Google redirect
-
Google redirect
Here are my logs
Malewarebytes first.
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Database version: 4504
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512
29/08/2010 23:08:26
mbam-log-2010-08-29 (23-08-26).txt
Scan type: Full scan (C:\|E:\|F:\|G:\|)
Objects scanned: 214810
Time elapsed: 37 minute(s), 13 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
------------------------------------------------------
MBR Check
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000000fd
Kernel Drivers (total 122):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E4000 \WINDOWS\system32\hal.dll
0xBA5A8000 \WINDOWS\system32\KDCOM.DLL
0xBA4B8000 \WINDOWS\system32\BOOTVID.dll
0xBA0A8000 lkitsbww.sys
0xB9F79000 ACPI.sys
0xBA5AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB9F68000 pci.sys
0xBA0B8000 isapnp.sys
0xBA670000 pciide.sys
0xBA328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xBA0C8000 MountMgr.sys
0xB9F49000 ftdisk.sys
0xBA330000 PartMgr.sys
0xBA0D8000 VolSnap.sys
0xB9F31000 atapi.sys
0xB9F06000 nvgts.sys
0xB9EEE000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xBA0E8000 disk.sys
0xBA0F8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB9ECE000 fltmgr.sys
0xBA108000 Lbd.sys
0xB9EB7000 KSecDD.sys
0xB9EA4000 WudfPf.sys
0xB9E17000 Ntfs.sys
0xB9DEA000 NDIS.sys
0xB9DD0000 Mup.sys
0xBA318000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB8B19000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB8B05000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xBA398000 \SystemRoot\system32\DRIVERS\usbohci.sys
0xB8AE1000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xBA3A0000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xBA158000 \SystemRoot\system32\DRIVERS\imapi.sys
0xBA168000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xBA178000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB8ABE000 \SystemRoot\system32\DRIVERS\ks.sys
0xB8A96000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xBA3A8000 \SystemRoot\system32\DRIVERS\nvnetbus.sys
0xBA3B0000 \SystemRoot\system32\DRIVERS\fdc.sys
0xBA188000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xBA3B8000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xBA3C0000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xBA774000 \SystemRoot\system32\DRIVERS\audstub.sys
0xBA198000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xBA59C000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB8A7F000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xBA1A8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xBA1B8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xBA3C8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB8A6E000 \SystemRoot\system32\DRIVERS\psched.sys
0xB96CE000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xBA3D0000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xBA3D8000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB96BE000 \SystemRoot\system32\DRIVERS\termdd.sys
0xBA5E0000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB8A10000 \SystemRoot\system32\DRIVERS\update.sys
0xB9DAC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xBA1F8000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB5E06000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xBA614000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB31E6000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0xAD5BB000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xAD597000 \SystemRoot\system32\drivers\portcls.sys
0xAF41D000 \SystemRoot\system32\drivers\drmk.sys
0xAD55E000 \SystemRoot\system32\DRIVERS\NVENETFD.sys
0xAD52B000 \SystemRoot\system32\DRIVERS\NVNRM.SYS
0xBA64C000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xAEFE2000 \SystemRoot\System32\Drivers\Null.SYS
0xBA64E000 \SystemRoot\System32\Drivers\Beep.SYS
0xBA488000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xBA4A0000 \SystemRoot\System32\drivers\vga.sys
0xBA650000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xBA652000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xAEC28000 \SystemRoot\System32\Drivers\Msfs.SYS
0xAEC20000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB149A000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xAD3E7000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xAD38E000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xAF068000 \SystemRoot\System32\Drivers\aswTdi.SYS
0xAD340000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xAD318000 \SystemRoot\system32\DRIVERS\netbt.sys
0xAF058000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB1482000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xAD2F6000 \SystemRoot\System32\drivers\afd.sys
0xAF048000 \SystemRoot\system32\DRIVERS\netbios.sys
0xAD2D1000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
0xAEC18000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xAD2A6000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xAD236000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xAF038000 \SystemRoot\System32\Drivers\Fips.SYS
0xAEC10000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xB147E000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xAF028000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xAEC98000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xAD58F000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xAAB8B000 \SystemRoot\System32\Drivers\aswSP.SYS
0xAC477000 \SystemRoot\System32\Drivers\Aavmker4.SYS
0xB2DA1000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA784E000 \SystemRoot\System32\Drivers\dump_diskdump.sys
0xA7141000 \SystemRoot\System32\Drivers\dump_nvgts.sys
0xBF800000 \SystemRoot\System32\win32k.sys
0xA7832000 \SystemRoot\System32\drivers\Dxapi.sys
0xA7731000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xBA68E000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\nv4_disp.dll
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0xB86A0000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0xAECA4000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA6EA1000 \SystemRoot\System32\Drivers\aswMon2.SYS
0xA6CFC000 \SystemRoot\system32\drivers\wdmaud.sys
0xB3A46000 \SystemRoot\system32\drivers\sysaudio.sys
0xA6B67000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA6B16000 \SystemRoot\system32\DRIVERS\atksgt.sys
0xB5D2D000 \SystemRoot\system32\DRIVERS\lirsgt.sys
0xA6A97000 \SystemRoot\system32\DRIVERS\srv.sys
0xA647F000 \SystemRoot\System32\Drivers\HTTP.sys
0xAC48F000 \SystemRoot\System32\Drivers\aswRdr.SYS
0xA61FF000 \SystemRoot\system32\drivers\kmixer.sys
0xA6025000 \??\C:\DOCUME~1\Rob's\LOCALS~1\Temp\pxtdrpow.sys
0x7C900000 \WINDOWS\system32\ntdll.dll
Processes (total 35):
0 System Idle Process
4 System
580 C:\WINDOWS\system32\smss.exe
652 csrss.exe
676 C:\WINDOWS\system32\winlogon.exe
720 C:\WINDOWS\system32\services.exe
732 C:\WINDOWS\system32\lsass.exe
904 C:\WINDOWS\system32\svchost.exe
952 svchost.exe
1052 C:\Program Files\Windows Defender\MsMpEng.exe
1092 C:\WINDOWS\system32\svchost.exe
1136 C:\WINDOWS\system32\svchost.exe
1300 svchost.exe
1440 svchost.exe
1664 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1684 C:\WINDOWS\explorer.exe
1760 C:\WINDOWS\RTHDCPL.exe
1784 C:\Program Files\Common Files\Java\Java Update\jusched.exe
1840 C:\WINDOWS\system32\rundll32.exe
1848 C:\PROGRA~1\ALWILS~1\Avast5\AvastUI.exe
1876 E:\Program Files\Logitech\SetPoint\KEM.exe
480 C:\WINDOWS\system32\spoolsv.exe
1904 svchost.exe
1860 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
604 C:\Program Files\Java\jre6\bin\jqs.exe
656 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
1040 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
1356 C:\WINDOWS\system32\nvsvc32.exe
1400 C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
2732 alg.exe
2740 C:\WINDOWS\system32\wscntfy.exe
3128 C:\WINDOWS\system32\svchost.exe
3496 C:\Program Files\Mozilla Firefox\firefox.exe
1572 C:\Documents and Settings\Rob's\My Documents\gfw2d9fo.exe (this is GMER)
3888 C:\Documents and Settings\Rob's\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000008`bd922600 (NTFS)
PhysicalDrive2 Model Number: SAMSUNGSP2504C, Rev: VT100-50
PhysicalDrive0 Model Number: ST380011A, Rev: 3.06
PhysicalDrive1 Model Number: Maxtor6E040L0, Rev: NAR61590
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive2 RE: Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
38 GB \\.\PhysicalDrive1 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A
Done!
-----------------------------
GMER
GMER 1.0.15.15281 - GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-29 23:44:04
Windows 5.1.2600 Service Pack 3
Running: gfw2d9fo.exe; Driver: C:\DOCUME~1\Rob's\LOCALS~1\Temp\pxtdrpow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAAB93CD2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAAB93B8E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xAAB94142]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAAB9406C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAAB93764]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAAB93C68]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAAB936A4]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAAB93708]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAAB93D88]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xAAB94210]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAAB93D48]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAAB93EC8]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xAABA0B9C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xAABA09C0]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xAABA0AFA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject
---- Kernel code sections - GMER 1.0.15 ----
PAGE ntkrnlpa.exe!ZwLoadDriver 8058413A 7 Bytes JMP AABA0AFE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!NtCreateSection 805AB3AC 7 Bytes JMP AABA09C4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObMakeTemporaryObject 805BC520 5 Bytes JMP AAB9C5B4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ObInsertObject 805C2FA4 5 Bytes JMP AAB9DF6C \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntkrnlpa.exe!ZwCreateProcessEx 805D1144 7 Bytes JMP AABA0BA0 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
? lkitsbww.sys The system cannot find the file specified. !
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB8B19360, 0x3535DF, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xA6B16300, 0x22020, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xB5D2D300, 0x1B7E, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1020] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 1044721D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[3496] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003B0002
IAT C:\WINDOWS\system32\services.exe[720] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 003B0000
---- Devices - GMER 1.0.15 ----
Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
will add the last one soon
-
OTL logs
OTL logfile created on: 29/08/2010 23:57:43 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rob's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 214.45 Gb Free Space | 92.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 34.96 Gb Total Space | 24.48 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive F: | 38.28 Gb Total Space | 31.25 Gb Free Space | 81.63% Space Free | Partition Type: NTFS
Drive G: | 39.56 Gb Total Space | 38.00 Gb Free Space | 96.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROB
Current User Name: Rob's
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Processes (SafeList) ==========
PRC - [2010/08/29 23
39 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob's\Desktop\OTL.exe
PRC - [2010/06/28 21:57:18 | 002,837,864 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2008/04/14 01:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe
PRC - [2006/02/17 11:39:02 | 000,139,264 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e
PRC - [2006/02/17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
PRC - [2006/02/17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
PRC - [2004/10/28 09:29:48 | 000,581,632 | ---- | M] (Logitech Inc.) -- E:\Program Files\Logitech\SetPoint\KEM.exe
========== Modules (SafeList) ==========
MOD - [2010/08/29 2339 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob's\Desktop\OTL.exe
MOD - [2008/04/14 01:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2004/10/28 09:27:18 | 000,086,016 | ---- | M] () -- E:\Program Files\Logitech\SetPoint\lgscroll.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/06/28 21:57:15 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/03/03 01:06:29 | 001,029,456 | ---- | M] (Lavasoft) [On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2006/02/17 11:39:02 | 000,139,264 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.ex e -- (ForceWare Intelligent Application Manager (IAM)) ForceWare Intelligent Application Manager (IAM)
SRV - [2006/02/17 11:35:58 | 000,127,035 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe -- (nSvcIp)
SRV - [2006/02/17 11:35:42 | 000,061,503 | ---- | M] (NVIDIA) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe -- (nSvcLog)
SRV - [2006/02/17 11:17:08 | 000,020,543 | ---- | M] (Apache Software Foundation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe -- (ForcewareWebInterface)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\XDva356.sys -- (XDva356)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Rob's\LOCALS~1\Temp\cpuz130\cpuz_x32.s ys -- (cpuz130)
DRV - [2010/06/28 21:37:52 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/06/28 21:37:30 | 000,165,456 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/06/28 21:33:13 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/06/28 21:32:45 | 000,100,176 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/06/28 21:32:33 | 000,017,744 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/28 21:32:16 | 000,028,880 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2009/09/18 13:51:21 | 000,074,480 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/07/28 10:53:16 | 000,009,968 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/28 10:53:16 | 000,007,408 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2009/07/03 15:49:08 | 000,064,160 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2009/07/01 12:53:34 | 000,013,824 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2009/07/01 12:53:30 | 000,066,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2009/06/30 18:31:00 | 000,164,896 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvgts.sys -- (nvgts)
DRV - [2009/01/15 09:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/04/13 17:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/09/04 18:25:30 | 000,165,376 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2007/09/04 18:25:30 | 000,018,048 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2006/12/21 09:26:00 | 004,405,248 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2001/10/03 11:10:10 | 000,053,920 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcan5wn.sys -- (alcan5wn) Alcatel SpeedTouch USB ADSL PPP Networking Driver (NDISWAN)
DRV - [2001/10/03 11:09:56 | 000,589,776 | ---- | M] (Alcatel Bell) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcaudsl.sys -- (alcaudsl)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: "World of Warcraft Armory"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://google.co.uk"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}:0.16
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/08/28 21:17:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/08/01 23:01:55 | 000,000,000 | ---D | M]
[2010/07/23 23:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Extensions
[2010/07/23 23:16:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2007/08/27 16:43:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\lr3ff2uk.default\ext ensions
[2010/08/29 10:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions
[2010/04/11 10:55:41 | 000,000,000 | ---D | M] (FlashGot) -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010/04/11 10:55:41 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2010/04/11 10:55:41 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/04/11 10:55:44 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/27 23:26:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\bejeweledblitz3cheat@thecybershadow.net
[2008/11/27 02:15:40 | 000,002,787 | ---- | M] () -- C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\sea rchplugins\world-of-warcraft-armory.xml
[2010/08/29 20:41:56 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/26 0255 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/26 0255 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/26 0255 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/26 0255 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml
O1 HOSTS File: ([2010/08/18 13:26:12 | 000,618,540 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 fr.a2dfp.net
O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net
O1 - Hosts: 127.0.0.1 ad.a8.net
O1 - Hosts: 127.0.0.1 asy.a8ww.net
O1 - Hosts: 127.0.0.1 abcstats.com
O1 - Hosts: 127.0.0.1 a.abv.bg
O1 - Hosts: 127.0.0.1 adserver.abv.bg
O1 - Hosts: 127.0.0.1 adv.abv.bg
O1 - Hosts: 127.0.0.1 bimg.abv.bg
O1 - Hosts: 127.0.0.1 ca.abv.bg
O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua
O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com
O1 - Hosts: 127.0.0.1 accuserveadsystem.com
O1 - Hosts: 127.0.0.1 Accuserve Online Ad Delivery System
O1 - Hosts: 127.0.0.1 achmedia.com
O1 - Hosts: 127.0.0.1 aconti.net
O1 - Hosts: 127.0.0.1 secure.aconti.net
O1 - Hosts: 127.0.0.1 aconti.netService #[Dialer.Aconti]
O1 - Hosts: 127.0.0.1 ads.active.com
O1 - Hosts: 127.0.0.1 am1.activemeter.com
O1 - Hosts: 127.0.0.1 Active Meter: Free Invisible Hit Counter, Web Tracker, Web Analytic and Web Stats #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ads.activepower.net
O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[Tracking.Cookie]
O1 - Hosts: 127.0.0.1 ad2games.com
O1 - Hosts: 16327 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = E:\Program Files\Logitech\SetPoint\KEM.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\pol icies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\nvappfilter.dll (NVIDIA)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsu...?1266629836593 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_03)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_19)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/pub...sh/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Desktop Background.bmp
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/08/27 15:39:18 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/10/21 23:41:40 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found
Drivers32: aux - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.
========== Files/Folders - Created Within 30 Days ==========
[2010/08/29 23:52:47 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob's\My Documents\OTL.exe
[2010/08/29 2338 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rob's\Desktop\OTL.exe
[2010/08/29 20:20:42 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob's\My Documents\mbam-setup-1.46.exe
[2010/08/29 01:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/08/29 01:37:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/08/01 01:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob's\Application Data\gamigo
[2010/08/01 01:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob's\Application Data\Martial Empires Luancher OBT
[2010/08/01 01:20:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rob's\Application Data\launcher
[2010/08/01 00
35 | 000,000,000 | ---D | C] -- C:\Gamigo
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010/08/29 23:52:47 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob's\My Documents\OTL.exe
[2010/08/29 2339 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rob's\Desktop\OTL.exe
[2010/08/29 2328 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Rob's\Desktop\MBRCheck.exe
[2010/08/29 23:15:02 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Rob's\My Documents\gfw2d9fo.exe
[2010/08/29 22:25:34 | 000,000,708 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/08/29 21:42:28 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2010/08/29 21:39:34 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/08/29 21:39:29 | 000,206,530 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/08/29 21:39:23 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/08/29 21:38:39 | 007,864,320 | -H-- | M] () -- C:\Documents and Settings\Rob's\NTUSER.DAT
[2010/08/29 21:15:45 | 000,152,491 | ---- | M] () -- C:\Documents and Settings\Rob's\My Documents\hosts.zip
[2010/08/29 21:03:11 | 003,830,790 | ---- | M] () -- C:\Documents and Settings\Rob's\Desktop\ComboFix.exe
[2010/08/29 20:20:55 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Rob's\My Documents\mbam-setup-1.46.exe
[2010/08/29 13:39:40 | 006,393,384 | -H-- | M] () -- C:\Documents and Settings\Rob's\Local Settings\Application Data\IconCache.db
[2010/08/29 01:35:57 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/08/23 00:06:18 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/08/22 21:30:46 | 000,000,151 | ---- | M] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/08/18 13:26:12 | 000,618,540 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2010/08/18 13:26:12 | 000,618,540 | ---- | M] () -- C:\Documents and Settings\Rob's\My Documents\HOSTS
[2010/08/09 18:35:15 | 000,013,752 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[8 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010/08/29 2328 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Rob's\Desktop\MBRCheck.exe
[2010/08/29 23:15:01 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Rob's\My Documents\gfw2d9fo.exe
[2010/08/29 21:16:44 | 000,618,540 | ---- | C] () -- C:\Documents and Settings\Rob's\My Documents\HOSTS
[2010/08/29 21:16:41 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\Rob's\My Documents\mvps.bat
[2010/08/29 21:15:42 | 000,152,491 | ---- | C] () -- C:\Documents and Settings\Rob's\My Documents\hosts.zip
[2010/08/29 21:03:05 | 003,830,790 | ---- | C] () -- C:\Documents and Settings\Rob's\Desktop\ComboFix.exe
[2010/02/19 13:29:38 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Rob's\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/15 09:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 09:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 09:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 09:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/11/24 19:12:56 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2008/02/23 02:22:12 | 000,005,600 | ---- | C] () -- C:\WINDOWS\System32\stci.dll
[2007/11/16 16:09:21 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/09/10 01:02:19 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/09/07 00:08:29 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/09/05 16:52:55 | 000,000,450 | ---- | C] () -- C:\Documents and Settings\Rob's\Application Data\SamsungLiveUpdateConfig.ini
[2007/09/04 18:25:30 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2007/09/04 18:25:30 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2007/08/27 18:08:33 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.* >
[2010/02/19 14:16:17 | 000,001,024 | ---- | M] () -- C:\.rnd
[2010/08/29 21:39:19 | 000,144,476 | ---- | M] () -- C:\aaw7boot.log
[2007/08/27 15:39:18 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/06/28 10:36:19 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2007/08/27 15:39:18 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/08/27 15:39:18 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2007/08/27 15:39:18 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/02/28 13:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/10/10 13:48:34 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/08/29 21:39:19 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 13:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpi pelineprintproc.dll
< %systemroot%\system32\*.wt >
< %systemroot%\system32\*.ruy >
< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
< %systemroot%\Fonts\*.dll >
< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\Tasks\*.job /lockedfiles >
< %systemroot%\System32\config\*.sav >
[2007/08/27 16:23:24 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/08/27 16:23:24 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/08/27 16:23:23 | 000,917,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< %systemroot%\system32\user32.dll /md5 >
[2008/04/14 01:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/04/14 01:12:10 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=2CCC474EB85CEAA3E1FA1726580A3E5A -- C:\WINDOWS\system32\ws2_32.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\system32\ws2help.dll /md5 >
[2008/04/14 01:12:10 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=9789E95E1D88EEB4B922BF3EA7779C28 -- C:\WINDOWS\system32\ws2help.dll
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Win dows\WindowsUpdate\AU >
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
========== Alternate Data Streams ==========
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP
1B5B4F1
< End of report >
OTL Extras logfile created on: 29/08/2010 23:57:43 - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\Rob's\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 214.45 Gb Free Space | 92.09% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 34.96 Gb Total Space | 24.48 Gb Free Space | 70.03% Space Free | Partition Type: NTFS
Drive F: | 38.28 Gb Total Space | 31.25 Gb Free Space | 81.63% Space Free | Partition Type: NTFS
Drive G: | 39.56 Gb Total Space | 38.00 Gb Free Space | 96.06% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ROB
Current User Name: Rob's
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"56873:TCP" = 56873:TCP:*:Enabled:Pando Media Booster
"56873:UDP" = 56873:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"56873:TCP" = 56873:TCP:*:Enabled:Pando Media Booster
"56873:UDP" = 56873:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\DomainPr ofile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess\Parameters\FirewallPolicy\Standard Profile\AuthorizedApplications\List]
"C:\Documents and Settings\Rob's\Desktop\DMT.exe" = C:\Documents and Settings\Rob's\Desktop\DMT.exe:*:EnabledMT ADSLv1/2/2plus Annex A/B -- File not found
"C:\Program Files\World of Warcraft\BackgroundDownloader.exe" = C:\Program Files\World of Warcraft\BackgroundDownloader.exe:*:Enabled:Blizza rd Downloader -- File not found
"C:\Program Files\DNA\btdna.exe" = C:\Program Files\DNA\btdna.exe:*:EnabledNA -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorre nt -- File not found
"C:\Program Files\Ventrilo\Ventrilo.exe" = C:\Program Files\Ventrilo\Ventrilo.exe:*:Enabled:Ventrilo.exe -- ()
"C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineMessageService.exe:*:Enabled:Turbin eMessageService -- File not found
"C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe" = C:\Program Files\Turbine\Turbine Download Manager\TurbineNetworkService.exe:*:Enabled:Turbin eNetworkService -- File not found
"C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe" = C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe:*:Enabled:Apache HTTP Server -- (Apache Software Foundation)
"C:\Program Files\eFusion\Blitz 1941\BlitzClient2.exe" = C:\Program Files\eFusion\Blitz 1941\BlitzClient2.exe:*:Enabled:Blitz 1941 -- File not found
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall]
"{00020409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Standard
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 19
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{71929EC1-FDB2-4A67-AAAD-936E4539FA84}_is1" = Driver Sweeper 2.1.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E544E5-EF3C-4103-A57B-3A499FD91033}" = Nero 7 Essentials
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"avast5" = avast! Free Antivirus
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"HijackThis" = HijackThis 2.0.2
"InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}" = NVIDIA ForceWare Network Access Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Revo Uninstaller" = Revo Uninstaller 1.83
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"WinAce Archiver" = WinAce Archiver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Antivirus Events ]
Error - 06/04/2008 04:59:14 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 07/04/2008 02:41:08 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 07/04/2008 06:03:25 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 07/11/2009 11:53:08 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 07/11/2009 1105 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 07/11/2009 14:05:44 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
Error - 08/11/2009 12:03:44 | Computer Name = ROB | Source = avast! | ID = 33554522
Description =
[ Application Events ]
Error - 04/11/2009 14:24:49 | Computer Name = ROB | Source = ESENT | ID = 485
Description = svchost (1076) An attempt to delete the file "C:\WINDOWS\system32\CatRoot2\tmp.edb"
failed with system error 5 (0x00000005): "Access is denied. ". The delete file
operation will fail with error -1032 (0xfffffbf8).
Error - 06/11/2009 21:41:50 | Computer Name = ROB | Source = Application Error | ID = 1000
Description = Faulting application dndclient.exe, version 1.10.0.8059, faulting
module dndclient.exe, version 1.10.0.8059, fault address 0x003ba167.
Error - 16/11/2009 03:58:00 | Computer Name = ROB | Source = Google Update | ID = 20
Description =
Error - 26/12/2009 16:04:00 | Computer Name = ROB | Source = Application Error | ID = 1000
Description = Faulting application aion.bin, version 1509.1119.1215.2157, faulting
module xrenderd3d9.dll, version 0.0.0.0, fault address 0x0000261a.
Error - 20/02/2010 09:09:35 | Computer Name = ROB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\25ca40.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 20/02/2010 09:09:46 | Computer Name = ROB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\25ca40.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 20/02/2010 09:09:49 | Computer Name = ROB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\25ca40.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 20/02/2010 09:09:51 | Computer Name = ROB | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\25ca40.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.
Error - 06/04/2010 15:57:43 | Computer Name = ROB | Source = Application Error | ID = 1000
Description = Faulting application configure.exe, version 1.0.0.1, faulting module
configure.exe, version 1.0.0.1, fault address 0x00003860.
Error - 18/04/2010 11:57:06 | Computer Name = ROB | Source = Application Error | ID = 1000
Description = Faulting application aogame.exe, version 1.0.5.0, faulting module
fmodex.dll, version 0.4.21.6, fault address 0x0004941a.
[ System Events ]
Error - 29/08/2010 16:11:38 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:40:07 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:40:07 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:40:07 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:40:07 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:59:37 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 16:59:37 | Computer Name = ROB | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {BC866CF2-5486-41F7-B46B-9AA49CF3EBB1}
to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19). This security permission
can be modified using the Component Services administrative tool.
Error - 29/08/2010 18:26:15 | Computer Name = ROB | Source = nvgts | ID = 262149
Description = A parity error was detected on \Device\Scsi\nvgts1.
Error - 29/08/2010 19:01:58 | Computer Name = ROB | Source = SRService | ID = 104
Description = The System Restore initialization process failed.
Error - 29/08/2010 19:01:58 | Computer Name = ROB | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2
< End of report >
-
Welcome aboard 
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt"
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
-
ComboFix 10-08-28.02 - Rob's 30/08/2010 11:04:28.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1634 [GMT 1:00]
Running from: c:\documents and settings\Rob's\Desktop\starcraft.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ActiveArmor Firewall *disabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Rob's\Application Data\.#
c:\documents and settings\Rob's\Local Settings\Temporary Internet Files\_tmC3.tmp
c:\documents and settings\Rob's\Local Settings\Temporary Internet Files\stb06759.tmp
.
((((((((((((((((((((((((( Files Created from 2010-07-28 to 2010-08-30 )))))))))))))))))))))))))))))))
.
2010-08-29 19:40 . 2010-08-29 19:40 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-08-03 20:46 . 2010-08-03 20:46 503808 ----a-w- c:\documents and settings\Rob's\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-7886245b-n\msvcp71.dll
2010-08-03 20:46 . 2010-08-03 20:46 499712 ----a-w- c:\documents and settings\Rob's\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-7886245b-n\jmc.dll
2010-08-03 20:46 . 2010-08-03 20:46 348160 ----a-w- c:\documents and settings\Rob's\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf0 4-7886245b-n\msvcr71.dll
2010-08-03 20:46 . 2010-08-03 20:46 61440 ----a-w- c:\documents and settings\Rob's\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-704deb34-n\decora-sse.dll
2010-08-03 20:46 . 2010-08-03 20:46 12800 ----a-w- c:\documents and settings\Rob's\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\448889 2a-704deb34-n\decora-d3d.dll
2010-08-01 00:22 . 2010-08-01 00:41 -------- d-----w- c:\documents and settings\Rob's\Application Data\gamigo
2010-08-01 00:20 . 2010-08-01 00:20 -------- d-----w- c:\documents and settings\Rob's\Application Data\Martial Empires Luancher OBT
2010-08-01 00:20 . 2010-08-01 00:20 -------- d-----w- c:\documents and settings\Rob's\Application Data\launcher
2010-07-31 23:56 . 2010-07-31 23:56 -------- d-----w- C:\Gamigo
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-08-29 19:57 . 2009-07-28 22:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-02 22:19 . 2007-08-27 14:48 -------- d-----w- c:\program files\Common Files\InstallShield
2010-08-02 22:18 . 2007-08-27 14:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-02 22:16 . 2008-11-24 18:12 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-07-31 20:59 . 2010-04-18 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-23 22:55 . 2010-07-23 22:55 -------- d-----w- c:\documents and settings\Rob's\Application Data\Apple Computer
2010-06-28 20:57 . 2010-06-30 22:22 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2007-08-27 16:51 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2007-08-27 16:51 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2008-04-03 15:45 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2007-08-27 16:51 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2007-08-27 16:51 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2007-08-27 16:51 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2008-04-03 15:45 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2007-08-27 16:51 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 16062464]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2009-01-15 86016]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI. exe" [2010-06-28 2837864]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - e:\program files\Logitech\SetPoint\KEM.exe [2006-10-22 581632]
[hkey_local_machine\software\microsoft\windows\curr entversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-18 12:51 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2006-11-16 18:04 139264 ----a-w- c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Name of App]
2007-04-05 14:29 684118 ----a-w- c:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 14:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"NBService"=3 (0x3)
"LightScribeService"=2 (0x2)
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"56873:TCP"= 56873:TCP:Pando Media Booster
"56873:UDP"= 56873:UDP:Pando Media Booster
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/07/2009 00:06 64160]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [03/04/2008 16:45 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [28/07/2009 10:53 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [28/07/2009 10:53 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswF sBlk.sys [03/04/2008 16:45 17744]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592]
S3 cpuz130;cpuz130;\??\c:\docume~1\Rob's\LOCALS~1\Tem p\cpuz130\cpuz_x32.sys --> c:\docume~1\Rob's\LOCALS~1\Temp\cpuz130\cpuz_x32.s ys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1029456]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [28/07/2009 10:53 7408]
S3 XDva356;XDva356;\??\c:\windows\system32\XDva356.sy s --> c:\windows\system32\XDva356.sys [?]
.
Contents of the 'Scheduled Tasks' folder
2010-08-29 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 00:06]
.
.
------- Supplementary Scan -------
.
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
FF - ProfilePath - c:\documents and settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\
FF - prefs.js: browser.search.selectedEngine - World of Warcraft Armory
FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk
FF - plugin: c:\program files\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_every where__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_bro ken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-SansaDispatch - c:\program files\SanDisk\Sansa Updater\SansaDispatch.exe
************************************************** ************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
Rootkit scan 2010-08-30 11:09
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
************************************************** ************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\n pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(672)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(728)
c:\windows\system32\nvappfilter.dll
.
Completion time: 2010-08-30 11:12:26
ComboFix-quarantined-files.txt 2010-08-30 10:12
Pre-Run: 230,154,805,248 bytes free
Post-Run: 230,581,223,424 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOW S
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Micro soft Windows XP Home Edition" /noexecute=optin /fastdetect
Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - E8B4780EA8A7384ACE7C4C38B6DC2A12
-
-
-
Which browser is getting redirected?
-
I use firefox have just tried IE and that seems ok although very slow
Last edited by RobMoore; 30-08-2010 at 08:19 PM.
-
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
-
GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:05 on 30/08/2010 (Rob's)
Firefox version 3.6.8 (en-GB)
========== GooredScan ==========
(none)
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [15:42 27/08/2007]
{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} [18:03 08/10/2007]
{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} [10:50 09/03/2008]
{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [01:11 11/04/2010]
C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\lr3ff2uk.default\ext ensions\
(none)
C:\Documents and Settings\Rob's\Application Data\Mozilla\Firefox\Profiles\wrmin8q8.default\ext ensions\
bejeweledblitz3cheat@thecybershadow.net [22:26 27/10/2009]
{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [09:55 11/04/2010]
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a} [09:55 11/04/2010]
{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [09:55 11/04/2010]
{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [09:55 11/04/2010]
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extens ions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework \v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [13:10 10/10/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [01:11 11/04/2010]
-=E.O.F=-
Junior Member
