] () -- C:\Users\owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/30 13:41:02 | 000,000,322 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForowner.job [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/06/22 00:00:05 | 000,603,136 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\owner\AppData\Local\134502167mflfy6tq7nm854uuf7ypcum [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\134502167mflfy6tq7nm854uuf7ypcum [2011/03/03 18:17:17 | 000,005,049 | ---- | C] () -- C:\Users\owner\AppData\Roaming\94BC.B54 [2011/02/15 17:41:38 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2011/02/15 17:41:38 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2010/09/01 20:19:12 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/09/25 16:35:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009/09/25 16:35:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009/09/25 16:35:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009/09/25 16:35:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009/09/25 16:35:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009/09/25 16:35:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009/09/25 16:35:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009/09/25 16:35:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009/09/25 16:35:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009/09/25 16:35:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/09/25 16:35:58 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009/09/25 16:35:58 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009/09/25 16:33:58 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini [2009/08/12 13:20:03 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/29 14:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/06/09 01:34:29 | 000,000,182 | ---- | C] () -- C:\ProgramData\nbinst.ini [2009/05/28 13:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/28 13:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/04/29 13:19:42 | 000,000,961 | ---- | C] () -- C:\Windows\cdplayer.ini [2008/09/12 14:45:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/03/24 19:08:42 | 000,122,316 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008/02/20 11:35:41 | 000,009,030 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat [2008/02/19 02:10:24 | 000,167,424 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/12 15:09:15 | 000,002,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT [2008/02/07 15:23:42 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat [2007/12/08 04:35:58 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/12/08 04:18:45 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/12/08 04:15:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007/12/08 04:15:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,288,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat ========== LOP Check ========== [2010/11/23 19:37:36 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Audacity [2010/10/01 16:29:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\EPSON [2010/10/11 15:38:34 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\gtk-2.0 [2011/05/11 08:55:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Image Zone Express [2009/09/25 16:44:18 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Leadertech [2008/05/10 12:31:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\muvee Technologies [2008/02/12 14:48:56 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Nuance [2010/10/01 16:37:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Printer Info Cache [2008/02/07 13:49:54 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Snapfish [2008/02/21 19:34:43 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\Template [2008/02/16 15:15:35 | 000,000,000 | ---D | M] -- C:\Users\owner\AppData\Roaming\WinBatch [2011/06/29 00:35:26 | 000,032,622 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () -- C:\autoexec.bat [2009/04/11 02:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr [2007/12/08 03:50:32 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys [2010/03/23 15:43:43 | 000,000,125 | ---- | M] () -- C:\FINIS_IT.TXT [2011/06/29 08:14:53 | 3085,369,344 | -HS- | M] () -- C:\hiberfil.sys [2009/02/09 17:12:55 | 000,000,164 | ---- | M] () -- C:\install.dat [2009/05/04 14:14:15 | 000,000,571 | ---- | M] () -- C:\NTDClient.log [2011/06/29 08:14:52 | 330,301,439 | -HS- | M] () -- C:\pagefile.sys [2008/09/25 14:51:18 | 000,000,477 | ---- | M] () -- C:\RHDSetup.log [1 C:\*.tmp files -> C:\*.tmp -> ] < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > [2007/03/28 14:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll [2008/08/17 22:09:04 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp64X.dll [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2011/04/18 18:04:54 | 000,030,424 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\wrLZMA.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\system32\*.exe /lockedfiles > [2010/10/15 10:08:12 | 003,602,320 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ntkrnlpa.exe [2011/04/18 18:04:42 | 000,017,472 | ---- | M] () Unable to obtain MD5 -- C:\Windows\System32\SsiEfr.exe < %systemroot%\System32\config\*.sav > [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %PROGRAMFILES%\* > [2008/07/01 12:37:41 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU > < hklm\software\clients\startmenuinternet|command /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) < hklm\software\clients\startmenuinternet|command /64 /rs > HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/07/15 17:41:51 | 000,552,192 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: "C:\Program Files\mozilla firefox\firefox.exe" [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\mozilla firefox\firefox.exe" -safe-mode [2009/07/15 17:41:52 | 000,908,280 | ---- | M] (Mozilla Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011/04/06 11:31:23 | 000,074,240 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\internet explorer\iexplore.exe" [2011/04/06 11:31:25 | 000,748,336 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2009/11/05 22:14:44 | 001,794,848 | ---- | M] (Apple Inc.) < End of report > Quote
Starbuck Posted June 29, 2011 Posted June 29, 2011 Hi dharmadave as soon as I ran RogueKiller, I could get back on the net the regular way Glad to hear that things are improving. Let's clean up some registry entries and a couple of leftover files. Double click on OTL to run it. Copy the lines in the codebox below. (make sure that :Otl is on the first line ) :otl O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKCU..\Run: [HPADVISOR] File not found O30 - LSA: Authentication Packages - (ows\s) - File not found O30 - LSA: Security Packages - (9630-228418807-1000) - File not found O30 - LSA: Security Packages - (秸&) - File not found O30 - LSA: Security Packages - (䝷) - File not found O30 - LSA: Security Packages - (o) - File not found MsConfig - StartUpReg: HP Health Check Scheduler - hkey= - key= - File not found MsConfig - StartUpReg: HPAdvisor - hkey= - key= - File not found [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7r epy5xfivosv [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\owner\AppData\Local\134502167mflfy6tq7nm8 54uuf7ypcum [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\134502167mflfy6tq7nm854uuf7ypcum :Files ipconfig /flushdns /c :commands [emptytemp] [purity] [RESETHOSTS] [EMPTYFLASH] Return to OTL, right click in the Custom Scans/Fixes window (under the blue bar) and choose Paste. http://img.photobucket.com/albums/v708/starbuck50/new%20forum/scan-fix.png Click the red Run Fix button. http://img.photobucket.com/albums/v708/starbuck50/runfixbutton.png OTL will reboot your system once the fix has completed. After the reboot, you may need to double click OTL to launch the program and retrieve the log. Copy and paste the contents of the OTL log that comes up after the fix in your next reply. if you lose the report, there will be a copy here: C:\_OTL\MovedFiles Thanks. Quote Member of:UNITE
dharmadave Posted July 5, 2011 Author Posted July 5, 2011 Well, I've been away because of an unexpected and unfortunate occurrence: The very next time I tried to boot up, I got the dread BSOD. The unit at least starts to boot normally, but just before it reaches the part when it asks for my password, it blues me away. Quote
Starbuck Posted July 6, 2011 Posted July 6, 2011 Hi dharmadave Can you boot into Safe mode? Reboot in to 'Safe Mode' Restart your computer. When the computer starts you will see your computer's hardware being listed. When you see this information start to gently tap the F8 key repeatedly until you are presented with the Windows Vista Advanced Boot Options. Select the Safe Mode option using the arrow keys. Then press the enter key on your keyboard to boot into Vista Safe Mode. When Windows starts you will be at a typical logon screen. Logon to your computer and Vista will enter Safe mode. Quote Member of:UNITE
dharmadave Posted July 6, 2011 Author Posted July 6, 2011 Thanks, Starbuck. Tried it, but it just does what it did when I tried safe mode earlier: lists all my drivers, then goes to blue screen with a large white cursor. Is it system restore time? I have the discs. If that's the next step, is there any way to recover the docs I haven't backed up? Quote
Starbuck Posted July 6, 2011 Posted July 6, 2011 Hi dharmadave It's always nice when someone says they actually have the discs. http://fc07.deviantart.net/images3/i/2004/146/9/1/Two_thumbs_up.gif We now have a couple of options. Startup Repair Startup Repair is an automated repair process that scans your Vista installation for problems and attempts to automatically fix them. When you select to repair Vista from the Vista setup screen, and Vista detects problems. System Restore System Restore allows you to restore your computer's configuration, driver information, and programs to a previous state while leaving your existing data intact. Using this option can typically fix a installation's problem if it is not associated with faulty hardware. In order to use this option, you must have had System Restore enabled in Vista so that there are restore points available to restore to. and we know your system restore is turned on because Otl make a new restore point whilst scanning. CREATERESTOREPOINT Restore point Set: OTL Restore Point Let's try them both. None of these options will cause you to lose any of your saved data. To make it easier for you, click this link and it will explain everything: How to automatically repair Windows Vista Let me know how you get on. Quote Member of:UNITE
dharmadave Posted July 8, 2011 Author Posted July 8, 2011 Hello again, Starbuck. Startup Repair got me nowhere, but System Restore got it done. Many thanks. The unit still behaves a bit oddly, especially when I do any Internet searching -- I'll get regular Google search links, but if I click one, I get diverted to other searches through another entity like "Shopping Links" or some such nonsense. I'm guessing malware still inside, right? When I did a system backup, in fact, I saw a few as it scrolled through the process. I noticed "animalware" on three occasions in particular. Should I return to RogueKiller or OTL? I've since backed up everything to an external, so I'm no longer worried if the answer is to get drastic (wipe hard disk, etc.) Quote
Starbuck Posted July 9, 2011 Posted July 9, 2011 Hi dharmadave Glad to hear you're up and running again. I'm guessing malware still inside, right? It's quite possible that the malware may have been backed up in the restore points.... in which case it will have been put back on to the m/c. Re-run Rogue Killer again using option 1 and let me have the report. Also let me have a new set of OTL reports using these instructions. Double click on OTL.exe to run it. Under Extra Registry section, select Use SafeList. Don't check the boxes beside 'LOP Check' and 'Purity Check' this time. Click on Run Scan at the top left hand corner. When done, two Notepad files will open. Please post the contents of these 2 Notepad files in your next reply. Thanks Quote Member of:UNITE
dharmadave Posted July 9, 2011 Author Posted July 9, 2011 Thanks and greetings, Starbuck. I've been noticing some very bizarre stuff. Example: When I closed RK after running it, I distinctly saw the word "hijack," which is nowhere in the report. I have been noticing since getting back in that every time I close something, there is a split-second flash of a word or an image. This is getting to be scary stuff. I believe it all started when I opened an e-mail that said it was from my lady, so I clicked the link -- I just naturally figured she had sent me something she wanted me to see. It turned out to be a link to a cheap prescriptions mail-order place in France. A bunch of us got the e-mail -- evidently someone hacked her Hotmail account and grabbed her entire address book. (She heard from a bunch of us right away, cancelled that account, and started another elsewhere.) Also, every time I boot up, Webroot says that "a serious threat has been Quarantined." There are two it keeps identifying as five-bar threats: af770ecl and Troj/Fake AV-ECB. Anyway, here are the reports: RogueKiller V5.2.7 [06/30/2011] by Tigzy contact at http://www.sur-la-toile.com mail: tigzyRK<at>gmail<dot>com Feedback: http://www.sur-la-toile.com/discussion-193725-1-BRogueKillerD-Remontees.html Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version Started in : Normal mode User: owner [Admin rights] Mode: Scan -- Date : 07/09/2011 18:30:49 Bad processes: 0 Registry Entries: 3 [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND HOSTS File: ::1 localhost Finished : << RKreport[3].txt >> RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt OTL Extras logfile created on: 7/9/2011 6:32:24 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.47% Memory free 7.11 Gb Paging File | 6.04 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.03 Gb Free Space | 63.77% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 287.37 Gb Free Space | 96.41% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "UacDisableNotify" = 0 "InternetSettingsDisableNotify" = 0 "AutoUpdateDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-1519445603-4158389630-228418807-1000] "EnableNotifications" = 1 "EnableNotificationsRef" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0C7F4A87-A0BB-48D0-9A9A-A0F3247B7662}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{1EB419E5-0C73-4FF4-A40C-C5EC88831521}" = protocol=17 | dir=in | app=c:\program files\itunes\itunes.exe | "{25FEA733-009D-4CED-9470-0D079EDADC57}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{28CA2D66-5FD9-4E33-ABE4-06E8B00B007A}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{2E71B571-87A8-436C-B4E2-42DB32A0E837}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe | "{45637D1B-6EFA-4505-859E-B84C5EC96245}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "{76824760-A35A-49FC-AB21-D98654A94EF7}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{80D74A82-3F73-4CC8-87D5-3F46F87E6689}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{B247C17A-5926-4556-87CA-60C4EFA860A4}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{CEDF4F9E-3F9B-4873-9C00-B68E45303623}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{D8A63779-DE67-4893-8248-E26B0DADCA72}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe | "{DE376A6E-ADC5-41F2-ABD0-3C4A4FC97672}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{F6ECEC39-D7C8-4BCC-A7B2-6A973DD53D35}" = protocol=6 | dir=in | app=c:\program files\itunes\itunes.exe | "TCP Query User{231D47EF-0532-4754-A558-73DD4BB925C6}C:0\techwizard.exe" = protocol=6 | dir=in | app=c:0\techwizard.exe | "TCP Query User{9AE95E08-CA40-4A5B-B292-49924F6E0A01}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "TCP Query User{FDFD601B-CCA8-4133-8FCC-7D9A8950BAC7}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{9C84FD0D-6CE1-4410-8F1E-5B55CA2A803B}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe | "UDP Query User{CEAC029C-BFF1-46CC-A86E-570FE5147533}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | "UDP Query User{D699C113-F708-43AC-AF02-4C9CB4407A6C}C:0\techwizard.exe" = protocol=17 | dir=in | app=c:0\techwizard.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour "{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5 "{10E1E87C-656C-4D08-86D6-5443D28583BE}" = TrayApp "{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update "{11BB336F-0E58-4977-B866-F24FA334616B}" = HP Active Support Library "{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1 "{13F00518-807A-4B3A-83B0-A7CD90F3A398}" = MarketResearch "{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works "{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe "{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget "{22466889-7642-488d-AA0E-F619704CF7AB}" = DeviceDiscovery "{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine "{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java 6 Update 20 "{32343DB6-9A52-40C9-87E4-5E7C79791C87}" = MSXML 4.0 SP2 and SOAP Toolkit 3.0 "{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE "{3560CE5A-C4EF-4DB0-9ECC-BA035FE309C5}" = MSN Toolbar "{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EBA6E7C-3DF6-48AE-B87B-4CAFB2C1C3F7}" = LightScribe Template Labeler "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support "{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go "{487B0B9B-DCD4-440D-89A0-A6EDE1A545A3}" = HPSSupply "{493CCEF3-B98C-4979-92F4-F848C365A82B}" = Verizon FiOS Connection Wizard "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout "{543E938C-BDC4-4933-A612-01293996845F}" = UnloadSupport "{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{730837D4-FF5E-48DB-BA49-33E732DFF0B3}" = PanoStandAlone "{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762 "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask.com Toolbar "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player "{8B287B75-DF8D-40C8-9620-8E4492C38EF1}" = Webroot Software "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{945AC98B-3DC8-45BE-BAE0-22CEEE37A103}" = Logitech QuickCam "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English) "{9885A11E-60E4-417C-B58B-8B31B21C0B8A}" = HP Easy Setup - Frontend "{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder "{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1033-7B44-A81200000003}" = Adobe Reader 8.1.2 "{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder "{AFAD41A9-9687-48A3-848F-693C11451433}" = HP Customer Experience Enhancements "{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B639110D-747F-40DC-9682-95D94EF73790}" = dj_sf_software "{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player "{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5 "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{D6E4E5D6-7693-4BB4-95BA-21F38FAFEE90}" = Safari "{DDDD90B2-80F2-413A-8A8E-38C5076A7DBA}" = Dragon NaturallySpeaking 9 "{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01 "{E2662C24-B31E-4349-A084-32EB76E8B760}" = BufferChm "{E8C2622C-9FF1-4F60-8008-A0208154F9F3}" = muvee autoProducer 6.1 "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{FD8D8B04-BEAD-4A55-AA1D-62D2373E7DEA}" = Status "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode) "CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP "DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters "EPSON Scanner" = EPSON Scan "EPSON Stylus NX200 Series" = EPSON Stylus NX200 Series Printer Uninstall "HP Imaging Device Functions" = HP Imaging Device Functions 9.0 "HP Photosmart Essential" = HP Photosmart Essential 2.5 "HPExtendedCapabilities" = HP Customer Participation Program 9.0 "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector "legacyqcam_11.00" = Logitech Legacy USB Camera Driver Package "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox (3.5.1)" = Mozilla Firefox (3.5.1) "NVIDIA Drivers" = NVIDIA Drivers "OfficeTrial" = Microsoft Office Home and Student 60 day trial "OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator "PC-Doctor 5 for Windows" = Hardware Diagnostic Tools "RealPlayer 12.0" = RealPlayer "Silent Package Run-Time Sample" = EPSON NX200 User's Guide "Verizon FiOS Activation_is1" = Verizon FiOS Activation "Webroot Software" = Webroot Software "WildTangent hp Master Uninstall" = My HP Games "WinGimp-2.0_is1" = Gimp 2.6.2 Debug ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 12/12/2009 2:46:08 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0xde4ba900, process id 0x1fa0, application start time 0x01ca7b5ae5ac3eee. Error - 12/17/2009 5:58:13 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application iexplore.exe, version 8.0.6001.18865, time stamp 0x4b077416, faulting module yt.dll, version 2008.1.8.1, time stamp 0x4783ed78, exception code 0xc0000005, fault offset 0x00070a1f, process id 0x1480, application start time 0x01ca7f63cfa509f0. Error - 2/8/2010 2:09:20 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 2/8/2010 2:09:20 AM | Computer Name = owner-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083 Description = Error - 3/1/2010 12:12:37 PM | Computer Name = owner-PC | Source = Application Error | ID = 1000 Description = Faulting application AcroRd32.exe, version 8.1.0.137, time stamp 0x46444e37, faulting module unknown, version 0.0.0.0, time stamp 0x00000000, exception code 0xc0000005, fault offset 0x0c0c0c0c, process id 0x1240, application start time 0x01cab95a00314124. Error - 3/1/2010 10:12:39 PM | Computer Name = owner-PC | Source = EventSystem | ID = 4609 Description = Error - 3/4/2010 12:31:15 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program iexplore.exe version 8.0.6001.18882 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 12b4 Start Time: 01cabbb603ce63a0 Termination Time: 0 Error - 3/5/2010 12:56:55 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1c4 Start Time: 01cabba8491e196b Termination Time: 103 Error - 3/5/2010 1:03:56 AM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program explorer.exe version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 1d54 Start Time: 01cabc2047609dd0 Termination Time: 66 Error - 3/18/2010 2:29:39 PM | Computer Name = owner-PC | Source = Application Hang | ID = 1002 Description = The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel. Process ID: 2ec Start Time: 01cac6b368e460f2 Termination Time: 42 [ System Events ] Error - 7/8/2011 7:33:30 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7009 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 7:35:33 AM | Computer Name = owner-PC | Source = DCOM | ID = 10005 Description = Error - 7/8/2011 8:36:57 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 12:57:58 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/8/2011 1:39:00 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 10:52:54 AM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 12:40:38 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = Error - 7/9/2011 6:03:11 PM | Computer Name = owner-PC | Source = Service Control Manager | ID = 7000 Description = < End of report > Quote
dharmadave Posted July 10, 2011 Author Posted July 10, 2011 PS: I'll be away for a week, but I'll tackle whatever you suggest when I get back. Thanks for all your help! Quote
Starbuck Posted July 10, 2011 Posted July 10, 2011 Hi dharmadave I'll be away for a week, but I'll tackle whatever you suggest when I get back. Ok, no problem .... but can you post the Otl main.txt before you go. You only posted the extras.txt Thanks Quote Member of:UNITE
dharmadave Posted July 17, 2011 Author Posted July 17, 2011 Sorry about that, Starbuck. I'm back now, and here it is: OTL logfile created on: 7/9/2011 6:32:24 PM - Run 1 OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\owner\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 2.87 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 64.47% Memory free 7.11 Gb Paging File | 6.04 Gb Available in Paging File | 84.98% Paging File free Paging file location(s): c:\pagefile.sys 4411 4411 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 288.59 Gb Total Space | 184.03 Gb Free Space | 63.77% Space Free | Partition Type: NTFS Drive D: | 9.50 Gb Total Space | 1.29 Gb Free Space | 13.56% Space Free | Partition Type: NTFS Drive E: | 298.09 Gb Total Space | 287.37 Gb Free Space | 96.41% Space Free | Partition Type: NTFS Computer Name: OWNER-PC | User Name: owner | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr PRC - [2011/05/18 10:20:24 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe PRC - [2011/05/18 10:20:23 | 001,378,352 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe PRC - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\AEI.exe PRC - [2011/04/18 18:04:44 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\Security\Current\plugins\antimalware\SSU.exe PRC - [2010/02/18 11:43:20 | 000,490,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe PRC - [2009/12/03 12:02:28 | 000,198,160 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008/01/19 03:38:38 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe PRC - [2008/01/15 11:26:18 | 004,874,240 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2007/12/13 01:00:00 | 000,188,928 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIEFA.EXE PRC - [2007/10/25 16:37:32 | 002,178,832 | ---- | M] () -- C:\Program Files\Logitech\QuickCam\Quickcam.exe PRC - [2007/10/25 16:33:22 | 000,563,984 | ---- | M] () -- C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe PRC - [2007/10/25 16:32:58 | 000,407,824 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LQCVFX\COCIManager.exe PRC - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe PRC - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe PRC - [2007/05/11 04:06:38 | 000,341,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe PRC - [2007/04/18 11:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe ========== Modules (SafeList) ========== MOD - [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr MOD - [2010/08/31 11:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll MOD - [2007/10/19 13:19:10 | 000,109,080 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcInj.dll ========== Win32 Services (SafeList) ========== SRV - [2011/05/18 10:20:24 | 003,276,136 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService) SRV - [2011/04/18 18:04:58 | 003,900,032 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService) SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2007/10/19 13:21:16 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe -- (LVSrvLauncher) SRV - [2007/10/19 13:19:22 | 000,141,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe -- (LVPrcSrv) SRV - [2007/10/19 13:17:28 | 000,186,904 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe -- (LVCOMSer) ========== Driver Services (SafeList) ========== DRV - [2011/04/18 18:05:08 | 000,182,056 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSIDRV.SYS -- (SSIDRV) DRV - [2011/04/18 18:05:06 | 000,024,496 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SYSTEM32\Drivers\SSHRMD.SYS -- (SSHRMD) DRV - [2011/04/18 18:05:04 | 000,047,120 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\System32\drivers\ssfmonm.sys -- (ssfmonm) DRV - [2010/07/27 08:14:58 | 006,842,464 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvuvc.sys -- (LVUVC) QuickCam Pro for Notebooks(UVC) DRV - [2010/07/27 08:12:50 | 000,282,336 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS) DRV - [2008/08/01 19:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2008/07/26 15:26:22 | 000,041,752 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta) DRV - [2008/05/22 14:49:00 | 007,465,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2008/05/08 05:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2) DRV - [2008/05/08 05:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DP.sys -- (HSF_DP) DRV - [2008/01/04 21:34:36 | 000,023,920 | ---- | M] (Webroot Software Inc (www.webroot.com)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sskbfd.sys -- (SSKBFD) DRV - [2007/10/26 18:51:24 | 000,110,624 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\nvstor32.sys -- (nvstor32) DRV - [2007/10/19 13:16:30 | 002,109,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Lvckap.sys -- (LVcKap) DRV - [2007/10/18 07:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio) DRV - [2007/10/11 21:59:12 | 001,920,920 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvpopflt.sys -- (lvpopflt) DRV - [2007/10/11 18:59:24 | 000,025,624 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon) DRV - [2007/10/11 18:59:02 | 002,142,488 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVMVdrv.sys -- (LVMVDrv) DRV - [2005/12/12 13:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\PS2.sys -- (Ps2) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\owner\Pictures\Zips IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = www.live.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/06 14:18:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/06 14:18:27 | 000,000,000 | ---D | M] [2009/07/29 14:21:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Extensions [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions [2009/09/25 17:50:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\owner\AppData\Roaming\mozilla\Firefox\Profiles\jvyv1xqu.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/03/05 14:55:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010/06/28 11:53:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2009/12/03 12:03:35 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAM FILES\REAL\REALPLAYER\BROWSERRECORD\FIREFOX\EXT [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2009/07/15 14:50:22 | 000,001,538 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2009/07/15 14:50:22 | 000,000,947 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2009/07/15 14:50:22 | 000,000,769 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2009/07/15 14:50:22 | 000,000,831 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2008/02/07 16:15:13 | 000,000,736 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found. O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll (Microsoft Corp.) O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [DNS7reminder] C:\Program Files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [KBD] C:\HP\KBD\KbdStub.EXE () O4 - HKLM..\Run: [LogitechCommunicationsManager] C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe () O4 - HKLM..\Run: [LogitechQuickCamRibbon] C:\Program Files\Logitech\QuickCam\Quickcam.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. ) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKCU..\Run: [EPSON Stylus NX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFA.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [HPADVISOR] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img17.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img17.jpg O30 - LSA: Authentication Packages - (ows\s) - File not found O30 - LSA: Security Packages - (9630-228418807-1000) - File not found O30 - LSA: Security Packages - (秸&) - File not found O30 - LSA: Security Packages - (䝷) - File not found O30 - LSA: Security Packages - (o) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007/12/08 04:43:43 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/07/09 18:27:41 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/07/08 07:49:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2011/07/08 07:48:39 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2011/07/08 07:48:38 | 001,797,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2011/07/08 07:48:38 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript.dll [2011/07/08 07:48:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2011/07/08 07:37:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2011/07/08 07:34:31 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/07/08 00:56:22 | 000,000,000 | ---D | C] -- C:\Temp [2011/06/24 11:25:11 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight(12) [2011/06/22 00:15:22 | 000,000,000 | ---D | C] -- C:\Users\owner\Desktop\RK_Quarantine [2011/06/14 12:57:43 | 000,000,000 | ---D | C] -- C:\Users\owner\AppData\Local\Windows Live [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011/07/09 18:29:54 | 000,516,608 | ---- | M] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/07/09 18:27:42 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\owner\Desktop\OTL.scr [2011/07/09 18:04:16 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011/07/09 18:03:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2011/07/09 18:03:00 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2011/07/09 18:02:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011/07/09 18:02:51 | 3085,361,152 | -HS- | M] () -- C:\hiberfil.sys [2011/07/09 12:47:00 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2011/07/08 15:01:51 | 000,604,264 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2011/07/08 15:01:51 | 000,103,964 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2011/07/08 08:36:34 | 000,288,272 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2011/07/08 07:34:32 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:07 | 000,001,494 | -HS- | M] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2011/07/09 18:29:53 | 000,516,608 | ---- | C] () -- C:\Users\owner\Desktop\RogueKiller.exe [2011/07/07 20:47:52 | 3085,361,152 | -HS- | C] () -- C:\hiberfil.sys [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\Users\owner\AppData\Local\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/06/14 12:19:01 | 000,001,494 | -HS- | C] () -- C:\ProgramData\2aq74v7vw2go85l6c3d7repy5xfivosv [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\Users\owner\AppData\Local\134502167mflfy6tq7nm854uuf7ypcum [2011/05/10 13:58:45 | 000,011,638 | -HS- | C] () -- C:\ProgramData\134502167mflfy6tq7nm854uuf7ypcum [2011/03/03 18:17:17 | 000,005,049 | ---- | C] () -- C:\Users\owner\AppData\Roaming\94BC.B54 [2011/02/15 17:41:38 | 000,030,424 | ---- | C] () -- C:\Windows\System32\wrLZMA.dll [2011/02/15 17:41:38 | 000,017,472 | ---- | C] () -- C:\Windows\System32\SsiEfr.exe [2010/09/01 20:19:12 | 000,004,984 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010/07/27 08:03:20 | 010,829,656 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll [2010/07/27 08:03:20 | 000,102,744 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe [2010/07/27 08:03:18 | 000,290,648 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll [2010/07/27 07:56:04 | 000,090,411 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini [2009/09/25 16:35:59 | 000,073,220 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2009/09/25 16:35:59 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2009/09/25 16:35:59 | 000,021,021 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2009/09/25 16:35:59 | 000,015,670 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2009/09/25 16:35:59 | 000,013,280 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2009/09/25 16:35:59 | 000,010,673 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2009/09/25 16:35:59 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2009/09/25 16:35:59 | 000,001,140 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2009/09/25 16:35:59 | 000,001,137 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2009/09/25 16:35:59 | 000,001,130 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2009/09/25 16:35:59 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2009/09/25 16:35:59 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2009/09/25 16:35:58 | 000,029,114 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2009/09/25 16:35:58 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2009/09/25 16:33:58 | 000,000,078 | ---- | C] () -- C:\Windows\EPSNX200.ini [2009/08/12 13:20:03 | 000,000,510 | ---- | C] () -- C:\Windows\WORDPAD.INI [2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe [2009/07/29 14:11:58 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2009/06/09 01:34:29 | 000,000,182 | ---- | C] () -- C:\ProgramData\nbinst.ini [2009/05/28 13:16:46 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2009/05/28 13:16:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2009/04/29 13:19:42 | 000,000,961 | ---- | C] () -- C:\Windows\cdplayer.ini [2008/09/12 14:45:25 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2008/03/24 19:08:42 | 000,122,316 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2008/02/20 11:35:41 | 000,009,030 | ---- | C] () -- C:\Users\owner\AppData\Roaming\wklnhst.dat [2008/02/19 02:10:24 | 000,166,912 | ---- | C] () -- C:\Users\owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/02/12 15:09:15 | 000,002,154 | ---- | C] () -- C:\Users\owner\AppData\Roaming\SAS7_000.DAT [2008/02/07 15:23:42 | 000,000,680 | ---- | C] () -- C:\Users\owner\AppData\Local\d3d9caps.dat [2007/12/08 04:35:58 | 000,102,451 | ---- | C] () -- C:\Windows\hpqins13.dat [2007/12/08 04:18:45 | 000,061,440 | ---- | C] () -- C:\Windows\System32\OsdRemove.exe [2007/12/08 04:15:45 | 000,327,680 | ---- | C] () -- C:\Windows\System32\pythoncom25.dll [2007/12/08 04:15:45 | 000,102,400 | ---- | C] () -- C:\Windows\System32\pywintypes25.dll [2007/10/11 18:59:24 | 000,025,624 | ---- | C] () -- C:\Windows\System32\drivers\LVPr2Mon.sys [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2006/11/02 08:47:37 | 000,288,272 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 06:33:01 | 000,604,264 | ---- | C] () -- C:\Windows\System32\perfh009.dat [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat [2006/11/02 06:33:01 | 000,103,964 | ---- | C] () -- C:\Windows\System32\perfc009.dat [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat < End of report > Quote
Starbuck Posted July 18, 2011 Posted July 18, 2011 Hi dharmadave Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop. Link 1 Link 2 http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_FF.gif http://i266.photobucket.com/albums/ii277/sUBs_/combofix/CF_download_rename.gif This is an example, you may rename ComboFix to anything you want. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with the running of ComboFix. For more information read: How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs Then: Double click on Combo-Fix.exe & follow the prompts. Vista/Win7 users should right click on the icon and select Run as Administrator. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. If running Vista/Win7, you may not see the recovery console screens Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. http://img.photobucket.com/albums/v708/starbuck50/cf1.png Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: http://img.photobucket.com/albums/v706/ried7/whatnext.png Click on Yes, to continue scanning for malware. Note: Do not mouseclick combofix's window while it's running. That may cause it to stall When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply. Thanks Quote Member of:UNITE
dharmadave Posted July 22, 2011 Author Posted July 22, 2011 Hello, Starbuck. I ran ComboFix, and it seems to say everything is normal, doesn't it? All my security systems have been saying the same, but I still get sent to pages I don't want when I do a search. Very frustrating! If I look at the immediate history by right-clicking the 'back" arrow (which I actually have to do in order to escape the unwanted page) it says "Redirect" every time. Before that will be another entry, evidently the specific page it has picked for me. When I tried it a moment ago, it was 266.mobi/. Here is the ComboFix log: ComboFix 11-07-22.02 - owner 07/22/2011 14:30:34.1.2 - x86 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1839 [GMT -4:00] Running from: c:\users\owner\Desktop\Combo-Fix.exe AV: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Webroot AntiVirus with Spy Sweeper *Disabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR683A.tmp c:\users\owner\Desktop\Setup.exe c:\windows\system32\AutoRun.inf c:\windows\system32\jusched.exe . . ((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 ))))))))))))))))))))))))))))))) . . 2011-07-22 18:37 . 2011-07-22 18:41 -------- d-----w- c:\users\owner\AppData\Local\temp 2011-07-22 18:37 . 2011-07-22 18:37 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-07-22 15:40 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BECD7D4F-C6A1-45CE-8A29-6A01CE93798A}\mpengine.dll 2011-07-16 19:48 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll 2011-07-16 19:48 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll 2011-07-16 19:48 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys 2011-07-08 11:48 . 2011-04-25 15:29 141104 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2011-07-08 11:48 . 2011-04-22 23:25 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2011-07-08 11:48 . 2011-04-22 23:35 1797632 ----a-w- c:\windows\system32\jscript9.dll 2011-07-08 11:45 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-07-08 11:45 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-07-08 11:45 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-07-08 11:45 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-07-08 11:45 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-07-08 11:45 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-07-08 11:44 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat 2011-07-08 11:44 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-07-08 11:44 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-07-08 11:44 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-07-08 11:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-07-08 11:37 . 2011-07-08 12:36 -------- d-----w- c:\program files\Microsoft Silverlight 2011-07-08 11:34 . 2011-07-08 11:34 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-08 04:56 . 2011-07-08 04:56 -------- d-----w- C:\Temp . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-24 23:14 . 2009-10-02 16:18 222080 ------w- c:\windows\system32\MpSigStub.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2009-02-09 19:06 764296 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-02-09 764296] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536] "KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792] "SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 81920] "DNS7reminder"="c:\program files\Nuance\NaturallySpeaking9\Ereg\Ereg.exe" [2006-11-27 255528] "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984] "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832] "RtHDVCpl"="c:\windows\RtHDVCpl.exe" [2008-01-15 4874240] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-22 13539872] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-22 92704] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600] "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-03 198160] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "WebrootTrayApp"="c:\program files\Webroot\Security\Current\Framework\WRTray.exe" [2011-05-18 1378352] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService] @="Service" . [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk] path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup backupExtension=.CommonStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-01-12 03:16 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OsdMaestro] 2007-02-15 11:59 118784 ----a-w- c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl] 2008-01-15 15:26 4874240 ----a-w- c:\windows\RtHDVCpl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateReg] 2009-09-25 20:51 55072 ----a-w- c:\windows\System32\jureg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1519445603-4158389630-228418807-1000] "EnableNotifications"=dword:00000001 "EnableNotificationsRef"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 ssfmonm;ssfmonm;c:\windows\system32\DRIVERS\ssfmonm.sys [2011-04-18 47120] S2 WRConsumerService;Webroot Client Service;c:\program files\Webroot\Security\Current\Framework\WRConsumerService.exe [2011-05-18 3276136] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:56] . 2011-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 19:56] . 2011-04-28 c:\windows\Tasks\HPCeeScheduleForowner.job - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2007-12-08 00:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop uInternet Settings,ProxyOverride = *.local IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\jvyv1xqu.default\ FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} . - - - - ORPHANS REMOVED - - - - . WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file) HKCU-Run-HPADVISOR - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe MSConfigStartUp-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe MSConfigStartUp-HPAdvisor - c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-22 14:41 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{1E61ED7C-7CB8-49D6-B9E9-AB4C880C8414}"=hex:51,66,7a,6c,4c,1d,38,12,12,ee,72, 1a,8a,32,b8,0c,c6,ff,e8,0c,8d,52,c0,00 "{D4027C7F-154A-4066-A1AD-4243D8127440}"=hex:51,66,7a,6c,4c,1d,38,12,11,7f,11, d0,78,5b,08,05,de,bb,01,03,dd,4c,30,54 "{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}"=hex:51,66,7a,6c,4c,1d,38,12,f1,9d,97, 02,e5,86,37,08,c7,6b,3b,0b,78,35,a4,a7 "{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a, 34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de "{D2CE3E00-F94A-4740-988E-03DC2F38C34F}"=hex:51,66,7a,6c,4c,1d,38,12,6e,3d,dd, d6,78,b7,2e,02,e7,98,40,9c,2a,66,87,5b "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:37,e7,a9,ef,87,f4,cb,01 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . Completion time: 2011-07-22 14:45:06 ComboFix-quarantined-files.txt 2011-07-22 18:45 . Pre-Run: 199,504,695,296 bytes free Post-Run: 203,713,216,512 bytes free . - - End Of File - - 12934F34C4E8096D53A1CBA34ADC7578 Quote
Starbuck Posted July 22, 2011 Posted July 22, 2011 Hi dharmadave I ran ComboFix, and it seems to say everything is normal, doesn't it? Well, it did delete these: ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\DFR683A.tmp c:\users\owner\Desktop\Setup.exe c:\windows\system32\AutoRun.inf c:\windows\system32\jusched.exe but I still get sent to pages I don't want when I do a search. Very frustrating! Looking back over the reports i see nothing to suggest this. Let's see if this comes up with anything: Download TDSSKiller and save it to your Desktop. Doubleclick on TDSSKiller.exe to run the application, then on Start Scan. Vista/Win7 users should right-click and select Run As Administrator. http://img.photobucket.com/albums/v708/starbuck50/new/tdss1.png If an infected file is detected, the default action will be Cure, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss2.png If a suspicious file is detected, the default action will be Skip, click on Continue. http://img.photobucket.com/albums/v708/starbuck50/new/tdss3.png It may ask you to reboot the computer to complete the process. Click on Reboot Now. http://img.photobucket.com/albums/v708/starbuck50/new/tdss4.png If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here. If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file in your next reply. Thanks Quote Member of:UNITE
dharmadave Posted August 4, 2011 Author Posted August 4, 2011 Thanks a million, Starbuck! It is finally cured! This one found it, and since rebooting, I am finally able to do regular searches without getting redirected. Free at last! Here's the report: 2011/08/04 12:26:21.0955 0304 TDSS rootkit removing tool 2.5.13.0 Jul 29 2011 17:24:11 2011/08/04 12:26:22.0329 0304 ================================================================================ 2011/08/04 12:26:22.0329 0304 SystemInfo: 2011/08/04 12:26:22.0329 0304 2011/08/04 12:26:22.0329 0304 OS Version: 6.0.6002 ServicePack: 2.0 2011/08/04 12:26:22.0329 0304 Product type: Workstation 2011/08/04 12:26:22.0329 0304 ComputerName: OWNER-PC 2011/08/04 12:26:22.0329 0304 UserName: owner 2011/08/04 12:26:22.0329 0304 Windows directory: C:\Windows 2011/08/04 12:26:22.0329 0304 System windows directory: C:\Windows 2011/08/04 12:26:22.0329 0304 Processor architecture: Intel x86 2011/08/04 12:26:22.0329 0304 Number of processors: 2 2011/08/04 12:26:22.0329 0304 Page size: 0x1000 2011/08/04 12:26:22.0329 0304 Boot type: Normal boot 2011/08/04 12:26:22.0329 0304 ================================================================================ 2011/08/04 12:26:22.0765 0304 Initialize success 2011/08/04 12:26:27.0932 0304 ================================================================================ 2011/08/04 12:26:27.0932 0304 Scan started 2011/08/04 12:26:27.0932 0304 Mode: Manual; 2011/08/04 12:26:27.0932 0304 ================================================================================ 2011/08/04 12:26:32.0581 0304 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/08/04 12:26:32.0893 0304 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/08/04 12:26:33.0127 0304 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/08/04 12:26:33.0345 0304 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/08/04 12:26:33.0517 0304 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/08/04 12:26:33.0719 0304 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/08/04 12:26:34.0016 0304 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/08/04 12:26:34.0219 0304 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/08/04 12:26:34.0343 0304 aliide (9df16e31daa1591c538222eae00e07eb) C:\Windows\system32\drivers\aliide.sys 2011/08/04 12:26:34.0546 0304 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/08/04 12:26:34.0687 0304 amdide (260c91345de01c3dfd364ee970a92b02) C:\Windows\system32\drivers\amdide.sys 2011/08/04 12:26:34.0827 0304 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/08/04 12:26:35.0077 0304 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys 2011/08/04 12:26:35.0264 0304 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/08/04 12:26:35.0389 0304 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/08/04 12:26:35.0545 0304 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/08/04 12:26:35.0763 0304 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/08/04 12:26:35.0981 0304 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/08/04 12:26:36.0325 0304 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/08/04 12:26:36.0496 0304 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/08/04 12:26:36.0699 0304 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/08/04 12:26:36.0886 0304 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/08/04 12:26:36.0995 0304 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/08/04 12:26:37.0167 0304 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/08/04 12:26:37.0323 0304 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/08/04 12:26:37.0463 0304 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/08/04 12:26:37.0713 0304 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/08/04 12:26:37.0869 0304 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/08/04 12:26:37.0994 0304 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/08/04 12:26:38.0150 0304 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/08/04 12:26:38.0275 0304 cmdide (55a247b547fb9da28bc492dee643ecdf) C:\Windows\system32\drivers\cmdide.sys 2011/08/04 12:26:38.0431 0304 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys 2011/08/04 12:26:38.0587 0304 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/08/04 12:26:38.0711 0304 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/08/04 12:26:38.0867 0304 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/08/04 12:26:39.0055 0304 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/08/04 12:26:39.0211 0304 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/08/04 12:26:39.0351 0304 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/08/04 12:26:39.0569 0304 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/08/04 12:26:39.0694 0304 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/08/04 12:26:39.0835 0304 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/08/04 12:26:40.0022 0304 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/08/04 12:26:40.0131 0304 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/08/04 12:26:40.0256 0304 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/08/04 12:26:40.0396 0304 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/08/04 12:26:40.0505 0304 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/08/04 12:26:40.0583 0304 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/08/04 12:26:40.0708 0304 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/08/04 12:26:40.0849 0304 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/08/04 12:26:40.0927 0304 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/08/04 12:26:41.0067 0304 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/08/04 12:26:41.0239 0304 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/08/04 12:26:41.0410 0304 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/08/04 12:26:41.0519 0304 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/08/04 12:26:41.0629 0304 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/08/04 12:26:41.0722 0304 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys 2011/08/04 12:26:41.0847 0304 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/08/04 12:26:42.0019 0304 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys 2011/08/04 12:26:42.0175 0304 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys 2011/08/04 12:26:42.0237 0304 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys 2011/08/04 12:26:42.0346 0304 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/08/04 12:26:42.0533 0304 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/08/04 12:26:42.0627 0304 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/08/04 12:26:42.0752 0304 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/08/04 12:26:42.0939 0304 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys 2011/08/04 12:26:43.0111 0304 intelide (1fdf294ecca2addf84e8271d75abddb4) C:\Windows\system32\drivers\intelide.sys 2011/08/04 12:26:43.0235 0304 intelppm (ce44cc04262f28216dd4341e9e36a16f) C:\Windows\system32\DRIVERS\intelppm.sys 2011/08/04 12:26:43.0485 0304 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/08/04 12:26:43.0610 0304 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/08/04 12:26:43.0781 0304 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/08/04 12:26:43.0922 0304 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/08/04 12:26:44.0078 0304 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/08/04 12:26:44.0203 0304 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/08/04 12:26:44.0327 0304 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/08/04 12:26:44.0483 0304 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/08/04 12:26:44.0624 0304 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/08/04 12:26:44.0811 0304 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/08/04 12:26:45.0045 0304 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/08/04 12:26:45.0201 0304 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/08/04 12:26:45.0310 0304 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/08/04 12:26:45.0419 0304 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/08/04 12:26:45.0560 0304 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/08/04 12:26:45.0716 0304 LVcKap (8113133ec42dd6c566908008ce913edd) C:\Windows\system32\DRIVERS\LVcKap.sys 2011/08/04 12:26:45.0919 0304 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\Windows\system32\DRIVERS\LVMVDrv.sys 2011/08/04 12:26:46.0246 0304 lvpopflt (e1158b0cb852db0573922c92e6e564de) C:\Windows\system32\DRIVERS\lvpopflt.sys 2011/08/04 12:26:47.0198 0304 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\Windows\system32\DRIVERS\LVPr2Mon.sys 2011/08/04 12:26:47.0369 0304 LVRS (6917b407dbec11b3a078abfc2ec2ac7c) C:\Windows\system32\DRIVERS\lvrs.sys 2011/08/04 12:26:47.0759 0304 LVUSBSta (23f8ef78bb9553e465a476f3cee5ca18) C:\Windows\system32\drivers\LVUSBSta.sys 2011/08/04 12:26:48.0383 0304 LVUVC (44876e70e07e9a653bbe423dbfa35a1a) C:\Windows\system32\DRIVERS\lvuvc.sys 2011/08/04 12:26:49.0179 0304 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/08/04 12:26:49.0304 0304 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/08/04 12:26:49.0616 0304 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/08/04 12:26:49.0975 0304 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/08/04 12:26:50.0146 0304 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/08/04 12:26:50.0271 0304 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys 2011/08/04 12:26:50.0552 0304 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/08/04 12:26:50.0895 0304 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/08/04 12:26:51.0191 0304 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/08/04 12:26:51.0535 0304 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/08/04 12:26:51.0737 0304 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/08/04 12:26:51.0987 0304 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/08/04 12:26:52.0237 0304 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/08/04 12:26:52.0393 0304 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/08/04 12:26:52.0673 0304 msahci (60ec6885a269e13d5daaa0efe060127a) C:\Windows\system32\drivers\msahci.sys 2011/08/04 12:26:53.0048 0304 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/08/04 12:26:53.0360 0304 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/08/04 12:26:53.0641 0304 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/08/04 12:26:53.0859 0304 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/08/04 12:26:54.0046 0304 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/08/04 12:26:54.0202 0304 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/08/04 12:26:54.0343 0304 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/08/04 12:26:54.0540 0304 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/08/04 12:26:54.0750 0304 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/08/04 12:26:54.0870 0304 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/08/04 12:26:55.0060 0304 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/08/04 12:26:55.0230 0304 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/08/04 12:26:55.0380 0304 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/08/04 12:26:55.0630 0304 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/08/04 12:26:55.0800 0304 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/08/04 12:26:56.0080 0304 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/08/04 12:26:56.0320 0304 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/08/04 12:26:56.0580 0304 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/08/04 12:26:56.0860 0304 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/08/04 12:26:57.0030 0304 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/08/04 12:26:57.0190 0304 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/08/04 12:26:57.0560 0304 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/08/04 12:26:57.0800 0304 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/08/04 12:26:57.0940 0304 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/08/04 12:26:58.0200 0304 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys 2011/08/04 12:26:58.0630 0304 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2011/08/04 12:26:59.0170 0304 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/08/04 12:26:59.0260 0304 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/08/04 12:26:59.0300 0304 nvstor32 (7eba6c9a0a295b1559efb9062e701218) C:\Windows\system32\DRIVERS\nvstor32.sys 2011/08/04 12:26:59.0430 0304 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/08/04 12:26:59.0590 0304 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys 2011/08/04 12:26:59.0750 0304 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/08/04 12:26:59.0870 0304 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/08/04 12:26:59.0950 0304 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/08/04 12:27:00.0100 0304 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/08/04 12:27:00.0170 0304 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys 2011/08/04 12:27:00.0220 0304 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/08/04 12:27:00.0320 0304 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/08/04 12:27:00.0505 0304 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/08/04 12:27:00.0693 0304 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/08/04 12:27:00.0863 0304 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys 2011/08/04 12:27:00.0989 0304 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/08/04 12:27:01.0093 0304 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/08/04 12:27:01.0320 0304 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/08/04 12:27:01.0477 0304 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/08/04 12:27:01.0649 0304 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/08/04 12:27:01.0782 0304 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/08/04 12:27:01.0910 0304 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/08/04 12:27:02.0041 0304 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/08/04 12:27:02.0184 0304 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/08/04 12:27:02.0321 0304 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/08/04 12:27:02.0505 0304 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/08/04 12:27:02.0628 0304 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/08/04 12:27:02.0894 0304 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/08/04 12:27:03.0129 0304 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/08/04 12:27:03.0287 0304 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/08/04 12:27:03.0405 0304 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/08/04 12:27:03.0536 0304 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/08/04 12:27:03.0704 0304 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/08/04 12:27:03.0872 0304 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/08/04 12:27:04.0366 0304 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys 2011/08/04 12:27:04.0854 0304 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys 2011/08/04 12:27:05.0154 0304 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys 2011/08/04 12:27:05.0437 0304 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/08/04 12:27:06.0008 0304 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/08/04 12:27:06.0360 0304 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/08/04 12:27:06.0888 0304 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/08/04 12:27:07.0277 0304 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/08/04 12:27:07.0444 0304 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/08/04 12:27:07.0880 0304 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/08/04 12:27:08.0162 0304 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/08/04 12:27:08.0379 0304 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/08/04 12:27:08.0924 0304 ssfmonm (3199c2d24366ee02b279f0a065936703) C:\Windows\system32\DRIVERS\ssfmonm.sys 2011/08/04 12:27:09.0300 0304 SSHRMD (44533a8b02355f05015dbeac869c1d91) C:\Windows\system32\Drivers\SSHRMD.SYS 2011/08/04 12:27:09.0511 0304 SSIDRV (22ff2bde8b5362b29778de58b3261514) C:\Windows\system32\Drivers\SSIDRV.SYS 2011/08/04 12:27:09.0878 0304 SSKBFD (8564bc9598be1705477b7fa61d657c2b) C:\Windows\system32\Drivers\sskbfd.sys 2011/08/04 12:27:10.0206 0304 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/08/04 12:27:10.0354 0304 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/08/04 12:27:10.0977 0304 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/08/04 12:27:11.0115 0304 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/08/04 12:27:11.0286 0304 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/08/04 12:27:11.0567 0304 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/08/04 12:27:11.0940 0304 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/08/04 12:27:12.0081 0304 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/08/04 12:27:12.0224 0304 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/08/04 12:27:12.0346 0304 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/08/04 12:27:12.0539 0304 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/08/04 12:27:12.0714 0304 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/08/04 12:27:12.0845 0304 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/08/04 12:27:13.0015 0304 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/08/04 12:27:13.0127 0304 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/08/04 12:27:13.0272 0304 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/08/04 12:27:13.0453 0304 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/08/04 12:27:13.0550 0304 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/08/04 12:27:13.0676 0304 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/08/04 12:27:13.0805 0304 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/08/04 12:27:13.0930 0304 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/08/04 12:27:14.0072 0304 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys 2011/08/04 12:27:14.0213 0304 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/08/04 12:27:14.0403 0304 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/08/04 12:27:14.0846 0304 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/08/04 12:27:15.0051 0304 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/08/04 12:27:15.0180 0304 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys 2011/08/04 12:27:15.0328 0304 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys 2011/08/04 12:27:15.0760 0304 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys 2011/08/04 12:27:16.0015 0304 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/08/04 12:27:16.0420 0304 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/08/04 12:27:16.0792 0304 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/08/04 12:27:17.0077 0304 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/08/04 12:27:17.0240 0304 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/08/04 12:27:17.0592 0304 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/08/04 12:27:17.0946 0304 viaide (61acdd65bc5d6e4936297610506281d7) C:\Windows\system32\drivers\viaide.sys 2011/08/04 12:27:18.0281 0304 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/08/04 12:27:18.0493 0304 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/08/04 12:27:18.0821 0304 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys 2011/08/04 12:27:18.0846 0304 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093 2011/08/04 12:27:18.0852 0304 volsnap - detected Rootkit.Win32.TDSS.tdl3 (0) 2011/08/04 12:27:18.0989 0304 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/08/04 12:27:19.0170 0304 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/08/04 12:27:19.0412 0304 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 12:27:19.0487 0304 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/08/04 12:27:19.0593 0304 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/08/04 12:27:19.0771 0304 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/08/04 12:27:20.0091 0304 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/08/04 12:27:20.0355 0304 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys 2011/08/04 12:27:20.0574 0304 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/08/04 12:27:20.0853 0304 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/08/04 12:27:20.0993 0304 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys 2011/08/04 12:27:21.0045 0304 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0 2011/08/04 12:27:21.0621 0304 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk1\DR1 2011/08/04 12:27:21.0650 0304 Boot (0x1200) (ee14924b78bcd9ea34adfc189ccbada7) \Device\Harddisk0\DR0\Partition0 2011/08/04 12:27:21.0715 0304 Boot (0x1200) (52f353a4b0740bf3944277f92ff1cf97) \Device\Harddisk0\DR0\Partition1 2011/08/04 12:27:21.0729 0304 Boot (0x1200) (56d66235a39ca288bbbf507af9de6a04) \Device\Harddisk1\DR1\Partition0 2011/08/04 12:27:21.0745 0304 ================================================================================ 2011/08/04 12:27:21.0745 0304 Scan finished 2011/08/04 12:27:21.0745 0304 ================================================================================ 2011/08/04 12:27:21.0774 4884 Detected object count: 1 2011/08/04 12:27:21.0774 4884 Actual detected object count: 1 2011/08/04 12:27:35.0111 4884 volsnap (e269bb33062f9a6b4115c86781d767aa) C:\Windows\system32\drivers\volsnap.sys 2011/08/04 12:27:35.0112 4884 Suspicious file (Forged): C:\Windows\system32\drivers\volsnap.sys. Real md5: e269bb33062f9a6b4115c86781d767aa, Fake md5: 147281c01fcb1df9252de2a10d5e7093 2011/08/04 12:27:40.0050 4884 Backup copy found, using it.. 2011/08/04 12:27:40.0087 4884 C:\Windows\system32\drivers\volsnap.sys - will be cured after reboot 2011/08/04 12:27:40.0087 4884 Rootkit.Win32.TDSS.tdl3(volsnap) - User select action: Cure 2011/08/04 12:27:46.0855 4920 Deinitialize success Quote
Starbuck Posted August 4, 2011 Posted August 4, 2011 Hi dharmadave It is finally cured! This one found it, Let that be a lesson to me! Normally with redirects, i run this scan fairly early on...... seems i should have this time. :o I see from the last OTL report you are running an out of date Java version. (Java 6 Update 20) We'll take care of that and get an Online scan done as a double check. If this comes back clear, we can then finish off. Step 1 Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. A malicious site could render Java content under older, vulnerable versions of Sun's software if the user has not removed them. Please follow these steps to remove older version Java components and update:Download the latest version of Java Runtime Environment (JRE) 6 Update 26 and save it to your desktop. Scroll down to where it says "Java SE 6 Update 26". Click the "Download JRE" button to the right. Accept the license agreement. select 'Windows x86'offline from the list. Save the file to your desktop. Close any programs you may have running - especially your web browser. Then from your desktop double-click on jre-6u26-windows-i586-p.exe to install the newest version. Step 2 I'd like you to do an ESET OnlineScan You may find it beneficial to close your resident AV program before running the scan. Hold down Control and click on the following link to open ESET OnlineScan in a new window. ESET OnlineScan Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. [*]Accept any security warnings from your browser. [*]Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png [*]Click the Start button. [*]ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. [*]When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. [*]Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. [*]Click http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Note: It's been found that on some systems the Eset's Online Scan fails during the database download ( around 20% ) To prevent this happening: When the Computer scan settings display shows, click the Advanced option, the place a check next to the following (if it is not already checked): Enable Anti-Stealth technology http://img.photobucket.com/albums/v708/starbuck50/eset.png In your next reply, please submit: Eset scan report and let me know if you encountered any problems with the Java update. Thanks. Quote Member of:UNITE
dharmadave Posted August 24, 2011 Author Posted August 24, 2011 A million thanks, Starbuck! You probably saved me hundreds of dollars in repairs and weeks without my computer. I will certainly make a donation to you and your fellow stalwart volunteers! Java update was no problem. ESET scan took hours, but eventually found and eliminated four threats. For some reason, it did not save the report after I asked it to export to text file. I can tell you that all four threats were labeled as trojans. I wish now that I had simply copied and pasted from the field, but it's too late for that. The good news is all systems are running smoothly and normally. Quote
RandyL Posted August 24, 2011 Posted August 24, 2011 Per Starbuck.....A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt Quote We are all members helping other members. Please return here where you may be able to help someone else. After all, no one knows everything and you may have the answer that someone needs.Get help with computer problems. Join Free PC Help here Donations are welcome. Read Here
Starbuck Posted August 24, 2011 Posted August 24, 2011 Hi dharmadave A million thanks, Starbuck! You probably saved me hundreds of dollars in repairs and weeks without my computer. I will certainly make a donation to you and your fellow stalwart volunteers! It's always a pleasure to help..... plus it's one in the eye for the bad guys. http://fc06.deviantart.net/fs4/i/2004/250/7/1/ROFL_by_b4sti.gif As RandyL pointed out, there should be a saved report on your system. Have a look and see if it's there. I'm betting that what Eset found had already been removed and was in a quarantine folder. But it's best to make sure before we finish off the cleaning process. Quote Member of:UNITE
dharmadave Posted September 9, 2011 Author Posted September 9, 2011 Thanks, guys. Not sure if this is it, but it was hiding in C program files. I had looked there initially but missed it. ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=e305eff33d798544bea5fbc2ac83128a # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-23 11:15:43 # local_time=2011-08-23 07:15:43 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 0 150738723 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=255811 # found=4 # cleaned=4 # scan_time=10147 C:\System Recovery Files\C\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d72d13-7b372180 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\System Recovery Files\C\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\633e29f8-32f7c512 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10d72d13-7b372180 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C C:\Users\owner\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\633e29f8-32f7c512 a variant of Java/TrojanDownloader.OpenConnection.MU trojan (deleted - quarantined) 00000000000000000000000000000000 C Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.