Jump to content

Recommended Posts

Hey guys, I seem to be infected with a rather fussy redirect. Cant seem to find it with a number of popular scans/programs. I've gone ahead and disabled cd emulation prior to gathering the included log files. We've got a combofix log, DDS and Attach.zip from the dds script, and a log from OTL. The OTL scan was run with Minimal Output, LOP and Purity checks, "all" standard registry, and these custom settings pasted in..

netsvcs

%SYSTEMDRIVE%\*.*

%systemroot%\system32\*.dll /lockedfiles

%systemroot%\Tasks\*.job /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\system32\drivers\*.sys /90

%systemroot%\system32\Spool\prtprocs\w32x86\*.dll

Like I said, this thing is really fussy so I'm unable to run a full GMER. I get about 30 seconds in and the computer reboots. Again, for the record I've taken care to disable CD Emulation as well as Avast, even Teatimer for what its worth ;P

We'll start with the DDS log, then, OTL, followed by the Combofix log.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by Terry at 18:07:57.65 on Fri 03/25/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23

AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

============== Running Processes ===============

.

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

uRun: [Messenger (Yahoo!)] "c:\appz\messen~1\YAHOOM~1.EXE" -quiet

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [avast5] "c:\appz\avast5\avastUI.exe" /nogui

mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun

mRun: [Freecorder FLV Service] "c:\appz\freecorder\FLVSrvc.exe" /run

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292133625515

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: AtiExtEvent - Ati2evxx.dll

AppInit_DLLs: c:\windows\system32\wbsys.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - c:\appz\iconpackager\iprepair.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\terry\applic~1\mozilla\firefox\profiles\hsh5e79q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\appz\firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\appz\firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

.

---- FIREFOX POLICIES ----

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

============= SERVICES / DRIVERS ===============

.

.

=============== Created Last 30 ================

.

2011-03-25 20:50:26 -------- d-----w- c:\program files\ESET

2011-03-17 15:00:58 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\ConduitEngine

2011-03-17 15:00:57 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-03-17 15:00:57 -------- d-----w- c:\program files\ConduitEngine

2011-03-13 17:29:23 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\Conduit

2011-03-13 17:29:22 -------- d-----w- c:\program files\Conduit

2011-03-13 17:29:21 -------- d-----w- c:\program files\Freecorder

2011-03-13 17:29:21 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\Freecorder

2011-03-13 17:11:56 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\EZSoftMagic

2011-03-13 17:11:37 -------- d-----w- c:\program files\v0cNs188Hm

2011-03-09 19:15:18 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\Adobe

2011-03-09 17:48:37 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\TQVault

2011-03-07 21:32:55 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2011-03-07 21:31:59 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software

2011-03-07 20:50:54 -------- d-----w- c:\docume~1\terry\applic~1\fofix

2011-03-06 18:53:18 -------- d-----w- c:\program files\THQ

2011-03-04 19:17:03 40960 ----a-r- c:\windows\system32\psfind.dll

2011-02-28 16:50:35 -------- d-----w- c:\docume~1\terry\locals~1\applic~1\Secunia PSI

2011-02-24 18:03:38 90112 ----a-w- c:\windows\unvise32.exe

.

==================== Find3M ====================

.

2011-03-08 19:44:49 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-02-04 22:48:32 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48:30 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 16:06:54 218624 ----a-w- c:\windows\system32\uxtheme.dll

2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-25 21:13:55 63116508 ----a-w- C:\Entire.reg

2011-01-22 17:51:16 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-20 04:50:52 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-20 04:50:52 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-13 19:36:34 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe

2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 18:08:16.09 ===============

Now the OTL log...

OTL logfile created on: 3/25/2011 6:04:30 PM - Run 3

OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Terry\Desktop

Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 82.00% Memory free

5.00 Gb Paging File | 5.00 Gb Available in Paging File | 93.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 465.75 Gb Total Space | 97.31 Gb Free Space | 20.89% Space Free | Partition Type: NTFS

Drive H: | 7.55 Gb Total Space | 0.90 Gb Free Space | 11.87% Space Free | Partition Type: FAT32

Computer Name: LLAMA-09F031757 | User Name: Terry | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Terry\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Appz\Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Appz\Avast5\Setup\avast.setup (AVAST Software)

PRC - C:\Appz\Avast5\AvastUI.exe (AVAST Software)

PRC - C:\Appz\Avast5\AvastSvc.exe (AVAST Software)

PRC - C:\Appz\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

PRC - C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Terry\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll (Applian Technologies, Inc.)

MOD - C:\Documents and Settings\Terry\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

MOD - C:\Appz\IconPackager\iprepair.dll (Stardock.net, Inc)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_d495ac4e\msvcr90.dll (Microsoft Corporation)

MOD - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)

========== Win32 Services (SafeList) ==========

SRV - (Nomad) -- File not found

SRV - (HidServ) -- File not found

SRV - (avast! Web Scanner) -- C:\Appz\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Mail Scanner) -- C:\Appz\Avast5\AvastSvc.exe (AVAST Software)

SRV - (avast! Antivirus) -- C:\Appz\Avast5\AvastSvc.exe (AVAST Software)

SRV - (rpcapd) Remote Packet Capture Protocol v.0 (experimental) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)

SRV - (AppleChargerSrv) -- C:\WINDOWS\system32\AppleChargerSrv.exe ()

SRV - (BCUService) -- C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)

========== Driver Services (SafeList) ==========

DRV - (TS_AR5416) -- C:\WINDOWS\system32\drivers\ts_athw.sys (TamoSoft)

DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)

DRV - (aswSnx) -- C:\WINDOWS\System32\drivers\aswSnx.sys (AVAST Software)

DRV - (aswTdi) -- C:\WINDOWS\System32\drivers\aswTdi.sys (AVAST Software)

DRV - (aswSP) -- C:\WINDOWS\System32\drivers\aswSP.sys (AVAST Software)

DRV - (aswRdr) -- C:\WINDOWS\System32\drivers\aswRdr.sys (AVAST Software)

DRV - (aswMon2) -- C:\WINDOWS\System32\drivers\aswmon2.sys (AVAST Software)

DRV - (aswFsBlk) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys (AVAST Software)

DRV - (Aavmker4) -- C:\WINDOWS\System32\drivers\aavmker4.sys (AVAST Software)

DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AppleCharger) -- C:\WINDOWS\system32\drivers\AppleCharger.sys ()

DRV - (nvgts) -- C:\WINDOWS\system32\DRIVERS\nvgts.sys (NVIDIA Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (nm) -- C:\WINDOWS\system32\drivers\nmnt.sys (Microsoft Corporation)

DRV - (ATITool) -- C:\WINDOWS\system32\drivers\ATITool.sys ()

DRV - (SCDEmu) -- C:\WINDOWS\System32\drivers\scdemu.sys (PowerISO Computing, Inc.)

DRV - (AtiHdmiService) -- C:\WINDOWS\system32\drivers\AtiHdmi.sys (ATI Research Inc.)

DRV - (ts_lb) -- C:\WINDOWS\system32\drivers\ts_lb.sys (TamoSoft)

DRV - (AmdPPM) -- C:\WINDOWS\system32\drivers\AmdPPM.sys (Advanced Micro Devices)

DRV - (athr) -- C:\WINDOWS\system32\drivers\athr.sys (Atheros Communications, Inc.)

DRV - (CV2K1) -- C:\WINDOWS\system32\drivers\cv2k1.sys (TamoSoft)

DRV - (NSNDIS5) -- C:\WINDOWS\system32\nsndis5.sys (Printing Communications Assoc., Inc. (PCAUSA))

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\..\URLSearchHook: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)

IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.2.1

FF - prefs.js..extensions.enabledItems: {8b86149f-01fb-4842-9dd8-4d7eb02fd055}:0.21.1

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/12/12 02:48:50 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2011/01/20 00:50:52 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Appz\Firefox\components [2011/03/24 12:09:59 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Appz\Firefox\plugins [2011/03/24 12:09:58 | 000,000,000 | ---D | M]

[2010/12/14 03:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions

[2010/12/14 03:15:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2011/03/25 17:44:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions

[2011/03/13 13:30:36 | 000,000,000 | ---D | M] (Freecorder Toolbar) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}

[2010/12/15 22:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/12/15 15:16:13 | 000,000,000 | ---D | M] (All-in-One Gestures) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

[2011/01/09 20:19:42 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

[2011/01/25 18:09:30 | 000,000,000 | ---D | M] ("TrackerBlock") -- C:\Documents and Settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\extensions\trackerblock@privacychoice(2).org

[2011/01/20 00:51:01 | 000,000,000 | ---D | M] (Java Console) -- C:\APPZ\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

[2011/01/20 00:50:52 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF

O1 HOSTS File: ([2011/03/25 17:23:07 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O2 - BHO: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Freecorder Toolbar) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Freecorder Toolbar) - {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files\Freecorder\prxtbFre0.dll (Conduit Ltd.)

O4 - HKLM..\Run: [avast5] C:\Appz\Avast5\avastUI.exe (AVAST Software)

O4 - HKLM..\Run: [bCU] C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [Freecorder FLV Service] C:\Appz\Freecorder\FLVSrvc.exe (Applian Technologies, Inc.)

O4 - HKLM..\Run: [XboxStat] c:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)

O4 - HKCU..\Run: [Messenger (Yahoo!)] C:\Appz\Messenger\YahooMessenger.exe (Yahoo! Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1292133625515 (MUWebControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.109.65.68 213.109.75.214 1.1.1.1

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - AppInit_DLLs: (C:\WINDOWS\system32\wbsys.dll) - C:\WINDOWS\system32\wbsys.dll (Stardock.Net, Inc)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Appz\IconPackager\iprepair.dll (Stardock.net, Inc)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Terry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Terry\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2010/12/12 01:12:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found

NetSvcs: HidServ - File not found

NetSvcs: Ias - File not found

NetSvcs: Iprip - File not found

NetSvcs: Irmon - File not found

NetSvcs: NWCWorkstation - File not found

NetSvcs: Nwsapagent - File not found

NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/03/25 17:44:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER

[2011/03/25 17:27:11 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe

[2011/03/25 16:50:26 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2011/03/21 16:27:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\Google

[2011/03/21 03:27:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\Astral Travel for Beginners - Richard Webster

[2011/03/17 17:04:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\TQVault

[2011/03/17 11:00:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\ConduitEngine

[2011/03/17 11:00:57 | 000,000,000 | ---D | C] -- C:\Program Files\ConduitEngine

[2011/03/13 13:29:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\Conduit

[2011/03/13 13:29:22 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

[2011/03/13 13:29:21 | 000,000,000 | ---D | C] -- C:\Program Files\Freecorder

[2011/03/13 13:29:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\Freecorder

[2011/03/13 13:27:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Start Menu\Programs\Freecorder

[2011/03/13 13:11:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\EZSoftMagic

[2011/03/13 13:11:37 | 000,000,000 | ---D | C] -- C:\Program Files\v0cNs188Hm

[2011/03/11 18:45:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Desktop\New Movies - 3-11-11

[2011/03/09 15:15:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\Adobe

[2011/03/09 15:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe

[2011/03/09 13:48:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\TQVault

[2011/03/07 17:32:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Xbox 360 Accessories

[2011/03/07 17:32:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Xbox 360 Accessories

[2011/03/07 17:31:59 | 000,000,000 | ---D | C] -- C:\Program Files\XBox 360 Controller for Windows Software

[2011/03/07 16:50:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Application Data\fofix

[2011/03/06 14:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\THQ

[2011/03/06 14:40:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\STALKER-SHOC

[2011/03/06 14:30:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Terry\Recent

[2011/03/06 13:19:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Guitar Pro 5

[2011/02/28 12:50:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Terry\Local Settings\Application Data\Secunia PSI

[2011/02/24 14:03:38 | 000,090,112 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe

[2011/02/24 14:03:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AiroWizard 1.0 Beta

[78 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/25 17:48:05 | 000,002,065 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Attach.zip

[2011/03/25 17:41:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011/03/25 17:39:17 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\dds.scr

[2011/03/25 17:38:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Terry\defogger_reenable

[2011/03/25 17:37:14 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\Defogger.exe

[2011/03/25 17:27:18 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Terry\Desktop\OTL.exe

[2011/03/25 17:23:07 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2011/03/25 17:14:51 | 004,302,235 | R--- | M] () -- C:\Documents and Settings\Terry\Desktop\Comfix.exe

[2011/03/25 17:02:33 | 001,006,778 | ---- | M] () -- C:\Documents and Settings\Terry\Desktop\rkill.exe

[2011/03/25 16:45:41 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2011/03/17 17:31:26 | 000,101,440 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2011/03/17 17:05:53 | 000,481,330 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2011/03/17 17:05:53 | 000,079,278 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2011/03/17 17:04:50 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2011/03/08 15:44:49 | 000,098,304 | ---- | M] (Sony DADC Austria AG.) -- C:\WINDOWS\System32\CmdLineExt.dll

[2011/03/07 17:28:47 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01005.Wdf

[2011/03/07 17:28:45 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2011/03/06 12:14:13 | 000,000,041 | ---- | M] () -- C:\WINDOWS\lz_tcm.ini

[78 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[6 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]

[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/25 17:48:05 | 000,002,065 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Attach.zip

[2011/03/25 17:39:14 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\dds.scr

[2011/03/25 17:38:43 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Terry\defogger_reenable

[2011/03/25 17:37:13 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\Defogger.exe

[2011/03/25 17:06:35 | 004,302,235 | R--- | C] () -- C:\Documents and Settings\Terry\Desktop\Comfix.exe

[2011/03/25 17:02:26 | 001,006,778 | ---- | C] () -- C:\Documents and Settings\Terry\Desktop\rkill.exe

[2011/03/07 17:34:23 | 000,167,648 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

[2011/03/07 17:28:47 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\Msft_Kernel_xusb21_01005.Wdf

[2011/03/07 17:28:45 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\System32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf

[2011/03/07 17:28:43 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK

[2011/03/06 12:14:07 | 000,000,041 | ---- | C] () -- C:\WINDOWS\lz_tcm.ini

[2011/03/04 15:17:03 | 000,040,960 | R--- | C] () -- C:\WINDOWS\System32\psfind.dll

[2011/02/23 13:53:43 | 000,014,051 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat

[2011/02/18 18:30:39 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini

[2011/01/30 18:18:34 | 000,000,980 | ---- | C] () -- C:\WINDOWS\eReg.dat

[2011/01/25 18:31:47 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2011/01/25 18:31:47 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2011/01/25 18:31:47 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2011/01/25 18:31:47 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2011/01/25 18:31:47 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2011/01/22 12:58:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE

[2011/01/13 15:36:34 | 000,048,471 | ---- | C] () -- C:\WINDOWS\System32\ForceBindIP-Uninstaller.exe

[2010/12/26 16:21:34 | 000,000,565 | ---- | C] () -- C:\Documents and Settings\Terry\Application Data\myMPQ.ini

[2010/12/16 20:13:37 | 000,000,021 | ---- | C] () -- C:\WINDOWS\WB.ini

[2010/12/16 19:19:23 | 000,004,568 | ---- | C] () -- C:\WINDOWS\langorig.ini

[2010/12/16 19:19:01 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\wbload.dll

[2010/12/15 14:46:51 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\GIF89.DLL

[2010/12/15 14:46:50 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll

[2010/12/14 03:10:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat

[2010/12/12 09:00:44 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2010/12/12 08:58:13 | 000,101,440 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/12 02:32:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin

[2010/12/12 02:32:17 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat

[2010/12/12 02:32:17 | 000,223,990 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat

[2010/12/12 02:32:17 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat

[2010/12/12 02:05:37 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/12 02:01:45 | 000,031,272 | ---- | C] () -- C:\WINDOWS\System32\AppleChargerSrv.exe

[2010/12/12 02:01:45 | 000,019,496 | ---- | C] () -- C:\WINDOWS\System32\drivers\AppleCharger.sys

[2010/12/12 01:25:07 | 000,010,084 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2010/12/12 01:20:45 | 000,207,400 | R--- | C] () -- C:\WINDOWS\GSetup.exe

[2010/12/12 01:20:45 | 000,000,010 | ---- | C] () -- C:\WINDOWS\GSetup.ini

[2010/12/12 01:14:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat

[2010/12/12 01:08:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat

[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2009/09/17 07:26:52 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\ForceBindIP.exe

[2008/10/28 18:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat

[2007/08/08 12:54:10 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys

[2005/08/05 15:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2004/08/10 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin

[2004/08/10 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat

[2004/08/10 08:00:00 | 000,481,330 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat

[2004/08/10 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat

[2004/08/10 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat

[2004/08/10 08:00:00 | 000,079,278 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat

[2004/08/10 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin

[2004/08/10 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat

[2004/08/10 08:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat

[2004/08/10 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat

[2004/08/10 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin

[2004/08/10 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/02/23 16:42:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software

[2010/12/14 19:36:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software

[2010/12/18 12:33:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2011/01/30 19:04:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3

[2011/01/20 00:46:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure

[2011/02/23 13:53:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ralink Driver

[2010/12/18 23:14:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Stardock

[2010/12/16 20:19:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1C533CDB-BAC7-4600-B3DE-0B628D9AC643}

[2010/12/18 23:14:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{1EB63B4B-5639-4477-8E24-05C31B5F8019}

[2011/01/17 22:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Atari

[2011/03/07 16:51:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\fofix

[2011/01/18 14:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Foxit

[2011/01/18 14:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Foxit Software

[2010/12/29 18:29:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\FreeBurner

[2010/12/26 18:28:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\fretsonfire

[2011/02/21 21:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\gtk-2.0

[2011/01/17 22:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Leadertech

[2010/12/20 17:02:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Mael

[2011/03/05 17:01:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\runic games

[2011/02/27 17:07:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\SPORE

[2010/12/18 23:14:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Stardock

[2011/03/21 17:49:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\uTorrent

[2011/02/21 17:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Terry\Application Data\Wireshark

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >

[2010/12/12 01:12:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2011/01/25 18:04:39 | 000,000,221 | ---- | M] () -- C:\Boot.bak

[2011/02/17 13:30:29 | 000,000,337 | RHS- | M] () -- C:\boot.ini

[2004/08/04 00:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr

[2010/12/12 01:12:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2011/01/25 17:13:55 | 063,116,508 | ---- | M] () -- C:\Entire.reg

[2010/12/12 01:12:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010/12/12 01:12:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2004/08/10 08:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2010/12/12 02:22:27 | 000,250,048 | RHS- | M] () -- C:\ntldr

[2011/03/25 17:41:24 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\*.dll /lockedfiles >

[2008/04/13 20:11:51 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

[78 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

[2010/12/12 08:57:28 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

[2010/12/12 08:57:28 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav

[2010/12/12 08:57:28 | 000,892,928 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

[2011/01/09 10:22:53 | 001,629,992 | ---- | M] (TamoSoft) -- C:\WINDOWS\system32\drivers\ts_athw.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

[2008/07/06 08:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< End of report >

Now the Combofix...

ComboFix 11-03-24.06 - Terry 03/25/2011 18:13:43.5.3 - x86

Running from: c:\documents and settings\Terry\Desktop\Comfix.exe

AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))

.

.

2011-03-25 20:50 . 2011-03-25 20:50 -------- d-----w- c:\program files\ESET

2011-03-17 15:00 . 2011-03-17 15:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-03-13 17:29 . 2011-03-17 15:00 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Conduit

2011-03-13 17:29 . 2011-03-13 17:29 -------- d-----w- c:\program files\Conduit

2011-03-13 17:29 . 2011-03-22 22:32 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Freecorder

2011-03-13 17:29 . 2011-03-17 15:01 -------- d-----w- c:\program files\Freecorder

2011-03-13 17:11 . 2011-03-13 17:11 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\EZSoftMagic

2011-03-13 17:11 . 2011-03-13 17:11 -------- d-----w- c:\program files\v0cNs188Hm

2011-03-09 19:15 . 2011-03-09 19:15 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Adobe

2011-03-09 19:15 . 2011-03-09 19:15 -------- d-----w- c:\program files\Common Files\Adobe

2011-03-09 17:48 . 2011-03-09 17:48 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\TQVault

2011-03-07 21:32 . 2011-03-07 21:32 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2011-03-07 21:31 . 2011-03-07 21:31 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software

2011-03-07 20:50 . 2011-03-07 20:51 -------- d-----w- c:\documents and settings\Terry\Application Data\fofix

2011-03-06 18:53 . 2011-03-06 18:53 -------- d-----w- c:\program files\THQ

2011-03-04 19:17 . 2007-01-02 00:03 40960 ----a-r- c:\windows\system32\psfind.dll

2011-02-28 16:50 . 2011-02-28 16:50 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Secunia PSI

2011-02-24 18:03 . 2004-03-29 21:23 90112 ----a-w- c:\windows\unvise32.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-08 19:44 . 2010-12-14 05:38 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-02-04 22:48 . 2004-08-10 12:00 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48 . 2004-08-10 12:00 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 16:06 . 2004-08-10 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2011-02-02 07:58 . 2010-12-12 05:05 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-12-12 05:05 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-25 21:13 . 2011-01-25 21:13 63116508 ----a-w- C:\Entire.reg

2011-01-22 17:51 . 2011-01-22 16:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-21 14:44 . 2004-08-10 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-20 04:50 . 2011-01-20 04:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-20 04:50 . 2011-01-20 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-13 19:36 . 2011-01-13 19:36 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe

2011-01-09 14:22 . 2010-07-26 17:20 1629992 ----a-w- c:\windows\system32\drivers\ts_athw.sys

2011-01-07 14:09 . 2004-08-10 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-03-25_21.23.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-25 21:41 . 2011-03-25 21:41 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat

+ 2010-12-12 05:16 . 2011-03-25 21:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-12 05:16 . 2011-03-25 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-12-12 05:16 . 2011-03-25 21:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-12-12 05:16 . 2011-03-25 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-01-26 00:13 . 2011-03-25 21:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2011-01-26 00:13 . 2011-03-25 20:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 16:14 152160 ----a-w- c:\appz\Avast5\snxPlugins.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"avast5"="c:\appz\Avast5\avastUI.exe" [2010-09-07 2838912]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-12 734624]

"Freecorder FLV Service"="c:\appz\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Map Hack 2007.exe]

path=c:\documents and settings\Terry\Start Menu\Programs\Startup\Map Hack 2007.exe

backup=c:\windows\pss\Map Hack 2007.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]

2009-10-15 19:06 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2004-08-10 09:04 59392 ------w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2007-08-07 00:05 200704 ----a-w- c:\appz\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-04-30 09:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-10-27 03:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2010-07-04 19:51 17408 ----a-w- c:\appz\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Nomad"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Appz\\uTorrent\\uTorrent.exe"=

"c:\\Games\\Demigod\\bin\\Demigod.exe"=

"c:\\Games\\Dawn of War\\W40k.exe"=

"c:\\Games\\Prototype\\prototypef.exe"=

"c:\\Games\\Borderlands\\Binaries\\Borderlands.exe"=

"c:\\Games\\StarCraft II\\StarCraft II.exe"=

"c:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

"c:\\Appz\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\WinPcap\\rpcapd.exe"=

"c:\\Games\\Titan Quest\\Titan Quest.exe"=

"c:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Games\\Emulators\\Nes\\NESTCL95.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;c:\appz\Connection Manager\BVRPNDIS.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2006-12-08 19240]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 Nomad;Connection Manager;c:\appz\Connection Manager\NomadSvr.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2007-06-20 24096]

S2 aswFsBlk;aswFsBlk; [x]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [2011-01-09 14:22 1629992]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\appz\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\appz\Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-25 18:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:b9,5f,f7,0d,68,3e,7a,1d,d3,2b,ec,be,fb,15,1e,c5,ba,6e,5d,3a,87,

f3,70,96,bf,14,8e,6d,97,fb,b3,d7,f2,53,3b,93,e4,8f,fb,16,b9,eb,70,ac,97,48,\

"rkeysecu"=hex:f2,26,6e,de,e9,28,fd,b8,05,0f,ce,ec,b1,73,b0,60

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3840)

c:\windows\system32\WININET.dll

c:\documents and settings\Terry\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\appz\IconPackager\iprepair.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll

c:\program files\Microsoft Silverlight\xapauthenticodesip.dll

.

Completion time: 2011-03-25 18:20:31

ComboFix-quarantined-files.txt 2011-03-25 22:20

ComboFix2.txt 2011-02-28 17:06

ComboFix3.txt 2011-02-17 20:38

ComboFix4.txt 2011-01-26 00:13

.

Pre-Run: 104,462,409,728 bytes free

Post-Run: 104,445,997,056 bytes free

.

- - End Of File - - 792A82294667A5974DE4672C4924834B

Attach.zip

Link to post
Share on other sites

post-32477-1261866970.gif

Please don't attach the scans / logs for these tools, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

I've been seeing some Java infections lately.

Go here and follow the instructions to clear your Java Cache

http://www.java.com/en/download/help/plugin_cache.xml

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

aswMBR version 0.9.4 Copyright© 2011 AVAST Software

Run date: 2011-03-26 11:49:28

-----------------------------

11:49:28.843 OS Version: Windows 5.1.2600 Service Pack 3

11:49:28.843 Number of processors: 3 586 0x503

11:49:28.843 ComputerName: LLAMA-09F031757 UserName: Terry

11:49:30.000 Initialize success

11:49:31.343 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Scsi\nvgts1Port2Path0Target0Lun0

11:49:31.343 Disk 0 Vendor: Hitachi_ JP2O Size: 476940MB BusType: 3

11:49:31.468 Disk 0 MBR read successfully

11:49:31.468 Disk 0 MBR scan

11:49:31.578 Disk 0 scanning sectors +976752000

11:49:31.609 Disk 0 scanning C:\WINDOWS\system32\drivers

11:49:36.109 Service scanning

11:49:36.812 Disk 0 trace - called modules:

11:49:36.828 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll SCSIPORT.SYS nvgts.sys

11:49:36.843 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a606480]

11:49:36.843 3 CLASSPNP.SYS[f74c7fd7] -> nt!IofCallDriver -> \Device\0000006c[0x8a6062e8]

11:49:36.843 5 ACPI.sys[f735e620] -> nt!IofCallDriver -> \Device\Scsi\nvgts1Port2Path0Target0Lun0[0x8a5ca030]

11:49:36.843 Scan finished successfully

Link to post
Share on other sites

ComboFix 11-03-24.06 - Terry 03/25/2011 18:13:43.5.3 - x86

Running from: c:\documents and settings\Terry\Desktop\Comfix.exe

AV: avast! Antivirus *Disabled/Outdated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

.

((((((((((((((((((((((((( Files Created from 2011-02-25 to 2011-03-25 )))))))))))))))))))))))))))))))

.

.

2011-03-25 20:50 . 2011-03-25 20:50 -------- d-----w- c:\program files\ESET

2011-03-17 15:00 . 2011-03-17 15:00 0 ----a-w- c:\windows\system32\ConduitEngine.tmp

2011-03-13 17:29 . 2011-03-17 15:00 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Conduit

2011-03-13 17:29 . 2011-03-13 17:29 -------- d-----w- c:\program files\Conduit

2011-03-13 17:29 . 2011-03-22 22:32 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Freecorder

2011-03-13 17:29 . 2011-03-17 15:01 -------- d-----w- c:\program files\Freecorder

2011-03-13 17:11 . 2011-03-13 17:11 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\EZSoftMagic

2011-03-13 17:11 . 2011-03-13 17:11 -------- d-----w- c:\program files\v0cNs188Hm

2011-03-09 19:15 . 2011-03-09 19:15 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Adobe

2011-03-09 19:15 . 2011-03-09 19:15 -------- d-----w- c:\program files\Common Files\Adobe

2011-03-09 17:48 . 2011-03-09 17:48 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\TQVault

2011-03-07 21:32 . 2011-03-07 21:32 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories

2011-03-07 21:31 . 2011-03-07 21:31 -------- d-----w- c:\program files\XBox 360 Controller for Windows Software

2011-03-07 20:50 . 2011-03-07 20:51 -------- d-----w- c:\documents and settings\Terry\Application Data\fofix

2011-03-06 18:53 . 2011-03-06 18:53 -------- d-----w- c:\program files\THQ

2011-03-04 19:17 . 2007-01-02 00:03 40960 ----a-r- c:\windows\system32\psfind.dll

2011-02-28 16:50 . 2011-02-28 16:50 -------- d-----w- c:\documents and settings\Terry\Local Settings\Application Data\Secunia PSI

2011-02-24 18:03 . 2004-03-29 21:23 90112 ----a-w- c:\windows\unvise32.exe

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-03-08 19:44 . 2010-12-14 05:38 98304 ----a-w- c:\windows\system32\CmdLineExt.dll

2011-02-04 22:48 . 2004-08-10 12:00 456192 ----a-w- c:\windows\system32\encdec.dll

2011-02-04 22:48 . 2004-08-10 12:00 291840 ----a-w- c:\windows\system32\sbe.dll

2011-02-03 16:06 . 2004-08-10 12:00 218624 ----a-w- c:\windows\system32\uxtheme.dll

2011-02-02 07:58 . 2010-12-12 05:05 2067456 ----a-w- c:\windows\system32\mstscax.dll

2011-01-27 11:57 . 2010-12-12 05:05 677888 ----a-w- c:\windows\system32\mstsc.exe

2011-01-25 21:13 . 2011-01-25 21:13 63116508 ----a-w- C:\Entire.reg

2011-01-22 17:51 . 2011-01-22 16:58 2560 ----a-w- c:\windows\_MSRSTRT.EXE

2011-01-21 14:44 . 2004-08-10 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll

2011-01-20 04:50 . 2011-01-20 04:50 73728 ----a-w- c:\windows\system32\javacpl.cpl

2011-01-20 04:50 . 2011-01-20 04:50 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-01-13 19:36 . 2011-01-13 19:36 48471 ----a-w- c:\windows\system32\ForceBindIP-Uninstaller.exe

2011-01-09 14:22 . 2010-07-26 17:20 1629992 ----a-w- c:\windows\system32\drivers\ts_athw.sys

2011-01-07 14:09 . 2004-08-10 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-12-31 13:10 . 2004-08-10 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys

.

.

((((((((((((((((((((((((((((( SnapShot_2011-03-25_21.23.12 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-03-25 21:41 . 2011-03-25 21:41 16384 c:\windows\Temp\Perflib_Perfdata_4e8.dat

+ 2010-12-12 05:16 . 2011-03-25 21:41 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

- 2010-12-12 05:16 . 2011-03-25 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat

+ 2010-12-12 05:16 . 2011-03-25 21:41 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

- 2010-12-12 05:16 . 2011-03-25 20:49 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat

+ 2011-01-26 00:13 . 2011-03-25 21:41 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

- 2011-01-26 00:13 . 2011-03-25 20:49 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-01-17 14:54 175912 ----a-w- c:\program files\Freecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]

2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-01-17 175912]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\snxPluginsShell]

@="{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}"

[HKEY_CLASSES_ROOT\CLSID\{F4B3B0AA-13D1-4a36-BDA2-2055B0F3D5DE}]

2010-09-07 16:14 152160 ----a-w- c:\appz\Avast5\snxPlugins.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]

"avast5"="c:\appz\Avast5\avastUI.exe" [2010-09-07 2838912]

"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-02-12 734624]

"Freecorder FLV Service"="c:\appz\Freecorder\FLVSrvc.exe" [2010-06-26 167936]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\system32\wbsys.dll

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Secunia PSI Tray.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Secunia PSI Tray.lnk

backup=c:\windows\pss\Secunia PSI Tray.lnkCommon Startup

.

[HKLM\~\startupfolder\C:^Documents and Settings^Terry^Start Menu^Programs^Startup^Map Hack 2007.exe]

path=c:\documents and settings\Terry\Start Menu\Programs\Startup\Map Hack 2007.exe

backup=c:\windows\pss\Map Hack 2007.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICustomerCare]

2010-05-04 21:05 311296 ----a-r- c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCU]

2009-10-15 19:06 375000 ----a-w- c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]

2004-08-10 09:04 59392 ------w- c:\windows\ehome\ehtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]

2007-08-07 00:05 200704 ----a-w- c:\appz\PowerISO\PWRISOVM.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]

2010-04-30 09:22 19523616 ----a-w- c:\windows\RTHDCPL.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2010-10-27 03:37 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UnlockerAssistant]

2010-07-04 19:51 17408 ----a-w- c:\appz\Unlocker\UnlockerAssistant.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"Nomad"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Appz\\uTorrent\\uTorrent.exe"=

"c:\\Games\\Demigod\\bin\\Demigod.exe"=

"c:\\Games\\Dawn of War\\W40k.exe"=

"c:\\Games\\Prototype\\prototypef.exe"=

"c:\\Games\\Borderlands\\Binaries\\Borderlands.exe"=

"c:\\Games\\StarCraft II\\StarCraft II.exe"=

"c:\\Games\\StarCraft II\\Versions\\Base15405\\SC2.exe"=

"c:\\Appz\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\WinPcap\\rpcapd.exe"=

"c:\\Games\\Titan Quest\\Titan Quest.exe"=

"c:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=

"c:\\Games\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=

"c:\\Games\\Emulators\\Nes\\NESTCL95.EXE"=

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

.

R2 BVRPNDIS;BVRPNDIS Protocol Driver U/I;c:\appz\Connection Manager\BVRPNDIS.SYS [x]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-11-17 1691480]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2006-12-08 19240]

R3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe [2008-04-14 14336]

R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]

R4 Nomad;Connection Manager;c:\appz\Connection Manager\NomadSvr.exe [x]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2010-04-27 19496]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S1 ts_lb;ts_lb;c:\windows\system32\drivers\ts_lb.sys [2007-06-20 24096]

S2 aswFsBlk;aswFsBlk; [x]

S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-10-15 223464]

S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]

S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [2011-01-09 14:22 1629992]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WINRM REG_MULTI_SZ WINRM

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

FF - ProfilePath - c:\documents and settings\Terry\Application Data\Mozilla\Firefox\Profiles\hsh5e79q.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: network.proxy.type - 0

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\appz\Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\appz\Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: All-in-One Gestures: {8b86149f-01fb-4842-9dd8-4d7eb02fd055} - %profile%\extensions\{8b86149f-01fb-4842-9dd8-4d7eb02fd055}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - user.js: yahoo.ytff.general.dontshowhpoffer - true

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-03-25 18:19

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

.

[HKEY_USERS\S-1-5-21-1993962763-1979792683-839522115-1003\Software\SecuROM\License information*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"datasecu"=hex:b9,5f,f7,0d,68,3e,7a,1d,d3,2b,ec,be,fb,15,1e,c5,ba,6e,5d,3a,87,

f3,70,96,bf,14,8e,6d,97,fb,b3,d7,f2,53,3b,93,e4,8f,fb,16,b9,eb,70,ac,97,48,\

"rkeysecu"=hex:f2,26,6e,de,e9,28,fd,b8,05,0f,ce,ec,b1,73,b0,60

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(696)

c:\windows\system32\Ati2evxx.dll

c:\windows\system32\atiadlxx.dll

.

- - - - - - - > 'explorer.exe'(3840)

c:\windows\system32\WININET.dll

c:\documents and settings\Terry\Local Settings\Application Data\FLVService\lib\FLVSrvLib.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\appz\IconPackager\iprepair.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

c:\windows\system32\WindowsPowerShell\v1.0\pwrshsip.dll

c:\program files\Microsoft Silverlight\xapauthenticodesip.dll

.

Completion time: 2011-03-25 18:20:31

ComboFix-quarantined-files.txt 2011-03-25 22:20

ComboFix2.txt 2011-02-28 17:06

ComboFix3.txt 2011-02-17 20:38

ComboFix4.txt 2011-01-26 00:13

.

Pre-Run: 104,462,409,728 bytes free

Post-Run: 104,445,997,056 bytes free

.

- - End Of File - - 792A82294667A5974DE4672C4924834B

Link to post
Share on other sites

Just the redirection. Only occurs on google searches, and only when I use the search form on www.google.com itself. That is to say when I use the google search in the top right corner of firefox, it never happens. Also, I've noticed when I've left a page open and inactive for more than a few minutes, *any* mouse click within the browser (not necessarily on a link, a click on the page background will do) will bring up a full screen window of firefox presenting a random ad. When I use the search on googles page itself, all of the links start with "http://8502.r.google.com/click?q=" followed by my search terms and plenty of extra mess. Google News results shown on the same search result page do not redirect.

Link to post
Share on other sites

I'm thinking it's a FireFox add-on

To view which add-ons you have installed:

1.At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-onsOn the menu bar, click on the Tools menu, and then click Add-onsAt the top of the Firefox window, click on the Tools menu, and then click Add-ons. The Add-ons Manager tab will openAt the top of the Firefox window, click on the Tools menu, and select Add-onsOn the menu bar, click on the Tools menu, and select Add-onsAt the top of the Firefox window, click on the Tools menu, and select Add-ons. The Add-ons window will open.

2.Select the Extensions, AppearanceThemes or Plugins panels.

The usual method for uninstalling extensions and themes is by using the Add-ons manager for your Mozilla application, as follows.

1.Click "Tools -> Add-ons (Add-on Manager in SeaMonkey 2)

2.Click on the Extensions or Themes button on the top.

3.Click on the extension or theme you want to uninstall.

4.Click Uninstall.

5.Restart your Mozilla application.

Link to post
Share on other sites

Ad-block plus 1.3.3, All-in-One Gestures 0.21.1, Freecorder 2.7.2.0, Java Console 6.0.23, Java Quickstarter 1.0, Microsoft .NET Framework Assistant 1.2.1. The problem is older than Gestures and Freecorder so can be ruled out? Remove one by one and rule each out?

Link to post
Share on other sites

Well, I started with ad-block plus. Disabled and restarted firefox. www.google.com is my homepage. Upon loading up, firefox tried to offer up a download named jpknhtjuypywh9.asx (random bs) from http://zone-x.seattlepi.com. I told it no, re-enabled adblock, restarted firefox, and am here reporting it. I went no further with disabling other add-ons at this point.

Link to post
Share on other sites

Sorry for double reply, but I just noticed, when ad-block plus is disabled I dont get the redirect. So it is indeed Ad-block plus doing this. Why is it doing me wrong now? I've never had anything but a positive experience using it.. :( Well, into the trash it goes, what should I use for an alternative?

Link to post
Share on other sites

For the record, after tweaking with my Ad-Block Plus subscriptions, of which I had two, FanBoys List and Easylist. With Easylist active, I get the redirect. With just Fanboys list, I do not. To anyone who may come across this thread whilst looking to solve their own similar problem, please note, the Easylist subscription for Ad-block Plus gives me redirection whilst searching on google. If you experience the same problem, my above observations may be able to help. Not telling you how to fix anything btw, just please note my recent experience with Ad-block Plus.

Link to post
Share on other sites

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

2011/03/26 14:11:04.0640 1744 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28

2011/03/26 14:11:04.0718 1744 ================================================================================

2011/03/26 14:11:04.0718 1744 SystemInfo:

2011/03/26 14:11:04.0718 1744

2011/03/26 14:11:04.0718 1744 OS Version: 5.1.2600 ServicePack: 3.0

2011/03/26 14:11:04.0718 1744 Product type: Workstation

2011/03/26 14:11:04.0718 1744 ComputerName: LLAMA-09F031757

2011/03/26 14:11:04.0718 1744 UserName: Terry

2011/03/26 14:11:04.0718 1744 Windows directory: C:\WINDOWS

2011/03/26 14:11:04.0718 1744 System windows directory: C:\WINDOWS

2011/03/26 14:11:04.0718 1744 Processor architecture: Intel x86

2011/03/26 14:11:04.0718 1744 Number of processors: 3

2011/03/26 14:11:04.0718 1744 Page size: 0x1000

2011/03/26 14:11:04.0718 1744 Boot type: Normal boot

2011/03/26 14:11:04.0718 1744 ================================================================================

2011/03/26 14:11:05.0203 1744 Initialize success

2011/03/26 14:11:11.0562 3884 ================================================================================

2011/03/26 14:11:11.0562 3884 Scan started

2011/03/26 14:11:11.0562 3884 Mode: Manual;

2011/03/26 14:11:11.0562 3884 ================================================================================

2011/03/26 14:11:11.0968 3884 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys

2011/03/26 14:11:12.0031 3884 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/03/26 14:11:12.0046 3884 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/03/26 14:11:12.0171 3884 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/03/26 14:11:12.0203 3884 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2011/03/26 14:11:12.0312 3884 Ambfilt (267fc636801edc5ab28e14036349e3be) C:\WINDOWS\system32\drivers\Ambfilt.sys

2011/03/26 14:11:12.0453 3884 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys

2011/03/26 14:11:12.0468 3884 AppleCharger (75a8b998eb259dd512f01ea25bec7f3b) C:\WINDOWS\system32\DRIVERS\AppleCharger.sys

2011/03/26 14:11:12.0562 3884 AR5416 (79e7f1dc99b28e6667aa7d0c5bbdc3e4) C:\WINDOWS\system32\DRIVERS\athw.sys

2011/03/26 14:11:12.0890 3884 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys

2011/03/26 14:11:12.0890 3884 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys

2011/03/26 14:11:12.0906 3884 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys

2011/03/26 14:11:12.0921 3884 aswSnx (81f10376af5f0f466f03cb2c5321b7ed) C:\WINDOWS\system32\drivers\aswSnx.sys

2011/03/26 14:11:12.0937 3884 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys

2011/03/26 14:11:13.0062 3884 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys

2011/03/26 14:11:13.0093 3884 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/03/26 14:11:13.0109 3884 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/03/26 14:11:13.0265 3884 athr (dfa77e7f9e625406f388c8eb09d9d1b4) C:\WINDOWS\system32\DRIVERS\athr.sys

2011/03/26 14:11:13.0359 3884 ati2mtag (f4ad4955bda925c154b0c87345b5059a) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys

2011/03/26 14:11:13.0500 3884 AtiHdmiService (dc6957811ff95f2dd3004361b20d8d3f) C:\WINDOWS\system32\drivers\AtiHdmi.sys

2011/03/26 14:11:13.0515 3884 ATITool (d4ed96ac2fafee2c697436b9a2871cd3) C:\WINDOWS\system32\DRIVERS\ATITool.sys

2011/03/26 14:11:13.0546 3884 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/03/26 14:11:13.0671 3884 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/03/26 14:11:13.0703 3884 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/03/26 14:11:13.0921 3884 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/03/26 14:11:13.0937 3884 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/03/26 14:11:13.0968 3884 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/03/26 14:11:14.0078 3884 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/03/26 14:11:14.0140 3884 CV2K1 (96f4e296dea71922db896aa9d261167e) C:\WINDOWS\system32\DRIVERS\cv2k1.sys

2011/03/26 14:11:14.0187 3884 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/03/26 14:11:14.0328 3884 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/03/26 14:11:14.0375 3884 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/03/26 14:11:14.0484 3884 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/03/26 14:11:14.0500 3884 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/03/26 14:11:14.0531 3884 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/03/26 14:11:14.0562 3884 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/03/26 14:11:14.0687 3884 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/03/26 14:11:14.0703 3884 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/03/26 14:11:14.0734 3884 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/03/26 14:11:14.0859 3884 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/03/26 14:11:14.0890 3884 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/03/26 14:11:14.0906 3884 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/03/26 14:11:14.0937 3884 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/03/26 14:11:15.0046 3884 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/03/26 14:11:15.0078 3884 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/03/26 14:11:15.0109 3884 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/03/26 14:11:15.0250 3884 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/03/26 14:11:15.0281 3884 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/03/26 14:11:15.0468 3884 IntcAzAudAddService (7a9299f48d6f2e802e5b0e0dc508842a) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2011/03/26 14:11:15.0625 3884 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/03/26 14:11:15.0640 3884 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/03/26 14:11:15.0656 3884 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/03/26 14:11:15.0671 3884 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/03/26 14:11:15.0796 3884 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/03/26 14:11:15.0812 3884 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/03/26 14:11:15.0859 3884 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/03/26 14:11:15.0968 3884 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/03/26 14:11:15.0984 3884 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/03/26 14:11:16.0000 3884 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/03/26 14:11:16.0046 3884 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/03/26 14:11:16.0171 3884 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/03/26 14:11:16.0187 3884 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/03/26 14:11:16.0234 3884 Monfilt (c7d9f9717916b34c1b00dd4834af485c) C:\WINDOWS\system32\drivers\Monfilt.sys

2011/03/26 14:11:16.0296 3884 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/03/26 14:11:16.0406 3884 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/03/26 14:11:16.0406 3884 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/03/26 14:11:16.0437 3884 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/03/26 14:11:16.0453 3884 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/03/26 14:11:16.0484 3884 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/03/26 14:11:16.0578 3884 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/03/26 14:11:16.0578 3884 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/03/26 14:11:16.0593 3884 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/03/26 14:11:16.0625 3884 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/03/26 14:11:16.0656 3884 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2011/03/26 14:11:16.0765 3884 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/03/26 14:11:16.0812 3884 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/03/26 14:11:16.0875 3884 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/03/26 14:11:16.0953 3884 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/03/26 14:11:17.0031 3884 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/03/26 14:11:17.0062 3884 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/03/26 14:11:17.0171 3884 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/03/26 14:11:17.0203 3884 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys

2011/03/26 14:11:17.0234 3884 NPF (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys

2011/03/26 14:11:17.0359 3884 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/03/26 14:11:17.0421 3884 NSNDIS5 (53f7546e8daefb3a0813f5e19c4613c9) C:\WINDOWS\system32\NSNDIS5.SYS

2011/03/26 14:11:17.0437 3884 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/03/26 14:11:17.0453 3884 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/03/26 14:11:17.0484 3884 NVENETFD (c61927d27b75ed56723f2508f1a6b1be) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys

2011/03/26 14:11:17.0593 3884 nvgts (52dce3b30c9d61c8e20fe3c6da4bdfb7) C:\WINDOWS\system32\DRIVERS\nvgts.sys

2011/03/26 14:11:17.0625 3884 nvnetbus (c529b614ef88be0f62b886c67b516550) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys

2011/03/26 14:11:17.0640 3884 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/03/26 14:11:17.0703 3884 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/03/26 14:11:17.0734 3884 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/03/26 14:11:17.0875 3884 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/03/26 14:11:17.0968 3884 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/03/26 14:11:18.0000 3884 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/03/26 14:11:18.0015 3884 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/03/26 14:11:18.0046 3884 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/03/26 14:11:18.0203 3884 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/03/26 14:11:18.0203 3884 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys

2011/03/26 14:11:18.0218 3884 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/03/26 14:11:18.0218 3884 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/03/26 14:11:18.0250 3884 PxHelp20 (617accada2e0a0f43ec6030bbac49513) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/03/26 14:11:18.0406 3884 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/03/26 14:11:18.0421 3884 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/03/26 14:11:18.0437 3884 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/03/26 14:11:18.0437 3884 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/03/26 14:11:18.0453 3884 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/03/26 14:11:18.0562 3884 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/03/26 14:11:18.0578 3884 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/03/26 14:11:18.0609 3884 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/03/26 14:11:18.0640 3884 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/03/26 14:11:18.0765 3884 SCDEmu (612a3d69e603dbbe5c3c1079186a0393) C:\WINDOWS\system32\drivers\SCDEmu.sys

2011/03/26 14:11:18.0812 3884 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/03/26 14:11:18.0843 3884 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/03/26 14:11:18.0843 3884 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/03/26 14:11:18.0875 3884 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/03/26 14:11:19.0031 3884 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/03/26 14:11:19.0062 3884 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/03/26 14:11:19.0187 3884 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/03/26 14:11:19.0203 3884 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/03/26 14:11:19.0218 3884 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/03/26 14:11:19.0281 3884 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/03/26 14:11:19.0390 3884 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/03/26 14:11:19.0406 3884 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/03/26 14:11:19.0437 3884 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/03/26 14:11:19.0468 3884 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/03/26 14:11:19.0609 3884 TS_AR5416 (070c459f817f2e35d5e52b1a3c103ef1) C:\WINDOWS\system32\DRIVERS\ts_athw.sys

2011/03/26 14:11:19.0671 3884 ts_lb (ece60342fc56d206a3adb661d7ff684d) C:\WINDOWS\system32\drivers\ts_lb.sys

2011/03/26 14:11:19.0843 3884 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/03/26 14:11:19.0921 3884 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/03/26 14:11:20.0046 3884 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/03/26 14:11:20.0062 3884 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/03/26 14:11:20.0078 3884 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys

2011/03/26 14:11:20.0109 3884 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/03/26 14:11:20.0250 3884 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/03/26 14:11:20.0281 3884 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/03/26 14:11:20.0343 3884 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/03/26 14:11:20.0453 3884 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys

2011/03/26 14:11:20.0484 3884 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/03/26 14:11:20.0640 3884 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/03/26 14:11:20.0656 3884 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/03/26 14:11:20.0718 3884 xusb21 (f5e5f944e63a9b5f6e76c2ebb2ac462f) C:\WINDOWS\system32\DRIVERS\xusb21.sys

2011/03/26 14:11:20.0937 3884 ================================================================================

2011/03/26 14:11:20.0937 3884 Scan finished

2011/03/26 14:11:20.0937 3884 ================================================================================

Link to post
Share on other sites

Try just turning it off and unplug the power for 5 mins.

If that didn't work:

try to reset the router to its default configuration.

[*]This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.

[*]Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).

[*]If you don

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.