Browser being re-direscted

Arfer

Posted November 23, 2009

- Share

Posted November 23, 2009

Am using full up to date firefox browser on fully patched Windows 7 Ultimate and have scanned with Avira ( again fully updated) this finds nothing nor does Malwarebytes. I am periodically being redirected to lghtseek.biz and redirectct.rdr

Have checked this through on mozilla forum and although many people over the past week have posted saying that they are experiencing the same thing nobody as yet has come up with a working fix. This does not seem to be restricted to firefox alone as certainly IE does the same redirction on my machine. Other people have reported Chrome behaving the same way.

Here is my Malwarebytes Log File

Malwarebytes' Anti-Malware 1.41

Database version: 3217

Windows 6.1.7600

23/11/2009 13:13:43

mbam-log-2009-11-23 (13-13-43).txt

Scan type: Full Scan (C:\|)

Objects scanned: 412066

Time elapsed: 1 hour(s), 56 minute(s), 56 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

And here is the HijackThis File

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 11:04:39, on 23/11/2009

Platform: Unknown Windows (WinNT 6.01.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.16385)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\NetWorx\networx.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Wakoopa\Wakoopa.exe

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

C:\Program Files\Windows Live\Mail\wlmail.exe

C:\Program Files\Windows Live\Contacts\wlcomm.exe

c:\program files\common files\installshield\updateservice\isuspm.exe

C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe

C:\Program Files\TweetDeck\TweetDeck.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: PPVADownloader - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O3 - Toolbar: &NetWorx Desk Band - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\PROGRA~1\NetWorx\deskband.dll

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [NetWorx] "C:\Program Files\NetWorx\networx.exe" /auto

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [Adobe_ID0ENQBO] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime

O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe

O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\Windows\TEMP\E_S3C86.tmp" /EF "HKCU"

O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MIF5BA~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\Office12\REFIEBAR.DLL

O9 - Extra button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O9 - Extra 'Tools' menuitem: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O13 - Gopher Prefix:

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe

O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: M-Audio Series II MIDI Installer (MA_CMIDI_InstallerService) - Avid Technology, Inc. - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe

O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--

End of file - 10047 bytes

TIA for any kind help offered ;-)

Link to post

Share on other sites

Arfer

Posted November 24, 2009

Author

ID:161736

- Share

Posted November 24, 2009

Sorry I need to clear up 2 typos, The heading, as I'm sure you've worked out, should have read "Browser being redirected" and the second of the 2 most often redirects is to redirectrdr.com

Thanks again and apologies for the typos

Link to post

Share on other sites

Blade81

Posted November 28, 2009

ID:163422

- Share

Posted November 28, 2009

Hi,

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163633

- Share

Posted November 29, 2009

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163634

- Share

Posted November 29, 2009

Hi Blade81, thanks very much for you help with this, here are the scan results you asked for:

OTL logfile created on: 11/28/2009 9:38:50 PM - Run 1

OTL by OldTimer - Version 3.1.11.2 Folder = C:\Users\Mick\Desktop

Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7600.16385)

Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 1.20 Gb Available Physical Memory | 60.07% Memory free

4.00 Gb Paging File | 2.75 Gb Available in Paging File | 68.92% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 119.63 Gb Total Space | 7.01 Gb Free Space | 5.86% Space Free | Partition Type: NTFS

D: Drive not present or media not loaded

E: Drive not present or media not loaded

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

Computer Name: MICK-PC

Current User Name: Mick

Logged in as Administrator.

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Users\Mick\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\TweetDeck\TweetDeck.exe ()

PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

PRC - C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)

PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)

PRC - C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)

PRC - C:\Windows\System32\PnkBstrA.exe ()

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\inetsrv\w3wp.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

PRC - C:\Windows\System32\FsUsbExService.Exe (Teruten)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)

PRC - C:\Windows\Service\wuauctl.exe (Microsoft Corporation)

PRC - C:\Program Files\Wakoopa\Wakoopa.exe (Wakoopa)

PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

PRC - C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

PRC - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe (Sonic Solutions)

PRC - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

========== Modules (SafeList) ==========

MOD - C:\Users\Mick\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)

MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)

MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)

MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)

MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)

MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)

MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)

SRV - (gupdate) Google Update Service (gupdate) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)

SRV - (SbieSvc) -- C:\Program Files\Sandboxie\SbieSvc.exe (tzuk)

SRV - (vvdsvc) -- C:\Windows\System32\Nagasoft\vjocx.dll (NanJing Nagasoft Co, LTD.)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (PnkBstrA) -- C:\Windows\System32\PnkBstrA.exe ()

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)

SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)

SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)

SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)

SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)

SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)

SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)

SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)

SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)

SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)

SRV - (WAS) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (W3SVC) -- C:\Windows\System32\inetsrv\iisw3adm.dll (Microsoft Corporation)

SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)

SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)

SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)

SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)

SRV - (AppHostSvc) -- C:\Windows\System32\inetsrv\apphostsvc.dll (Microsoft Corporation)

SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)

SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (FsUsbExService) -- C:\Windows\System32\FsUsbExService.Exe (Teruten)

SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)

SRV - (Service) -- C:\WINDOWS\Service\wuauctl.exe (Microsoft Corporation)

SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)

SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)

SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)

SRV - (Microsoft Office Groove Audit Service) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)

SRV - (Adobe Version Cue CS4) -- C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)

SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)

SRV - (MA_CMIDI_InstallerService) -- C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe (Avid Technology, Inc.)

SRV - (EPSON_PM_RPCV4_01) EPSON V3 Service4(01) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE (SEIKO EPSON CORPORATION)

SRV - (RoxMediaDB9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe (Sonic Solutions)

SRV - (RoxWatch9) -- C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe (Sonic Solutions)

SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (stllssvr) -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (MicroVision Development, Inc.)

SRV - (IDriverT) -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)

========== Driver Services (SafeList) ==========

DRV - (sptd) -- C:\Windows\System32\Drivers\sptd.sys ()

DRV - (SbieDrv) -- C:\Program Files\Sandboxie\SbieDrv.sys (tzuk)

DRV - (PSSDK42) -- C:\Windows\System32\drivers\pssdk42.sys (microOLAP Technologies LTD)

DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)

DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)

DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)

DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)

DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)

DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)

DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)

DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)

DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)

DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)

DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)

DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)

DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)

DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys ()

DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)

DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)

DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)

DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)

DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)

DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)

DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)

DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)

DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)

DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)

DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)

DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)

DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)

DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)

DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)

DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)

DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)

DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)

DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)

DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)

DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)

DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)

DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)

DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)

DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)

DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)

DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)

DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)

DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)

DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)

DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)

DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)

DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)

DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)

DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)

DRV - (1394ohci) -- C:\Windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)

DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)

DRV - (usbaudio) USB Audio Driver (WDM) -- C:\Windows\System32\drivers\USBAUDIO.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)

DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)

DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)

DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)

DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)

DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)

DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)

DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)

DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)

DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)

DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)

DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)

DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)

DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)

DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)

DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)

DRV - (VSTHWBS2) -- C:\Windows\System32\drivers\VSTBS23.SYS (Conexant Systems, Inc.)

DRV - (VST_DPV) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)

DRV - (winachsf) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)

DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)

DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)

DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)

DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)

DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.)

DRV - (FsUsbExDisk) -- C:\Windows\System32\FsUsbExDisk.Sys ()

DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)

DRV - (ss_bmdm) -- C:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)

DRV - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- C:\Windows\System32\drivers\ss_bbus.sys (MCCI)

DRV - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- C:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (adfs) -- C:\Windows\System32\drivers\adfs.sys (Adobe Systems, Inc.)

DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions)

DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)

DRV - (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\s115mgmt.sys (MCCI Corporation)

DRV - (s115obex) -- C:\Windows\System32\drivers\s115obex.sys (MCCI Corporation)

DRV - (s115mdm) -- C:\Windows\System32\drivers\s115mdm.sys (MCCI Corporation)

DRV - (s115mdfl) -- C:\Windows\System32\drivers\s115mdfl.sys (MCCI Corporation)

DRV - (s115bus) Sony Ericsson Device 115 driver (WDM) -- C:\Windows\System32\drivers\s115bus.sys (MCCI Corporation)

DRV - (DRVNDDM) -- C:\Windows\System32\drivers\DRVNDDM.SYS (Roxio)

DRV - (DLARTL_M) -- C:\Windows\System32\drivers\DLARTL_M.SYS (Roxio)

DRV - (DLACDBHM) -- C:\Windows\System32\drivers\DLACDBHM.SYS (Roxio)

DRV - (hcwPP2) -- C:\Windows\System32\drivers\hcwPP2.sys (Hauppauge Computer Works, Inc.)

DRV - (DLADResM) -- C:\Windows\System32\DLA\DLADResM.SYS (Roxio)

DRV - (DLAUDFAM) -- C:\Windows\System32\DLA\DLAUDFAM.SYS (Roxio)

DRV - (DLABMFSM) -- C:\Windows\System32\DLA\DLABMFSM.SYS (Roxio)

DRV - (DLAUDF_M) -- C:\Windows\System32\DLA\DLAUDF_M.SYS (Roxio)

DRV - (DLAOPIOM) -- C:\Windows\System32\DLA\DLAOPIOM.SYS (Roxio)

DRV - (DLABOIOM) -- C:\Windows\System32\DLA\DLABOIOM.SYS (Roxio)

DRV - (DLAPoolM) -- C:\Windows\System32\DLA\DLAPoolM.SYS (Roxio)

DRV - (DLAIFS_M) -- C:\Windows\System32\DLA\DLAIFS_M.SYS (Roxio)

DRV - (MA_CMIDI) -- C:\Windows\System32\drivers\MA_CMIDI.SYS (M-Audio)

DRV - (DRVMCDB) -- C:\Windows\System32\Drivers\DRVMCDB.SYS (Sonic Solutions)

DRV - (AR5523) -- C:\Windows\System32\drivers\WG11TND5.sys (NETGEAR, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://uk.msn.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1E 56 EC CD C3 51 CA 01 [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {4BBDD651-70CF-4821-84F8-2B918CF89CA3}:6.2

FF - prefs.js..extensions.enabledItems: {340c2bbc-ce74-4362-90b5-7c26312808ef}:0.6

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/11/07 10:15:55 | 00,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/07 10:15:55 | 00,000,000 | ---D | M]

[2009/08/30 12:54:17 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Extensions

[2009/11/28 21:05:11 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions

[2009/08/30 13:00:39 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}

[2009/11/01 09:11:55 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}

[2009/10/22 10:44:46 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}

[2009/10/15 12:12:25 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2009/11/02 20:29:58 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{3A57409D-8B6D-4624-8B83-B08B50226500}

[2009/11/11 10:14:00 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374}

[2009/11/11 10:14:00 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2009/08/30 13:01:32 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}

[2009/11/14 15:19:34 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{75623d5d-4683-402a-b610-ac4bab767c86}

[2009/08/30 13:01:36 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}

[2009/09/28 17:30:12 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{89506680-e3f4-484c-a2c0-ed711d481eda}

[2009/08/30 13:01:35 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{95f24680-9e31-11da-a746-0800200c9a66}

[2009/08/30 13:01:14 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}

[2009/11/06 11:11:10 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

[2009/11/03 16:45:12 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{b2509cd4-17cd-45ed-8146-a82af038f493}

[2009/10/09 08:25:00 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{c33c5b47-69c8-45a4-a5e0-af85bbe628dd}

[2009/11/19 19:52:13 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}

[2009/08/30 13:01:22 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2009/08/30 13:01:34 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2009/08/30 13:01:39 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}

[2009/08/30 13:01:34 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{e0204bd5-9d31-402b-a99d-a6aa8ffebdca}

[2009/09/27 08:19:12 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

[2009/09/03 20:03:52 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

[2009/08/30 13:01:35 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\en-GB@dictionaries.addons.mozilla.org

[2009/09/03 20:09:22 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\googletube@googletube.com

[2009/10/22 10:44:46 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\isreaditlater@ideashower.com

[2009/08/30 13:01:30 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\morningCoffee@shaneliesegang

[2009/11/11 10:14:00 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\multipletab@piro.sakura.ne.jp

[2009/08/30 13:01:20 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\OberonGameHost@OberonGames.com

[2009/08/30 13:01:35 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\OPIE@guid.customsoftwareconsult.com

[2009/10/14 08:56:58 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\piclens@cooliris.com

[2009/10/14 08:56:58 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\piclens@cooliris.com-trash

[2009/09/07 07:07:21 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\searchimdb@sogame.cat

[2009/10/15 12:12:25 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\sxipper@sxip.com

[2009/10/21 11:05:34 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\VacuumPlacesImproved@lultimouomo-gmail.com

[2009/11/12 10:05:30 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\YoutubeDownloader@PeterOlayev.com

[2009/08/30 13:01:31 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\browser\extensions

[2009/08/30 13:01:41 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\mac\mozapps\extensions

[2009/08/30 13:01:32 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\browser\extensions

[2009/08/30 13:01:38 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.Mick7\extensions\{5c876f30-10ce-11dd-bd0b-0800200c9a66}\chrome\win\mozapps\extensions

[2009/11/08 11:16:37 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\oep7xa6i.default\extensions

[2009/08/30 12:55:15 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\oep7xa6i.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}

[2009/08/30 12:59:21 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\oep7xa6i.default\extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3}

[2009/11/08 11:16:37 | 00,000,000 | ---D | M] -- C:\Users\Mick\AppData\Roaming\Mozilla\Firefox\Profiles\oep7xa6i.default\extensions\ChoiceGuard@Microsoft

[2009/11/07 09:00:34 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2009/09/05 13:35:53 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

[2009/07/30 22:24:36 | 00,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml

[2009/07/30 22:24:36 | 00,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml

[2009/07/30 22:24:36 | 00,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml

[2009/07/30 22:24:36 | 00,000,831 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: (614790 bytes) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 fr.a2dfp.net

O1 - Hosts: 127.0.0.1 m.fr.a2dfp.net

O1 - Hosts: 127.0.0.1 ad.a8.net

O1 - Hosts: 127.0.0.1 asy.a8ww.net

O1 - Hosts: 127.0.0.1 adv.abv.bg

O1 - Hosts: 127.0.0.1 bimg.abv.bg

O1 - Hosts: 127.0.0.1 www2.a-counter.kiev.ua

O1 - Hosts: 127.0.0.1 track.acclaimnetwork.com

O1 - Hosts: 127.0.0.1 accuserveadsystem.com

O1 - Hosts: 127.0.0.1 www.accuserveadsystem.com

O1 - Hosts: 127.0.0.1 achmedia.com

O1 - Hosts: 127.0.0.1 aconti.net

O1 - Hosts: 127.0.0.1 secure.aconti.net

O1 - Hosts: 127.0.0.1 www.aconti.net #[Dialer.Aconti]

O1 - Hosts: 127.0.0.1 ads.active.com

O1 - Hosts: 127.0.0.1 am1.activemeter.com

O1 - Hosts: 127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ads.activepower.net

O1 - Hosts: 127.0.0.1 data2.activshopper.com #[Trackware.ActivShopper]

O1 - Hosts: 127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]

O1 - Hosts: 127.0.0.1 ad2games.com

O1 - Hosts: 127.0.0.1 cms.ad2click.nl

O1 - Hosts: 127.0.0.1 ads.ad2games.com

O1 - Hosts: 127.0.0.1 content.ad20.net

O1 - Hosts: 16153 more lines...

O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O2 - BHO: (Download_Bho Class) - {A986E409-30CC-4185-89BB-AB212C104524} - C:\Program Files\PPLiveVA\DownloaderManager.dll (Synacast)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&NetWorx Desk Band) - {FEEA54B4-D80F-41C7-87B9-DC08E6D3255F} - C:\Program Files\NetWorx\deskband.dll (SoftPerfect Research)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [iSUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iSUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Macrovision Corporation)

O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NetWorx] C:\Program Files\NetWorx\networx.exe (SoftPerfect Research)

O4 - HKLM..\Run: [NPSStartup] File not found

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)

O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [AdobeBridge] File not found

O4 - HKCU..\Run: [AlcoholAutomount] C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe (Alcohol Soft Development Team)

O4 - HKCU..\Run: [AutoStartNPSAgent] C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe (Samsung Electronics Co., Ltd.)

O4 - HKCU..\Run: [EPSON Stylus DX8400 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE (SEIKO EPSON CORPORATION)

O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

O4 - HKCU..\Run: [sandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (tzuk)

O4 - HKCU..\Run: [Wakoopa] C:\Program Files\Wakoopa\Wakoopa.exe (Wakoopa)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ( )

O9 - Extra 'Tools' menuitem : PPLive - {95B3F550-91C4-4627-BCC4-521288C52977} - C:\Program Files\PPLive\PPLive.exe ( )

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)

O13 - gopher Prefix: missing

O15 - HKLM\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O15 - HKCU\..Trusted Domains: 57 domain(s) and sub-domain(s) not assigned to a zone.

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_17)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254

O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\WgaLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009/06/10 21:42:20 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{15b20f67-c151-11de-8447-00184dde3a72}\Shell - "" = AutoRun

O33 - MountPoints2\{15b20f67-c151-11de-8447-00184dde3a72}\Shell\AutoRun\command - "" = D:\LiveTutDVD.exe -- File not found

O34 - HKLM BootExecute: (autocheck) - File not found

O34 - HKLM BootExecute: (*) - File not found

O35 - comfile [open] -- "%1" %* File not found

O35 - exefile [open] -- "%1" %* File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/11/28 19:12:41 | 00,535,552 | ---- | C] (OldTimer Tools) -- C:\Users\Mick\Desktop\OTL.exe

[2009/11/25 13:04:49 | 00,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll

[2009/11/23 10:35:31 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2009/11/16 13:58:39 | 00,000,000 | ---D | C] -- C:\Program Files\Convert AVI to MP4

[2009/11/16 11:25:47 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Roaming\Download Manager

[2009/11/10 11:45:22 | 00,000,000 | ---D | C] -- C:\Program Files\ASIO4ALL v2

[2009/11/09 16:50:00 | 00,000,000 | R--D | C] -- C:\Users\Mick\Documents\Ableton

[2009/11/09 16:46:24 | 00,000,000 | ---D | C] -- C:\Users\Mick\Documents\Ableton Sessions

[2009/11/08 21:57:28 | 00,000,000 | ---D | C] -- C:\inetpub

[2009/11/08 21:57:28 | 00,000,000 | ---D | C] -- C:\Windows\System32\BestPractices

[2009/11/08 11:22:43 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Roaming\DassaultSystemes

[2009/11/08 11:22:43 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Local\DassaultSystemes

[2009/11/08 11:22:43 | 00,000,000 | ---D | C] -- C:\ProgramData\DassaultSystemes

[2009/11/08 11:22:21 | 00,000,000 | ---D | C] -- C:\Program Files\Dassault Systemes

[2009/11/08 11:15:07 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Local\IsolatedStorage

[2009/11/08 11:13:28 | 00,000,000 | ---D | C] -- C:\Program Files\Virtual Earth 3D

[2009/11/08 00:07:35 | 00,000,000 | ---D | C] -- C:\Users\Mick\Documents\MDownloader

[2009/11/08 00:07:26 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Roaming\adma

[2009/11/08 00:06:23 | 00,000,000 | ---D | C] -- C:\Program Files\adma

[2009/11/07 09:00:32 | 00,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe

[2009/11/07 09:00:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe

[2009/11/07 09:00:32 | 00,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe

[2009/11/06 15:07:00 | 00,000,000 | ---D | C] -- C:\Users\Mick\Desktop\Microsoft.Windows.7.ULTIMATE.x86.OEM.DVD-BIE

[2009/11/06 13:03:52 | 00,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\REX Shared Library.dll

[2009/11/06 12:13:42 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Roaming\Ableton

[2009/11/06 12:11:26 | 00,368,640 | ---- | C] (Propellerhead Software AB) -- C:\Windows\System32\ReWire.dll

[2009/11/06 12:10:32 | 00,000,000 | ---D | C] -- C:\Program Files\Ableton

[2009/11/06 12:01:30 | 00,086,016 | ---- | C] (M-Audio) -- C:\Windows\System32\MA_CMIDN.DLL

[2009/11/06 12:01:29 | 00,082,944 | ---- | C] (M-Audio) -- C:\Windows\System32\USBMN1X1.DLL

[2009/11/06 12:01:29 | 00,022,208 | ---- | C] (M-Audio) -- C:\Windows\System32\drivers\USBMN1X1.SYS

[2009/11/06 12:01:29 | 00,021,888 | ---- | C] (M-Audio) -- C:\Windows\System32\drivers\MA_CMIDI.SYS

[2009/11/06 12:01:29 | 00,013,504 | ---- | C] (MIDIMAN) -- C:\Windows\System32\drivers\USB11LDR.SYS

[2009/11/06 12:01:29 | 00,000,000 | ---D | C] -- C:\Program Files\M-Audio

[2009/11/04 09:32:28 | 00,000,000 | ---D | C] -- C:\Program Files\Free ISO Creator

[2009/11/03 11:36:40 | 00,000,000 | ---D | C] -- C:\Users\Mick\Desktop\Pro Tools

[2009/11/02 16:16:38 | 00,000,000 | ---D | C] -- C:\Program Files\iPod

[2009/11/02 16:16:37 | 00,000,000 | ---D | C] -- C:\Program Files\iTunes

[2009/10/31 17:05:09 | 00,000,000 | ---D | C] -- C:\Program Files\TweetDeck

[2009/10/30 16:42:19 | 00,000,000 | ---D | C] -- C:\Users\Mick\AppData\Local\MyDownloader

[2009/10/30 16:40:06 | 00,000,000 | ---D | C] -- C:\Program Files\vSoft

[2009/10/30 11:29:29 | 00,000,000 | ---D | C] -- C:\ProgramData\id Software

========== Files - Modified Within 30 Days ==========

[2009/11/28 21:41:01 | 06,291,456 | -HS- | M] () -- C:\Users\Mick\NTUSER.DAT

[2009/11/28 21:07:00 | 00,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2009/11/28 19:14:14 | 00,292,352 | ---- | M] () -- C:\Users\Mick\Desktop\smok8rs4.exe

[2009/11/28 19:12:53 | 00,535,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mick\Desktop\OTL.exe

[2009/11/28 18:07:00 | 00,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2009/11/28 09:21:47 | 00,029,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2009/11/28 09:21:47 | 00,029,440 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2009/11/28 09:16:09 | 00,679,806 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2009/11/28 09:16:09 | 00,127,464 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2009/11/28 09:16:08 | 00,796,712 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI

[2009/11/28 09:10:01 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT

[2009/11/28 09:09:48 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2009/11/28 09:09:42 | 16,089,70240 | -HS- | M] () -- C:\hiberfil.sys

[2009/11/27 22:01:41 | 05,748,719 | -H-- | M] () -- C:\Users\Mick\AppData\Local\IconCache.db

[2009/11/23 10:35:32 | 00,002,043 | ---- | M] () -- C:\Users\Mick\Desktop\HijackThis.lnk

[2009/11/23 08:43:43 | 00,001,574 | ---- | M] () -- C:\Windows\Sandboxie.ini

[2009/11/19 11:13:47 | 17,832,367 | ---- | M] () -- C:\Users\Mick\Desktop\Digizine Win-Spr09.pdf

[2009/11/13 04:50:44 | 00,614,790 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts

[2009/11/08 11:22:43 | 00,002,603 | ---- | M] () -- C:\Users\Public\Desktop\3DVIA Shape for Maps.lnk

[2009/11/08 11:14:29 | 00,001,980 | ---- | M] () -- C:\Users\Public\Desktop\Bing Maps 3D.lnk

[2009/11/07 09:43:23 | 00,000,020 | ---- | M] () -- C:\Windows\

Link to post

Share on other sites

Blade81

Posted November 29, 2009

ID:163717

- Share

Posted November 29, 2009

Hi again

I need to ask you to uninstall Alcohol 120 and keep it uninstalled during the process.

When uninstalled, download SPTD setup file and execute it.

In dialog that appears press "Uninstall" button and then SPTD will remove itself from your Windows installation.

When done, run GMER again and post back the resultant log.

Download and Run SystemLook

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2

Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
```
:filefind
iaStorV.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163762

- Share

Posted November 29, 2009

Hi again
I need to ask you to uninstall Alcohol 120 and keep it uninstalled during the process.
When uninstalled, download SPTD setup file and execute it.
In dialog that appears press "Uninstall" button and then SPTD will remove itself from your Windows installation.
When done, run GMER again and post back the resultant log.
Download and Run SystemLook
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.
Copy the content of the following codebox into the main textfield:
:filefind
iaStorV.sys
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Hello again Blade81,

I un- installed Alcohol and downloaded,ran SPTD as instructed.

Here is the GMER Log after rerunning,

GMER 1.0.15.15252 - http://www.gmer.net

Rootkit scan 2009-11-29 16:22:46

Windows 6.1.7600

Running: smok8rs4.exe; Driver: C:\temp\kxldypoc.sys

---- System - GMER 1.0.15 ----

SSDT 8C5AE2FC ZwCreateThread

SSDT 8C5AE2E8 ZwOpenProcess

SSDT 8C5AE2ED ZwOpenThread

SSDT 8C5AE2F7 ZwTerminateProcess

INT 0x1F \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47AF8

INT 0x37 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47104

INT 0xC1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E473F4

INT 0xD1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E302D8

INT 0xD2 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E2F898

INT 0xDF \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E471DC

INT 0xE1 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47958

INT 0xE3 \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E476F8

INT 0xFD \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E47F2C

INT 0xFE \SystemRoot\system32\halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) 82E481A8

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82A60579 1 Byte [06]

.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A84F52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

.text ntkrnlpa.exe!RtlSidHashLookup + 34C 82A8C84C 4 Bytes [FC, E2, 5A, 8C]

.text ntkrnlpa.exe!RtlSidHashLookup + 4E8 82A8C9E8 4 Bytes CALL 743524CF

.text ntkrnlpa.exe!RtlSidHashLookup + 508 82A8CA08 4 Bytes [ED, E2, 5A, 8C]

.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 82A8CCB8 4 Bytes [F7, E2, 5A, 8C]

.text peauth.sys 8A63AC9D 28 Bytes [1E, B9, 1F, 20, 4B, 94, 8D, ...]

.text peauth.sys 8A63ACC1 28 Bytes [1E, B9, 1F, 20, 4B, 94, 8D, ...]

PAGE peauth.sys 8A640E20 101 Bytes [26, D2, 77, CD, 97, 1C, BC, ...]

PAGE peauth.sys 8A64102C 102 Bytes [41, 74, 9C, 66, 5A, E9, 2E, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 4F90 8A734000 290 Bytes [8B, FF, 55, 8B, EC, 33, C0, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 50B3 8A734123 629 Bytes [F5, 72, 8A, FE, 05, 34, F5, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 5329 8A734399 101 Bytes [6A, 28, 59, A5, 5E, C6, 03, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 538F 8A7343FF 148 Bytes [18, 5D, C2, 14, 00, 8B, FF, ...]

PAGE spsys.sys!?SPRevision@@3PADA + 543B 8A7344AB 2228 Bytes [8B, FF, 55, 8B, EC, FF, 75, ...]

PAGE ...

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

IAT C:\Program Files\M-Audio\M-Audio Series II MIDI\MA_CMIDI_Inst.exe[2020] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75245D3D] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

Device \Driver\00001138 -> \Driver\iaStorV \Device\Harddisk0\DR0 873A1E07

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5D 0x1F 0x2E 0xF5 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x5D 0x1F 0x2E 0xF5 ...

---- Files - GMER 1.0.15 ----

File C:\Windows\system32\drivers\iaStorV.sys suspicious modification

---- EOF - GMER 1.0.15 ----

And here is the SystemLook Log,

SystemLook v1.0 by jpshortstuff (29.08.09)

Log created at 16:31 on 29/11/2009 by Mick (Administrator - Elevation successful)

========== filefind ==========

Searching for "iaStorV.sys"

C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys --a--- 332352 bytes [21:19 10/06/2009] [01:20 14/07/2009] 934AF4D7C5F457B9F0743F4299B77B67

C:\Windows\System32\drivers\iaStorV.sys --a--- 332352 bytes [21:19 10/06/2009] [01:20 14/07/2009] 934AF4D7C5F457B9F0743F4299B77B67

C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys --a--- 332352 bytes [21:19 10/06/2009] [01:20 14/07/2009] 934AF4D7C5F457B9F0743F4299B77B67

-=End Of File=-

Thanks again for your time and much appreciated help !!

Link to post

Share on other sites

Blade81

Posted November 29, 2009

ID:163775

- Share

Posted November 29, 2009

Hi,

Please try this:

1. Go to the c:\windows\system32\drivers folder

2. Locate the file - iaStorV.sys

3. Drag and move the file to Desktop

4. Wait 5 secs and press F5 to see if the operating system regenerated a fresh copy in c:\windows\system32\drivers folder

5a. If a fresh copy is regenerated, reboot the machine

5b. If a fresh copy ISNT regenerated, move the copy from Desktop back to c:\windows\system32\drivers folder.

If 5a was carried out, run GMER and post back the report. Are browsers redirecting?

If 5b was carried out, let me know.

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163788

- Share

Posted November 29, 2009

Hi,
Please try this:
1. Go to the c:\windows\system32\drivers folder
2. Locate the file - iaStorV.sys
3. Drag and move the file to Desktop
4. Wait 5 secs and press F5 to see if the operating system regenerated a fresh copy in c:\windows\system32\drivers folder
5a. If a fresh copy is regenerated, reboot the machine
5b. If a fresh copy ISNT regenerated, move the copy from Desktop back to c:\windows\system32\drivers folder.
If 5a was carried out, run GMER and post back the report. Are browsers redirecting?
If 5b was carried out, let me know.

Have tried to move the file but cannot, I get a message saying "The action can't be completed because the file is open in SYSTEM"

Any other way I can do it ?

All the best

Link to post

Share on other sites

Blade81

Posted November 29, 2009

ID:163862

- Share

Posted November 29, 2009

Hi,

Following things have to be done in recovery environment. Print out the instructions if needed.

Reboot system and press F8 before the Windows' loading screen to access boot menu.

Select "Repair Your Computer" option to start Recovery Environment.

Follow steps under "Starting Recovery Environment from the Advanced Boot Options (F8) Menu" here.

Click Command Prompt on the system recovery options window to access command prompt. Give following command & and press ENTER making sure that spelling is exactly as shown:

copy /y c:\Windows\System32\drivers\iaStorV.sys c:\iaStorV.sys.bad

If all went well you should get "1 file(s) copied." message. After that give command exit (press ENTER) to exit command prompt. Click restart on system recovery options window.

When back to normal mode, upload c:\iaStorV.sys.bad to Virustotal and post back the results.

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163880

- Share

Posted November 29, 2009

Hi,
Following things have to be done in recovery environment. Print out the instructions if needed.
Reboot system and press F8 before the Windows' loading screen to access boot menu.
Select "Repair Your Computer" option to start Recovery Environment.
Follow steps under "Starting Recovery Environment from the Advanced Boot Options (F8) Menu" here.
Click Command Prompt on the system recovery options window to access command prompt. Give following command & and press ENTER making sure that spelling is exactly as shown:
If all went well you should get "1 file(s) copied." message. After that give command exit (press ENTER) to exit command prompt. Click restart on system recovery options window.
When back to normal mode, upload c:\iaStorV.sys.bad to Virustotal and post back the results.

Hi again Blade81, have got that done and here is what came back from VirusTotal,

File iaStorV.sys.bad received on 2009.11.29 20:23:33 (UTC)

Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED

Result: 0/40 (0%)

Loading server information...

Your file is queued in position: 1.

Estimated start time is between 40 and 57 seconds.

Do not close the window until scan is complete.

The scanner that was processing your file is stopped at this moment, we are going to wait a few seconds to try to recover your result.

If you are waiting for more than five minutes you have to resend your file.

Your file is being scanned by VirusTotal in this moment,

results will be shown as they're generated.

Compact Compact

Print results Print results

Your file has expired or does not exists.

Service is stopped in this moments, your file is waiting to be scanned (position: ) for an undefined time.

You can wait for web response (automatic reload) or type your email in the form below and click "request" so the system sends you a notification when the scan is finished.

Email:

Antivirus Version Last Update Result

a-squared 4.5.0.43 2009.11.29 -

AhnLab-V3 5.0.0.2 2009.11.28 -

AntiVir 7.9.1.79 2009.11.29 -

Antiy-AVL 2.0.3.7 2009.11.27 -

Authentium 5.2.0.5 2009.11.29 -

Avast 4.8.1351.0 2009.11.29 -

AVG 8.5.0.426 2009.11.29 -

BitDefender 7.2 2009.11.29 -

CAT-QuickHeal 10.00 2009.11.28 -

ClamAV 0.94.1 2009.11.29 -

Comodo 3082 2009.11.29 -

DrWeb 5.0.0.12182 2009.11.29 -

eSafe 7.0.17.0 2009.11.29 -

eTrust-Vet 35.1.7146 2009.11.27 -

F-Prot 4.5.1.85 2009.11.29 -

F-Secure 9.0.15370.0 2009.11.24 -

Fortinet 4.0.14.0 2009.11.29 -

GData 19 2009.11.29 -

Ikarus T3.1.1.74.0 2009.11.29 -

K7AntiVirus 7.10.906 2009.11.27 -

Kaspersky 7.0.0.125 2009.11.29 -

McAfee 5817 2009.11.29 -

McAfee+Artemis 5817 2009.11.29 -

McAfee-GW-Edition 6.8.5 2009.11.29 -

Microsoft 1.5302 2009.11.29 -

NOD32 4647 2009.11.29 -

Norman 6.03.02 2009.11.27 -

nProtect 2009.1.8.0 2009.11.28 -

Panda 10.0.2.2 2009.11.29 -

PCTools 7.0.3.5 2009.11.29 -

Prevx 3.0 2009.11.29 -

Rising 22.23.06.04 2009.11.29 -

Sophos 4.48.0 2009.11.29 -

Sunbelt 3.2.1858.2 2009.11.29 -

Symantec 1.4.4.12 2009.11.29 -

TheHacker 6.5.0.2.081 2009.11.28 -

TrendMicro 9.100.0.1001 2009.11.29 -

VBA32 3.12.12.0 2009.11.29 -

ViRobot 2009.11.28.2060 2009.11.28 -

VirusBuster 5.0.21.0 2009.11.29 -

Additional information

File size: 332352 bytes

MD5...: 934af4d7c5f457b9f0743f4299b77b67

SHA1..: ccd3fcf65cad447c9b676996254b93f2a81cdab1

SHA256: f232554352bb7cd716d6173fc1ab2661e49480994bb22e9a6fe7a33b51f0a51b

ssdeep: 6144:sNrolrYkJ9K1DMkCVJrUczOXPXnnDkz5XgGHtldCl7cI:s6JJ43CVJzO/Dk

ziGHtl0F

PEiD..: -

PEInfo: PE Structure information

( base data )

entrypointaddress.: 0xd6005

timedatestamp.....: 0x49dcd6e2 (Wed Apr 08 16:54:58 2009)

machinetype.......: 0x14c (I386)

( 6 sections )

name viradd virsiz rawdsiz ntrpy md5

.text 0x1000 0x4985c 0x49a00 6.48 13646c384f32c0398c8643e88b90eb52

.rdata 0x4b000 0xc3c 0xe00 5.05 08ce8a67367337d5626e536f9d65666a

.data 0x4c000 0x89c38 0x1000 4.84 f2cb9df10bdf195b52f8e615a49a43ce

INIT 0xd6000 0xef8 0x1000 5.35 37c43c3cf912c3a0799e0f9f3ecce575

.rsrc 0xd7000 0x458 0x600 2.61 30d185a9b9e0fecee9dad52912c9b4f7

.reloc 0xd8000 0x2324 0x2400 5.49 1ce4835312cf786e8d2b7a1108c79379

( 2 imports )

> ntoskrnl.exe: ZwOpenKey, DbgPrint, _allmul, IofCompleteRequest, KeSetEvent, PoSetPowerState, _aullshr, MmIsAddressValid, KeWaitForSingleObject, IoFreeWorkItem, IoUnregisterPlugPlayNotification, ObfDereferenceObject, IofCallDriver, IoBuildDeviceIoControlRequest, KeInitializeEvent, memcpy, IoGetDeviceObjectPointer, IoQueueWorkItem, IoAllocateWorkItem, IoRegisterPlugPlayNotification, KeClearEvent, WRITE_REGISTER_ULONG, READ_REGISTER_ULONG, ObReferenceObjectByHandle, KeQueryTimeIncrement, KeTickCount, _aulldiv, KeDelayExecutionThread, MmGetPhysicalAddress, KeCancelTimer, KeSetTimerEx, KeInitializeTimerEx, memmove, KeSetTimer, KeInitializeDpc, KeInitializeTimer, strncpy, strncmp, _purecall, sprintf, InterlockedPopEntrySList, InterlockedPushEntrySList, RtlCompareMemory, KeBugCheckEx, IoInvalidateDeviceRelations, RtlWriteRegistryValue, RtlDeleteRegistryValue, IoOpenDeviceRegistryKey, ExSystemTimeToLocalTime, KeQuerySystemTime, MmUnmapIoSpace, MmMapIoSpace, ZwCreateKey, swprintf, KeLeaveCriticalRegion, KeEnterCriticalRegion, MmMapLockedPagesSpecifyCache, ExDeleteNPagedLookasideList, KeBugCheck, PsTerminateSystemThread, KeWaitForMultipleObjects, KeSetPriorityThread, PsCreateSystemThread, ExInitializeNPagedLookasideList, ZwQueryValueKey, _aulldvrm, PoRequestPowerIrp, PoStartNextPowerIrp, PoCallDriver, IoReleaseRemoveLockEx, IoAcquireRemoveLockEx, IoFreeIrp, IoGetLowerDeviceObject, IoGetAttachedDeviceReference, IoAllocateIrp, strstr, RtlGetVersion, _alldiv, IoDeleteSymbolicLink, IoAttachDeviceToDeviceStack, IoCreateSymbolicLink, IoCsqInitialize, IoInitializeRemoveLockEx, IoCreateDevice, RtlUnicodeStringToInteger, wcsncpy, wcsstr, IoRegisterDeviceInterface, IoDeleteDevice, IoDetachDevice, _wcsupr, IoGetDeviceProperty, ZwCreateDirectoryObject, ExRegisterCallback, ExCreateCallback, IoConnectInterrupt, IoReportResourceForDetection, ExUnregisterCallback, IoDisconnectInterrupt, IoReleaseRemoveLockAndWaitEx, IoGetConfigurationInformation, IoSetDeviceInterfaceState, KeRemoveQueueDpc, IoCsqInsertIrp, IoCsqRemoveNextIrp, IoFreeMdl, MmProbeAndLockPages, IoAllocateMdl, strncat, RtlAnsiStringToUnicodeString, RtlInitAnsiString, ObfReferenceObject, PoRegisterDeviceForIdleDetection, IoInvalidateDeviceState, IoWriteErrorLogEntry, IoAllocateErrorLogEntry, KeInsertQueueDpc, IoInitializeWorkItem, IoSizeofWorkItem, IoGetDmaAdapter, RtlFreeUnicodeString, KefAcquireSpinLockAtDpcLevel, KefReleaseSpinLockFromDpcLevel, IoRequestDeviceEject, IoUninitializeWorkItem, RtlCreateRegistryKey, RtlCopyUnicodeString, RtlUnwind, ZwClose, memset, RtlInitUnicodeString, ExAllocatePoolWithTag, RtlAppendUnicodeToString, RtlAppendUnicodeStringToString, RtlQueryRegistryValues, _aullrem, ExFreePoolWithTag

> HAL.dll: KeAcquireInStackQueuedSpinLock, KfAcquireSpinLock, KfReleaseSpinLock, ExAcquireFastMutex, ExReleaseFastMutex, KeGetCurrentIrql, KeStallExecutionProcessor, KeReleaseInStackQueuedSpinLock

( 0 exports )

RDS...: NSRL Reference Data Set

-

pdfid.: -

trid..: Win32 Executable Generic (68.0%)

Generic Win/DOS Executable (15.9%)

DOS Executable Generic (15.9%)

Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

sigcheck:

publisher....: Intel Corporation

product......: Intel Matrix Storage Manager driver

description..: Intel Matrix Storage Manager driver - ia32

original name: iaStor.sys

internal name: iaStor.sys

file version.: 8.6.2.1012

comments.....: -ia32

signers......: -

signing date.: -

verified.....: Unsigned

ATENTION ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.

A real pesky puzzler !!

What do you reckon next ;-)

Link to post

Share on other sites

Blade81

Posted November 29, 2009

ID:163908

- Share

Posted November 29, 2009

Hi,

Click start->run->type cmd.exe and enter. In command prompt type following command and press enter:

copy /y C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys c:\iaStorV.sys.bak

Verify that you get output message "1 file(s) copied." and that c:\iaStorV.sys.bak file exists after operation.

When verified, please access Windows Recovery Environment as instructed in my previous post.

Access command prompt as shown in the tutorial. Then write following two bolded commands (each line presents command, have enter pressed after each one):

copy /y c:\iaStorV.sys.bak C:\windows\system32\drivers\iaStorV.sys

exit

After that return to normal mode and see if redirecting still occurs.

Link to post

Share on other sites

Arfer

Posted November 29, 2009

Author

ID:163915

- Share

Posted November 29, 2009

Hi,
Click start->run->type cmd.exe and enter. In command prompt type following command and press enter:
copy /y C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys c:\iaStorV.sys.bak
Verify that you get output message "1 file(s) copied." and that c:\iaStorV.sys.bak file exists after operation.
When verified, please access Windows Recovery Environment as instructed in my previous post.
Access command prompt as shown in the tutorial. Then write following two bolded commands (each line presents command, have enter pressed after each one):
copy /y c:\iaStorV.sys.bak C:\windows\system32\drivers\iaStorV.sys
exit
After that return to normal mode and see if redirecting still occurs.

Hi Blade81, will do that in the morning - first thing ! Thanks for all your help and persistence, have a good evening (what's left of it) Cheers for now

Link to post

Share on other sites

Arfer

Posted November 30, 2009

Author

ID:164072

- Share

Posted November 30, 2009

Hi Blade81, will do that in the morning - first thing ! Thanks for all your help and persistence, have a good evening (what's left of it) Cheers for now

Good Morning Blade81,

Have done as suggested and unfortunately the redirection is still there.

I have observed one thing though, the browser is always stable untill I want to open another tab of I move the mouse wheel on HTML, could this be a java issue ? (mine is upto date)

Thanks as ever

Link to post

Share on other sites

Blade81

Posted December 1, 2009

ID:164510

- Share

Posted December 1, 2009

Hi,

Have you tried to see if the issue happens with other browsers too?

Download ATF (Atribune Temp File) Cleaner

Link to post

Share on other sites

Root Admin

AdvancedSetup

Posted December 7, 2009

Root Admin

ID:167897

- Share

Posted December 7, 2009

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Link to post

Share on other sites

Root Admin

AdvancedSetup

Posted December 10, 2009

Root Admin

ID:168902

- Share

Posted December 10, 2009

Post re-opened at user request.

Link to post

Share on other sites

Root Admin

AdvancedSetup

Posted December 16, 2009

Root Admin

ID:171481

- Share

Posted December 16, 2009

Closed a SECOND TIME - Please do not ask to re-open.

Due to the lack of feedback this Topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine. Please start a new thread describing your issue and someone will be along to assist you.

Browser being re-direscted

Recommended Posts

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Link to post

Share on other sites

Recently Browsing 0 members

Important Information