Jump to content

OscarG

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Here is the url of the re-direct which is still present! I managed to capture it when it was slow to react. http://www.gtorgaenihon.com/search.php?q=advertising%2Bcenter%2Bprogram&n=1300409950
  2. ComboFix 11-03-16.06 - Austin 03/17/2011 20:22:57.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1279.559 [GMT -4:00] Running from: d:\downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Austin\My Documents\cc_20110315_221730.reg c:\windows\struct~.ini c:\windows\system32\uninstall.exe . . ((((((((((((((((((((((((( Files Created from 2011-02-18 to 2011-03-18 ))))))))))))))))))))))))))))))) . . 2011-03-17 23:35 . 2011-03-17 23:55 -------- d-----w- c:\program files\Toolbar Uninstaller 2011-03-17 13:46 . 2011-03-17 13:46 -------- d-----w- c:\program files\OO Software 2011-03-16 05:07 . 2011-03-16 05:07 -------- d-----w- c:\documents and settings\Administrator\Application Data\Intuit 2011-03-16 02:27 . 2011-03-16 02:59 -------- d-----w- c:\documents and settings\Austin\Application Data\IObit 2011-03-16 02:27 . 2011-03-16 02:27 -------- d-----w- c:\program files\IObit 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin6.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin5.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin4.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin3.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin2.dll 2011-03-16 01:55 . 2011-03-16 01:55 159744 ----a-w- c:\program files\Internet Explorer\PLUGINS\npqtplugin.dll 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\program files\Common Files\Apple 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Apple 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\program files\Apple Software Update 2011-03-16 01:54 . 2011-03-16 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple 2011-03-15 23:54 . 2011-03-15 23:54 -------- d-----w- c:\documents and settings\Austin\Application Data\U3 2011-03-15 14:23 . 2011-03-15 14:23 -------- d-----w- c:\documents and settings\All Users\Application Data\XoftSpySE 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\documents and settings\Austin\Application Data\Malwarebytes 2011-03-14 03:48 . 2010-12-20 22:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-03-14 03:48 . 2011-03-14 03:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-14 03:48 . 2010-12-20 22:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-13 13:52 . 2011-03-13 13:52 -------- d-----w- c:\program files\ESET 2011-03-13 06:44 . 2011-03-13 06:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\QuickScan 2011-03-12 20:00 . 2011-03-12 20:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-03-11 11:07 . 2011-03-11 11:07 -------- d-----w- c:\documents and settings\Austin\Application Data\f-secure 2011-03-11 11:07 . 2011-03-11 11:07 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure 2011-03-11 10:52 . 2011-03-11 10:52 -------- d-----w- c:\program files\Panda Security 2011-03-11 05:21 . 2011-03-11 05:21 155648 --sha-r- c:\windows\system32\ipv6Z.dll 2011-03-10 06:52 . 2011-03-10 06:52 -------- d-----w- C:\T2 2011-02-26 06:53 . 2011-02-23 14:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-02-25 16:01 . 2011-02-25 16:01 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Sunbelt Software 2011-02-18 18:29 . 2011-02-18 18:29 -------- d-----w- c:\documents and settings\Austin\Local Settings\Application Data\Temp . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-02-25 16:02 . 2010-03-10 01:47 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2011-02-23 15:04 . 2010-06-29 04:42 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 15:04 . 2009-05-02 06:16 190016 ----a-w- c:\windows\system32\aswBoot.exe 2011-02-23 14:56 . 2009-05-02 06:17 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-02-23 14:55 . 2009-05-02 06:17 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-02-23 14:55 . 2009-05-02 06:17 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-02-23 14:55 . 2009-05-02 06:17 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-02-23 14:55 . 2009-05-02 06:17 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-02-23 14:54 . 2009-05-02 06:17 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-02-23 14:54 . 2009-05-02 06:17 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-02-09 13:53 . 2004-08-04 12:00 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 12:00 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 02:40 . 2010-04-18 13:54 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19 . 2007-06-01 22:40 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58 . 2007-05-30 23:55 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2007-05-30 23:55 677888 ------w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2004-08-04 12:00 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2004-08-04 12:00 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 22:15 . 2004-08-04 12:00 667136 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 22:15 . 2004-08-04 12:00 61952 -c----w- c:\windows\system32\tdc.ocx 2010-12-20 22:15 . 2004-08-04 12:00 81920 -c----w- c:\windows\system32\ieencode.dll 2010-12-20 17:26 . 2004-08-04 12:00 730112 ------w- c:\windows\system32\lsasrv.dll 2010-12-20 15:30 . 2004-08-04 12:00 369664 -c----w- c:\windows\system32\html.iec 2004-10-01 19:00 . 2008-07-22 23:51 40960 -c----w- c:\program files\Uninstall_CDS.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-02-23 15:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PeerGuardian"="c:\program files\PeerGuardian2\pg2.exe" [2005-09-18 1421824] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056] "Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2010-12-16 2402512] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2005-06-20 1056768] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-11-17 7700480] "nwiz"="nwiz.exe" [2006-11-17 1622016] "OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152] "LGODDFU"="c:\program files\lg_fwupdate\fwupdate.exe" [2010-06-28 557056] "SoundMan"="SOUNDMAN.EXE" [2008-07-25 577536] "ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-09-24 147456] "Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2002-08-13 86016] "Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2002-07-16 32768] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-11-17 86016] "avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496] "etLiveClk"="c:\windows\etLiveClk.exe" [2007-11-25 57344] "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-01 1164584] "ConnectionManager"="c:\program files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe" [2009-08-23 91432] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064] "QuickTime Task"="c:\program files\QuickTime Alternative\QTTask.exe" [2010-11-29 421888] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ APC UPS Status.lnk - c:\program files\APC\APC PowerChute Personal Edition\Display.exe [2008-8-28 221247] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360] yac.lnk - c:\program files\YAC\yac.exe [2002-9-26 134656] . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^APC UPS Status.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\APC UPS Status.lnk backup=c:\windows\pss\APC UPS Status.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Billminder.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Billminder.lnk backup=c:\windows\pss\Billminder.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Office Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk backup=c:\windows\pss\Office Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Startup.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk backup=c:\windows\pss\Quicken Startup.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^BounceBack Launcher.lnk] path=c:\documents and settings\Austin\Start Menu\Programs\Startup\BounceBack Launcher.lnk backup=c:\windows\pss\BounceBack Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Austin^Start Menu^Programs^Startup^OpenOffice.org 2.4.lnk] path=c:\documents and settings\Austin\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk backup=c:\windows\pss\OpenOffice.org 2.4.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0] 2008-04-23 06:08 483328 -c----w- c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ConnectionManager] 2009-08-23 04:00 91432 ------w- c:\program files\winsim\ConnectionManager\Simply.SystemTrayIcon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE] 2008-04-14 00:12 15360 ------w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eraser] 2003-07-25 15:15 536576 -c----w- c:\program files\Eraser\eraser.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD] 2006-03-14 02:06 1397760 -c----w- c:\program files\Ahead\InCD\InCD.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "InCDsrv"=2 (0x2) "Stuffit Archive Name Service"=2 (0x2) "Adobe LM Service"=3 (0x3) "Pml Driver HPZ12"=3 (0x3) "Nero BackItUp Scheduler 4.0"=2 (0x2) "idsvc"=3 (0x3) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\usmt\\migwiz.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\FrostWire\\FrostWire.exe"= "c:\\Program Files\\KCeasy\\giFT\\giFTl.exe"= "c:\\WINDOWS\\system32\\mmc.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\WINDOWS\\system32\\SUPDSvc.exe"= "c:\\Program Files\\YAC\\yac.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\MySqlBinary\\5.0.38\\mysql\\mysqld-nt.exe"= "c:\\Program Files\\winsim\\ConnectionManager\\SimplyConnectionManager.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [02/26/2011 2:53 AM 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [05/02/2009 2:17 AM 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [05/30/2007 8:07 PM 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [12/09/2009 4:42 AM 16768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [05/02/2009 2:17 AM 19544] R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [08/18/2008 5:54 PM 289880] R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [08/18/2008 5:42 PM 21412] R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [08/18/2008 5:42 PM 12632] R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\ConnectionManager\SimplyConnectionManager.exe [08/23/2009 29992] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?] S3 BS_Flash;BS_Flash;\??\c:\program files\Tseries BIOS Update\Award\BS_Flash.sys --> c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [?] S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [08/03/2010 9:26 PM 131712] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [04/15/2009 9:22 AM 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [04/15/2009 9:22 AM 3072] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\Austin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\Austin\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [08/03/2010 9:26 PM 241408] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [08/03/2010 9:26 PM 6656] S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\TransactionManager2010 - CDN\Sage_SA.TransactionManager.exe [06/10/2010 42312] S3 V90drv;v90drv;c:\windows\system32\DRIVERS\v90drv.sys --> c:\windows\system32\DRIVERS\v90drv.sys [?] . Contents of the 'Scheduled Tasks' folder . 2011-03-16 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . . ------- Supplementary Scan ------- . uStart Page = about:blank IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html FF - ProfilePath - c:\documents and settings\Austin\Application Data\Mozilla\Firefox\Profiles\wx8pbla4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.1&locale=en-US&sl=ub&q= FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46} FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-DriverUpdaterPro - c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe MSConfigStartUp-RemoteControl - c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe AddRemove-2005 T1Plus with EFILE - f:\finance\cantax\2005t1w\Uninst.isu AddRemove-2005 T2 - f:\finance\cantax\2005T2\Uninst.isu AddRemove-Common Components 1.00 - c:\windows\system32\Uninstall.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-17 20:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2] "ImagePath"="\"\"" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(2820) c:\windows\system32\nview.dll c:\program files\ScanSoft\OmniPageSE2.0\ophookSE2.dll c:\windows\system32\nvwddi.dll c:\program files\Iomega\DriveIcons\IMGHOOK.DLL c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\rundll32.exe c:\program files\APC\APC PowerChute Personal Edition\mainserv.exe c:\progra~1\Iomega\System32\AppServices.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\program files\Iomega\AutoDisk\ADService.exe c:\windows\system32\rundll32.exe c:\windows\SOUNDMAN.EXE c:\windows\system32\slrundll.exe c:\program files\APC\APC PowerChute Personal Edition\apcsystray.exe c:\program files\Skype\Plugin Manager\skypePM.exe . ************************************************************************** . Completion time: 2011-03-17 20:40:12 - machine was rebooted ComboFix-quarantined-files.txt 2011-03-18 00:40 . Pre-Run: 74,912,960,512 bytes free Post-Run: 74,702,049,280 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect multi(0)disk(0)rdisk(2)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" rem /noexecute=optin /fastdetect . - - End Of File - - B5DB2ECD00DD5135CCDCD3C6BC378F9A
  3. Here are the results of the aswMBR scan aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-17 09:11:37 ----------------------------- 09:11:37.593 OS Version: Windows 5.1.2600 Service Pack 3 09:11:37.593 Number of processors: 1 586 0x2C02 09:11:37.593 ComputerName: AGG UserName: 09:11:38.171 Initialize success 09:11:45.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0 09:11:45.562 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 1 09:11:45.562 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0 09:11:45.578 Disk 1 Vendor: ST332062 3.AA Size: 305245MB BusType: 1 09:11:45.609 Disk 1 MBR read successfully 09:11:45.609 Disk 1 MBR scan 09:11:45.609 Disk 1 scanning sectors +625137345 09:11:45.656 Disk 1 scanning C:\WINDOWS\system32\drivers aswMBR version 0.9.4 Copyright© 2011 AVAST Software Run date: 2011-03-17 09:11:37 ----------------------------- 09:11:37.593 OS Version: Windows 5.1.2600 Service Pack 3 09:11:37.593 Number of processors: 1 586 0x2C02 09:11:37.593 ComputerName: AGG UserName: 09:11:38.171 Initialize success 09:11:45.562 Disk 0 \Device\Harddisk0\DR0 -> \Device\Scsi\viamraid1Port2Path0Target0Lun0 09:11:45.562 Disk 0 Vendor: WDC_WD32 01.0 Size: 305245MB BusType: 1 09:11:45.562 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\viamraid1Port2Path0Target2Lun0 09:11:45.578 Disk 1 Vendor: ST332062 3.AA Size: 305245MB BusType: 1 09:11:45.609 Disk 1 MBR read successfully 09:11:45.609 Disk 1 MBR scan 09:11:45.609 Disk 1 scanning sectors +625137345 09:11:45.656 Disk 1 scanning C:\WINDOWS\system32\drivers 09:12:01.531 Service scanning 09:12:02.468 Disk 1 trace - called modules: 09:12:02.484 ntkrnlpa.exe CLASSPNP.SYS disk.sys iomdisk.sys hal.dll SCSIPORT.SYS viamraid.sys 09:12:02.484 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8989a030] 09:12:02.484 3 CLASSPNP.SYS[ba0f8fd7] -> nt!IofCallDriver -> [0x89877ad0] 09:12:02.500 5 iomdisk.sys[ba340bc3] -> nt!IofCallDriver -> \Device\Scsi\viamraid1Port2Path0Target2Lun0[0x8986da38] 09:12:02.500 Scan finished successfully If I run fix, the program says I may not get access to my partitions. Will it?
  4. I can't seem to find away to get rid of the redirect virus. TDSSKiller found nothing, log is included in "attach.zip" The virus also is affecting IE. I thought I had it cleared but it seems to be constantly changing its name. There is a file called "rclog.xml" in startup folder "PrettyMay" but I can't find any info on it. -------------------------------------------------------------------------------------------------------- . DDS (Ver_11-03-05.01) - NTFSx86 Run by Austin at 22:37:55.90 on 03/16/2011 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24 Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.1279.483 [GMT -4:00] . AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\Explorer.EXE C:\Program Files\VIA\RAID\raid_tool.exe C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe C:\Program Files\lg_fwupdate\fwupdate.exe C:\WINDOWS\SOUNDMAN.EXE C:\WINDOWS\system32\rundll32.exe C:\Program Files\Iomega\AutoDisk\ADUserMon.exe C:\Program Files\Iomega\DriveIcons\ImgIcon.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\WINDOWS\etLiveClk.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\PeerGuardian2\pg2.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe C:\Program Files\YAC\yac.exe C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe svchost.exe C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Winsim\ConnectionManager\SimplyConnectionManager.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\slserv.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\ups.exe C:\Program Files\Iomega\AutoDisk\ADService.exe C:\WINDOWS\system32\slrundll.exe C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcrobatInfo.exe D:\downloads\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = about:blank BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll uRun: [PeerGuardian] c:\program files\peerguardian2\pg2.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [Advanced SystemCare 3] "c:\program files\iobit\advanced systemcare 3\AWC.exe" /startup mRun: [RaidTool] c:\program files\via\raid\raid_tool.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [OpwareSE2] "c:\program files\scansoft\omnipagese2.0\OpwareSE2.exe" mRun: [LGODDFU] "c:\program files\lg_fwupdate\fwupdate.exe" blrun mRun: [soundMan] SOUNDMAN.EXE mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe mRun: [iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe /IMGSTART mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [etLiveClk] c:\windows\etLiveClk.exe mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [ConnectionManager] c:\program files\winsim\connectionmanager\Simply.SystemTrayIcon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime alternative\QTTask.exe" -atboottime dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\yac.lnk - c:\program files\yac\yac.exe IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll LSA: Notification Packages = :\WINDOW . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\austin\applic~1\mozilla\firefox\profiles\wx8pbla4.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - prefs.js: keyword.URL - hxxp://search.addthis.com/search?pco=fxe-3.1.1&locale=en-US&sl=ub&q= FF - component: c:\documents and settings\austin\application data\mozilla\firefox\profiles\wx8pbla4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\austin\application data\mozilla\firefox\profiles\wx8pbla4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\documents and settings\austin\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\austin\application data\mozilla\firefox\profiles\wx8pbla4.default\extensions\support@ancestry.com\plugins\npImgCtl.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} FF - Ext: AutoPager: autopager@mozilla.org - %profile%\extensions\autopager@mozilla.org FF - Ext: Canadian English Dictionary: en-CA@dictionaries.addons.mozilla.org - %profile%\extensions\en-CA@dictionaries.addons.mozilla.org FF - Ext: PhotoJacker: Photo Album Downloader for Facebook (fka FacePAD): facepad@lazyrussian.com - %profile%\extensions\facepad@lazyrussian.com FF - Ext: Ancestry.com Advanced Image Viewer: support@ancestry.com - %profile%\extensions\support@ancestry.com FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: AniWeather: {4176DFF4-4698-11DE-BEEB-45DA55D89593} - %profile%\extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Download Statusbar: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} - %profile%\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} FF - Ext: Clipmarks: {e1170235-2845-420c-acc3-42261a29dd46} - %profile%\extensions\{e1170235-2845-420c-acc3-42261a29dd46} FF - Ext: Ant Video Downloader: anttoolbar@ant.com - %profile%\extensions\anttoolbar@ant.com FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true ============= SERVICES / DRIVERS =============== . R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-20 64512] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-2-26 371544] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-5-2 301528] R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [2007-5-30 13696] R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [2009-12-9 16768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-5-2 19544] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-6-11 42184] R2 BT848;BtCap, WDM Video Capture;c:\windows\system32\drivers\BT848.SYS [2008-8-18 289880] R2 BTTUNER;BtTuner, WDM TV Tuner;c:\windows\system32\drivers\BTTUNER.SYS [2008-8-18 21412] R2 BTXBAR;BtXBar, WDM Crossbar;c:\windows\system32\drivers\BTXBAR.SYS [2008-8-18 12632] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-2-22 1405384] R2 Simply Accounting Database Connection Manager;Simply Accounting Database Connection Manager;c:\program files\winsim\connectionmanager\SimplyConnectionManager.exe [2009-8-23 29992] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-2-22 15232] S2 SSPORT;SSPORT;\??\c:\windows\system32\drivers\ssport.sys --> c:\windows\system32\drivers\SSPORT.sys [?] S3 BS_Flash;BS_Flash;\??\c:\program files\tseries bios update\award\bs_flash.sys --> c:\program files\tseries bios update\award\BS_Flash.sys [?] S3 DCamUSBET;ET USB 2760 Camera;c:\windows\system32\drivers\etDevice.sys [2010-8-3 131712] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-4-15 8704] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-4-15 3072] S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\austin\locals~1\temp\onlinescanner\anti-virus\fsgk.sys --> c:\docume~1\austin\locals~1\temp\onlinescanner\anti-virus\fsgk.sys [?] S3 FiltUSBET;ET USB Device Lower Filter;c:\windows\system32\drivers\etFilter.sys [2010-8-3 241408] S3 ScanUSBET;ET USB Still Image Capture Device;c:\windows\system32\drivers\etScan.sys [2010-8-3 6656] S3 Simply Accounting Transaction Manager 2010 - CDN;Simply Accounting Transaction Manager 2010 - CDN;c:\program files\winsim\transactionmanager2010 - cdn\Sage_SA.TransactionManager.exe [2010-6-10 42312] S3 V90drv;v90drv;c:\windows\system32\drivers\v90drv.sys --> c:\windows\system32\drivers\v90drv.sys [?] . =============== Created Last 30 ================ . 2011-03-16 02:27:59 -------- d-----w- c:\docume~1\austin\applic~1\IObit 2011-03-16 02:27:58 -------- d-----w- c:\program files\IObit 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-03-16 01:55:13 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-03-16 01:54:21 -------- d-----w- c:\docume~1\austin\locals~1\applic~1\Apple 2011-03-15 14:23:06 -------- d-----w- c:\docume~1\alluse~1\applic~1\XoftSpySE 2011-03-14 03:48:08 -------- d-----w- c:\docume~1\austin\applic~1\Malwarebytes 2011-03-14 03:48:04 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-03-14 03:48:03 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2011-03-14 03:48:00 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-03-14 03:48:00 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-03-13 13:52:29 -------- d-----w- c:\program files\ESET 2011-03-12 20:00:55 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-03-12 20:00:55 -------- d-----w- c:\windows\system32\wbem\Repository 2011-03-11 11:07:51 -------- d-----w- c:\docume~1\austin\applic~1\f-secure 2011-03-11 11:07:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\F-Secure 2011-03-11 10:52:48 -------- d-----w- c:\program files\Panda Security 2011-03-11 05:21:49 155648 --sha-r- c:\windows\system32\ipv6Z.dll 2011-03-10 06:52:43 -------- d-----w- C:\T2 2011-02-26 06:53:50 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-02-25 16:01:53 -------- d-----w- c:\docume~1\austin\locals~1\applic~1\Sunbelt Software 2011-02-25 16:00:57 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E53F90E0-D7CA-4310-8844-F6E688407890} 2011-02-18 18:29:49 -------- d-----w- c:\docume~1\austin\locals~1\applic~1\Temp . ==================== Find3M ==================== . 2011-02-23 15:04:21 40648 ----a-w- c:\windows\avastSS.scr 2011-02-23 01:00:13 16432 ----a-w- c:\windows\system32\lsdelete.exe 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-03 02:40:23 472808 -c--a-w- c:\windows\system32\deployJava1.dll 2011-02-03 00:19:39 73728 -c--a-w- c:\windows\system32\javacpl.cpl 2011-02-02 07:58:35 2067456 ------w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ------w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ------w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ------w- c:\windows\system32\win32k.sys 2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll 2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll 2010-12-20 22:15:52 61952 -c----w- c:\windows\system32\tdc.ocx 2010-12-20 22:15:51 81920 -c----w- c:\windows\system32\ieencode.dll 2010-12-20 17:26:00 730112 ------w- c:\windows\system32\lsasrv.dll 2010-12-20 15:30:29 369664 -c----w- c:\windows\system32\html.iec 2004-10-01 19:00:16 40960 -c----w- c:\program files\Uninstall_CDS.exe . ============= FINISH: 22:38:36.89 =============== attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.