Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

more browser redirects


  • This topic is locked This topic is locked
3 replies to this topic

#1 JonnyGolf

JonnyGolf

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 20 December 2009 - 04:10 PM

Hi, I've seen a number of other similar issues where search results are being redirected...here's my OTL results:


OTL logfile created on: 12/20/2009 12:45:14 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Users\JK\Documents\Downloads
Ultimate Edition (Version = 6.1.7100) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7100.0)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 55.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 232.69 Gb Total Space | 215.21 Gb Free Space | 92.49% Space Free | Partition Type: NTFS
Drive D: | 111.79 Gb Total Space | 78.20 Gb Free Space | 69.95% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: JK-PC
Current User Name: JK
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/20 12:43:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\JK\My Documents\Downloads\OTL.exe
PRC - [2009/12/09 15:22:33 | 00,921,072 | ---- | M] (Google Inc.) -- C:\Users\JK\AppData\Local\Google\Chrome\Application\chrome.exe
PRC - [2009/11/18 12:47:14 | 01,243,088 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsTray.exe
PRC - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsSvc.exe
PRC - [2009/11/03 08:42:39 | 00,123,248 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe
PRC - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsAuxs.exe
PRC - [2009/10/26 08:01:08 | 00,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/10/26 08:01:08 | 00,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2009/10/19 22:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe
PRC - [2009/08/24 14:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe
PRC - [2009/06/10 05:22:22 | 00,334,224 | ---- | M] (The Eraser Project) -- C:\Program Files\Eraser\Eraser.exe
PRC - [2009/05/26 20:06:32 | 00,079,088 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\Messenger\Ymsgr_tray.exe
PRC - [2009/04/30 13:44:16 | 02,352,416 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
PRC - [2009/04/30 13:44:16 | 00,795,936 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2009/04/30 13:44:16 | 00,578,848 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2009/04/21 21:19:46 | 00,196,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WUDFHost.exe
PRC - [2009/04/21 21:19:35 | 00,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/04/21 21:19:12 | 00,157,184 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Windows Defender\MpCmdRun.exe
PRC - [2009/04/21 21:19:02 | 02,607,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/02/19 18:05:52 | 00,128,296 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
PRC - [2009/02/19 18:05:26 | 01,434,920 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
PRC - [2009/02/19 18:05:26 | 00,103,720 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
PRC - [2008/11/15 08:17:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvvsvc.exe
PRC - [2007/07/10 09:40:30 | 01,282,048 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files\Analog Devices\Core\smax4pnp.exe
PRC - [2007/06/01 01:02:06 | 00,036,400 | ---- | M] (Lenovo) -- C:\Windows\System32\ibmpmsvc.exe
PRC - [2007/02/06 11:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE
PRC - [2006/11/27 16:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) -- C:\Windows\System32\drivers\XAudio.exe


========== Modules (SafeList) ==========

MOD - [2009/12/20 12:43:42 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Users\JK\My Documents\Downloads\OTL.exe
MOD - [2009/05/12 22:15:18 | 01,679,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7100.19_none_b6a32c7c247ee542\comctl32.dll
MOD - [2009/04/30 13:39:04 | 00,221,184 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BtMmHook.dll
MOD - [2009/04/30 13:32:36 | 00,126,976 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2009/04/21 21:22:04 | 00,099,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/04/21 21:21:49 | 00,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/04/21 21:21:46 | 00,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/04/21 21:21:43 | 00,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/04/21 21:21:19 | 00,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/04/21 21:20:43 | 00,280,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/04/21 21:20:19 | 00,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/04/21 21:20:14 | 00,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/04/21 21:20:07 | 00,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/04/21 21:20:00 | 00,145,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 14:29:22 | 01,141,712 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2009/11/03 08:42:39 | 00,123,248 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2009/10/30 11:18:16 | 00,359,624 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/10/19 22:34:55 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\17.1.0.19\ccSvcHst.exe -- (NIS)
SRV - [2009/08/24 14:49:41 | 00,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton PC Checkup\Engine\2.0.1.246\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/07/08 13:53:41 | 00,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/03 19:50:16 | 00,133,104 | ---- | M] (Google Inc.) [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe -- (gupdate) Google Update Service (gupdate)
SRV - [2009/04/30 13:44:16 | 00,578,848 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009/04/21 21:22:25 | 00,185,344 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/04/21 21:22:12 | 00,151,040 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/04/21 21:22:10 | 00,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/04/21 21:22:07 | 00,037,888 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/04/21 21:22:02 | 00,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/04/21 21:21:49 | 00,025,600 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/04/21 21:21:46 | 00,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/04/21 21:21:43 | 00,164,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/04/21 21:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/04/21 21:21:42 | 00,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/04/21 21:21:42 | 00,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/04/21 21:21:40 | 01,004,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/04/21 21:20:52 | 00,680,448 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/04/21 21:20:30 | 00,797,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/04/21 21:20:14 | 00,252,928 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/04/21 21:20:13 | 00,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/04/21 21:19:55 | 00,076,288 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/04/21 21:19:54 | 00,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/04/21 21:19:51 | 00,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/04/21 21:19:20 | 03,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)
SRV - [2008/11/15 08:17:00 | 00,203,296 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Windows\System32\nvvsvc.exe -- (nvsvc)
SRV - [2007/06/01 01:02:06 | 00,036,400 | ---- | M] (Lenovo) [Auto | Running] -- C:\Windows\System32\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2007/02/06 11:44:24 | 00,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)
SRV - [2006/11/27 16:44:58 | 00,386,560 | ---- | M] (Conexant Systems, Inc.) [Auto | Running] -- C:\Windows\System32\drivers\XAudio.exe -- (XAudioService)


========== Driver Services (SafeList) ==========

DRV - [2009/12/04 20:54:05 | 00,529,456 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20091205.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2009/11/09 11:20:12 | 00,207,792 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2009/11/05 14:06:13 | 00,328,752 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SYMDS.SYS -- (SymDS)
DRV - [2009/10/28 14:37:22 | 00,343,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20091217.002\IDSvix86.sys -- (IDSVix86)
DRV - [2009/10/19 22:35:50 | 00,501,888 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\ccHPx86.sys -- (ccHP)
DRV - [2009/10/14 17:50:48 | 00,339,504 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1101000.013\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2009/10/10 15:51:23 | 00,044,080 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2009/10/08 18:55:01 | 00,171,056 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SYMEFA.SYS -- (SymEFA)
DRV - [2009/10/08 18:54:25 | 00,114,736 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1101000.013\Ironx86.SYS -- (SymIRON)
DRV - [2009/10/08 18:54:10 | 00,325,168 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\System32\Drivers\NIS\1101000.013\SRTSP.SYS -- (SRTSP)
DRV - [2009/10/08 18:54:10 | 00,043,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1101000.013\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2009/09/14 18:13:16 | 00,124,976 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/08/29 01:00:00 | 01,323,568 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.004\NAVEX15.SYS -- (NAVEX15)
DRV - [2009/08/29 01:00:00 | 00,102,448 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009/08/29 01:00:00 | 00,084,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\VirusDefs\20091220.004\NAVENG.SYS -- (NAVENG)
DRV - [2009/08/26 00:00:00 | 00,371,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2009/08/08 19:18:01 | 00,106,784 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwavdt.sys -- (btwavdt)
DRV - [2009/08/08 19:18:01 | 00,084,256 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwaudio.sys -- (btwaudio)
DRV - [2009/08/08 19:18:01 | 00,029,472 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/08/08 19:18:01 | 00,017,056 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\btwrchid.sys -- (btwrchid)
DRV - [2009/05/11 08:33:48 | 00,088,832 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LenovoRd.sys -- (LenovoRd)
DRV - [2009/04/21 21:24:35 | 00,422,992 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/04/21 21:24:29 | 00,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/04/21 21:24:23 | 00,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/04/21 21:24:21 | 00,332,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/04/21 21:24:21 | 00,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/04/21 21:24:21 | 00,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/04/21 21:24:20 | 00,236,112 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/04/21 21:24:19 | 00,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/04/21 21:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/04/21 21:24:16 | 00,133,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/04/21 21:24:14 | 00,117,328 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/04/21 21:24:14 | 00,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/04/21 21:24:13 | 00,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/04/21 21:24:13 | 00,077,904 | ---- | M] (AMD) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/04/21 21:24:12 | 00,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/04/21 21:24:12 | 00,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/04/21 21:24:08 | 00,070,736 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/04/21 21:24:08 | 00,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/04/21 21:24:06 | 00,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/04/21 21:24:05 | 00,045,648 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/04/21 21:24:05 | 00,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/04/21 21:24:04 | 00,042,576 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/04/21 21:24:04 | 00,023,120 | ---- | M] (AMD) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/04/21 21:24:04 | 00,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/04/21 21:24:04 | 00,014,416 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/04/21 21:24:02 | 00,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/04/21 21:23:59 | 00,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/04/21 21:23:56 | 01,383,504 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/04/21 21:23:55 | 00,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/04/21 21:23:55 | 00,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/04/21 21:23:53 | 00,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/04/21 21:23:52 | 00,158,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/04/21 21:23:52 | 00,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/04/21 21:23:49 | 00,105,552 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/04/21 21:23:49 | 00,077,904 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/04/21 21:23:47 | 00,040,912 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/04/21 21:23:45 | 00,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/04/21 21:23:44 | 00,032,848 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/04/21 21:23:44 | 00,028,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/04/21 21:23:43 | 00,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/04/21 21:23:43 | 00,019,024 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/04/21 21:23:42 | 00,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/04/21 21:23:29 | 00,369,056 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/04/21 20:53:34 | 00,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/04/21 20:01:13 | 00,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/04/21 20:00:12 | 00,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/04/21 19:53:30 | 00,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/04/21 19:52:25 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/04/21 19:51:14 | 00,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/04/21 19:50:28 | 00,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/04/21 19:50:20 | 00,162,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/04/21 19:50:00 | 00,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/04/21 19:49:36 | 00,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/04/21 19:49:31 | 00,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/04/21 19:45:25 | 00,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/04/21 19:43:54 | 00,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/04/21 19:35:06 | 00,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/04/21 19:32:05 | 00,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Running] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/04/21 19:26:30 | 00,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/04/21 19:26:29 | 00,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/04/21 19:21:35 | 00,032,768 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/04/21 19:16:45 | 00,021,504 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HidBatt.sys -- (HidBatt)
DRV - [2009/04/21 19:13:47 | 00,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/04/21 19:10:14 | 00,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/04/21 19:08:28 | 00,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/04/21 18:52:05 | 00,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/04/21 18:51:17 | 00,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/04/21 18:51:17 | 00,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/04/21 18:51:16 | 00,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/04/21 18:51:15 | 00,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/04/21 18:51:15 | 00,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/04/21 18:11:52 | 00,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTDPV3.SYS -- (SrvHsfV92)
DRV - [2009/04/21 18:11:52 | 00,661,504 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTCNXT3.SYS -- (SrvHsfWinac)
DRV - [2009/04/21 18:11:52 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (SrvHsfHDA)
DRV - [2009/04/21 18:01:10 | 04,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel®
DRV - [2009/04/21 18:01:09 | 00,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel®
DRV - [2009/04/21 18:01:07 | 03,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/04/21 18:01:07 | 00,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/04/21 18:01:07 | 00,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/04/21 16:51:15 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\secdrv.sys -- (secdrv)
DRV - [2009/02/19 18:06:18 | 00,205,232 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2008/11/15 08:17:00 | 07,590,944 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007/10/04 15:14:44 | 00,348,160 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV - [2007/06/01 01:01:30 | 00,021,424 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2006/12/21 11:50:24 | 00,985,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/12/21 11:49:04 | 00,207,360 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/12/21 11:48:54 | 00,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/11/27 16:44:52 | 00,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/18 14:26:58 | 00,012,672 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\mdmxsdk.sys -- (mdmxsdk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/


IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://my.yahoo.com/
IE - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/defaulta.aspx
IE - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A5 5A 30 91 4D FC C9 01 [binary data]
IE - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\S-1-5-21-3070783163-1665713905-2152638740-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\IPSFFPlgn\ [2009/09/14 18:17:07 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{4C0766D3-67A7-45a3-85A2-752F77312F32}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\coFFPlgn\ [2009/09/14 18:17:08 | 00,000,000 | ---D | M]

[2009/12/14 20:37:01 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/12/14 20:37:01 | 00,000,000 | ---D | M] (Internal security) -- C:\Program Files\Mozilla Firefox\extensions\{8CE11043-9A15-4207-A565-0C94C42D590D}

O1 HOSTS File: (824 bytes) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\17.1.0.19\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsTray.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001..\Run: [Eraser] C:\Program Files\Eraser\Eraser.exe (The Eraser Project)
O4 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001..\Run: [Google Update] C:\Users\JK\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3070783163-1665713905-2152638740-1001..\Run: [RTHDBPL] C:\Users\JK\AppData\Roaming\SystemProc\lsass.exe (Microsoft Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/03/20 07:42:25 | 00,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007/08/02 16:50:36 | 00,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/19 19:50:18 | 00,000,000 | ---D | C] -- C:\Users\JK\Documents\Downloads
[2009/12/19 18:34:05 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/12/19 18:26:43 | 00,000,000 | ---D | C] -- C:\Users\JK\AppData\Roaming\Yahoo!
[2009/12/19 18:26:35 | 00,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2009/12/19 17:51:30 | 00,000,000 | ---D | C] -- C:\Program Files\ESET
[2009/12/19 17:06:29 | 09,409,992 | ---- | C] (Microsoft Corporation) -- C:\Users\JK\Desktop\windows-kb890830-v3.2.exe
[2009/12/19 16:33:12 | 00,000,000 | ---D | C] -- C:\Program Files\TrendMicro
[2009/12/18 09:57:17 | 00,195,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2009/12/15 09:06:58 | 00,000,000 | ---D | C] -- C:\Users\JK\AppData\Local\Threat Expert
[2009/12/15 09:01:20 | 00,233,136 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctgntdi.sys
[2009/12/15 09:01:20 | 00,098,600 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctwfpfilter.sys
[2009/12/15 09:01:16 | 00,207,792 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTCore.sys
[2009/12/15 09:01:16 | 00,087,784 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\PCTAppEvent.sys
[2009/12/15 09:01:09 | 00,070,408 | ---- | C] (PC Tools) -- C:\Windows\System32\drivers\pctplsg.sys
[2009/12/15 09:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Spyware Doctor
[2009/12/15 09:01:02 | 00,000,000 | ---D | C] -- C:\Users\JK\AppData\Roaming\PC Tools
[2009/12/15 09:01:02 | 00,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2009/12/15 09:01:02 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/12/15 09:00:44 | 00,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2009/12/15 08:48:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup
[2009/12/15 08:48:31 | 00,000,000 | ---D | C] -- C:\Windows\System32\drivers\NortonPCCheckup\0200010.0F6
[2009/12/15 08:48:30 | 00,000,000 | ---D | C] -- C:\Program Files\Norton PC Checkup
[2009/12/14 20:37:02 | 00,000,000 | -HSD | C] -- C:\Users\JK\AppData\Roaming\SystemProc
[2009/12/14 20:37:01 | 00,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2009/12/14 20:36:05 | 00,000,000 | ---D | C] -- C:\Users\JK\AppData\Local\CrashDumps
[2009/12/07 19:25:24 | 00,000,000 | ---D | C] -- C:\Users\JK\Desktop\Drunk
[2009/12/07 07:29:11 | 00,000,000 | ---D | C] -- C:\Users\JK\Desktop\drunken amateur gangbang with chubby girl
[2009/12/05 23:36:54 | 00,000,000 | ---D | C] -- C:\Users\JK\AppData\Local\Eraser
[2009/12/05 23:31:55 | 00,307,088 | ---- | C] (-) -- C:\Windows\System32\Eraser.dll
[2009/12/05 23:31:55 | 00,083,344 | ---- | C] (-) -- C:\Windows\System32\Erasext.dll
[2009/12/05 23:31:55 | 00,073,104 | ---- | C] (-) -- C:\Windows\System32\Eraserl.exe
[2009/12/05 23:31:54 | 00,000,000 | ---D | C] -- C:\Program Files\Eraser
[2009/12/04 17:35:04 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/12/04 17:35:03 | 00,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2009/12/04 09:05:43 | 00,000,000 | ---D | C] -- C:\Users\JK\Desktop\Best of british 4
[2009/12/03 08:09:08 | 00,000,000 | ---D | C] -- C:\Users\JK\Desktop\1st_thread
[2009/11/28 13:57:19 | 00,000,000 | ---D | C] -- C:\ProgramData\Musicnotes
[2009/11/28 13:52:22 | 00,000,000 | ---D | C] -- C:\Users\JK\Documents\Musicnotes
[2009/11/28 13:52:17 | 00,000,000 | ---D | C] -- C:\Program Files\Musicnotes
[2009/11/27 09:05:10 | 00,000,000 | ---D | C] -- C:\Program Files\Unity
[2009/11/26 09:35:51 | 00,000,000 | ---D | C] -- C:\Users\JK\Documents\P
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/20 12:48:37 | 01,572,864 | -HS- | M] () -- C:\Users\JK\NTUSER.DAT
[2009/12/20 12:34:00 | 00,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2009/12/20 11:51:01 | 00,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3070783163-1665713905-2152638740-1001UA.job
[2009/12/20 09:34:01 | 00,000,874 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2009/12/19 19:51:03 | 00,000,844 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3070783163-1665713905-2152638740-1001Core.job
[2009/12/19 18:45:50 | 00,136,376 | ---- | M] () -- C:\ProgramData\nvModes.001
[2009/12/19 18:38:57 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2009/12/19 18:38:57 | 00,013,392 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2009/12/19 18:35:56 | 00,713,888 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2009/12/19 18:35:56 | 00,615,360 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2009/12/19 18:35:56 | 00,103,702 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2009/12/19 18:31:09 | 00,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2009/12/19 18:30:51 | 00,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2009/12/19 18:30:32 | 24,019,96800 | -HS- | M] () -- C:\hiberfil.sys
[2009/12/19 18:28:36 | 03,328,931 | -H-- | M] () -- C:\Users\JK\AppData\Local\IconCache.db
[2009/12/19 18:26:36 | 00,001,835 | ---- | M] () -- C:\Users\JK\Desktop\CCleaner.lnk
[2009/12/19 17:06:29 | 09,409,992 | ---- | M] (Microsoft Corporation) -- C:\Users\JK\Desktop\windows-kb890830-v3.2.exe
[2009/12/19 16:33:12 | 00,002,947 | ---- | M] () -- C:\Users\JK\Desktop\HiJackThis.lnk
[2009/12/14 20:37:20 | 00,000,010 | ---- | M] () -- C:\confin.sys
[2009/12/03 21:42:56 | 00,006,174 | ---- | M] () -- C:\Users\JK\Documents\STMGC December 2009 Meeting Notes v1.rtf
[2009/11/30 20:51:39 | 00,295,136 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2009/11/29 08:29:45 | 00,072,448 | ---- | M] () -- C:\Users\JK\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/11/22 20:21:21 | 00,004,780 | ---- | M] () -- C:\Users\JK\Documents\STMGC November 2009 Meeting Notes v1.rtf
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/19 19:46:35 | 00,000,896 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3070783163-1665713905-2152638740-1001UA.job
[2009/12/19 19:46:35 | 00,000,844 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3070783163-1665713905-2152638740-1001Core.job
[2009/12/19 18:26:36 | 00,001,835 | ---- | C] () -- C:\Users\JK\Desktop\CCleaner.lnk
[2009/12/19 16:33:12 | 00,002,947 | ---- | C] () -- C:\Users\JK\Desktop\HiJackThis.lnk
[2009/12/15 09:01:20 | 00,007,387 | ---- | C] () -- C:\Windows\System32\drivers\pctgntdi.cat
[2009/12/15 09:01:16 | 00,007,412 | ---- | C] () -- C:\Windows\System32\drivers\PCTAppEvent.cat
[2009/12/15 09:01:16 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctcore.cat
[2009/12/15 09:01:09 | 00,007,383 | ---- | C] () -- C:\Windows\System32\drivers\pctplsg.cat
[2009/12/15 08:48:31 | 00,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NortonPCCheckup\0200010.0F6\isolate.ini
[2009/12/14 20:37:20 | 00,000,010 | ---- | C] () -- C:\confin.sys
[2009/12/10 08:25:02 | 14,300,8768 | ---- | C] () -- C:\Users\JK\Desktop\yellow shirt.avi
[2009/12/03 18:27:47 | 00,006,174 | ---- | C] () -- C:\Users\JK\Documents\STMGC December 2009 Meeting Notes v1.rtf
[2009/11/22 20:02:21 | 00,004,780 | ---- | C] () -- C:\Users\JK\Documents\STMGC November 2009 Meeting Notes v1.rtf
[2009/09/09 17:57:30 | 00,136,376 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/09/09 09:35:59 | 00,136,376 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/04/21 19:50:07 | 00,073,216 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/04/21 19:40:32 | 00,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2009/04/21 21:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\drivers\AGP440.sys
[2009/04/21 21:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_e13b2b757efc5205\AGP440.sys
[2009/04/21 21:24:12 | 00,053,328 | ---- | M] (Microsoft Corporation) MD5=7DFFC1CD425BCD998D9FDA0192383A19 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7100.0_none_2b05e59d13c6aac3\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009/04/21 21:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\drivers\atapi.sys
[2009/04/21 21:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_b27d5421375ad1cd\atapi.sys
[2009/04/21 21:24:04 | 00,021,584 | ---- | M] (Microsoft Corporation) MD5=80C40F7FDFC376E4C5FEEC28B41C119E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7100.0_none_4e2b207b769f9fe5\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009/04/21 21:20:04 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\System32\cngaudit.dll
[2009/04/21 21:20:04 | 00,012,288 | ---- | M] (Microsoft Corporation) MD5=EC9930C8CDF46295A1354256435CB5DE -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7100.0_none_5956e38684aa4f03\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009/04/21 21:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\drivers\iaStorV.sys
[2009/04/21 21:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys
[2009/04/21 21:24:21 | 00,332,368 | ---- | M] (Intel Corporation) MD5=AC958B65CDE27ADFDEC628BF7ECCEB8C -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7100.0_none_20044ad9dcddcbd8\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009/04/21 21:21:18 | 00,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\System32\netlogon.dll
[2009/04/21 21:21:18 | 00,561,152 | ---- | M] (Microsoft Corporation) MD5=A3EA8619FBBC2D270D79C241CE426618 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7100.0_none_6eaaafa48d0fb9a0\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009/04/21 21:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\drivers\nvstor.sys
[2009/04/21 21:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_4d1b6b7b67c54c8c\nvstor.sys
[2009/04/21 21:24:17 | 00,142,416 | ---- | M] (NVIDIA Corporation) MD5=93CF6F974095F7D146AA273F3BF418D7 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7100.0_none_aacdbb89141475b0\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009/04/21 21:21:47 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\System32\scecli.dll
[2009/04/21 21:21:47 | 00,175,616 | ---- | M] (Microsoft Corporation) MD5=686BAFE6AF35AF1C8D5EB536A8500430 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7100.0_none_a900dabd2e31405b\scecli.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 175 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8

< End of report >



Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: af0 Start
Time: 01ca810e1e93665c Termination Time: 0 Application Path: C:\Windows\Explorer.EXE

Report
Id: a45f2dcf-ed01-11de-aabf-00234dee7b6f

Error - 12/19/2009 10:27:25 PM | Computer Name = JK-PC | Source = Windows Search Service | ID = 3014
Description =

Error - 12/19/2009 10:43:39 PM | Computer Name = JK-PC | Source = Application Error | ID = 1000
Description = Faulting application name: lsass.exe, version: 1.0.0.1, time stamp:
0x4b27ad83 Faulting module name: ntdll.dll, version: 6.1.7100.0, time stamp: 0x49eea66e
Exception
code: 0xc0000005 Fault offset: 0x00054335 Faulting process id: 0xe68 Faulting application
start time: 0x01ca811c8a9b64c0 Faulting application path: C:\Users\JK\AppData\Roaming\SystemProc\lsass.exe
Faulting
module path: C:\Windows\SYSTEM32\ntdll.dll Report Id: 7a169fab-ed11-11de-ab25-00234dee7b6f

[ System Events ]
Error - 12/18/2009 12:21:03 AM | Computer Name = JK-PC | Source = bowser | ID = 8003
Description =

Error - 12/18/2009 6:01:03 PM | Computer Name = JK-PC | Source = volsnap | ID = 393245
Description = The shadow copies of volume C: were aborted during detection.

Error - 12/18/2009 6:02:28 PM | Computer Name = JK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/18/2009 6:08:49 PM | Computer Name = JK-PC | Source = bowser | ID = 8003
Description =

Error - 12/19/2009 6:44:46 PM | Computer Name = JK-PC | Source = bowser | ID = 8003
Description =

Error - 12/19/2009 8:48:37 PM | Computer Name = JK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/19/2009 8:49:29 PM | Computer Name = JK-PC | Source = DCOM | ID = 10010
Description =

Error - 12/19/2009 8:56:52 PM | Computer Name = JK-PC | Source = bowser | ID = 8003
Description =

Error - 12/19/2009 10:31:48 PM | Computer Name = JK-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cdrom

Error - 12/19/2009 10:32:48 PM | Computer Name = JK-PC | Source = bowser | ID = 8003
Description =


< End of report >

BC AdBot (Login to Remove)

 


#2 JonnyGolf

JonnyGolf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 21 December 2009 - 08:26 PM

Just some more info on this - it looks like there's quite a few with the same issue.

I scanned my drive from a different OS and Norton 360 indicated that drive was infected in atapi.sys and browser cache with Backdoor.Tidserv.I!inf.

I'm not sure how I'll clean or if I'll try to restore atapi.sys. Symantec isn't providing real great help on this issue.

Edited by Orange Blossom, 21 October 2010 - 09:22 PM.
Removed no longer relevant content. ~ OB


#3 JonnyGolf

JonnyGolf
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:10:20 PM

Posted 22 December 2009 - 12:49 PM

So, I've fixed the issue. It was an infected atapi.sys that I scanned while I was in a different OS (I've got a 2nd bootable drive that replaces my DVD in my notebook). Somehow, when I scanned in Win7 (prolly 6 different scanners), it didn't show up as infected. You can see that in the above scan (search for atapi.sys), the hash is correct to the original Microsoft file. However, gmer indicated that it was suspicious and I've seen that on quite a few of the similar posts.


In XP, I wasn't able to delete the file, even if I used FileAssassin. I ended up going into file properties - security - advanced and giving myself full access to the file and I finally deleted it (with help from mystis? in BC chat) and restored the good file from a different location. Then, I rebooted into safe mode on the infected OS and used CCCleaner to dump all my temp files because Norton 360 indicated that is where the infection was also located.

So, there you go. That's what did it for me. No more redirects - case closed!

#4 garmanma

garmanma

    Computer Masochist


  • Staff Emeritus
  • 27,809 posts
  • OFFLINE
  •  
  • Location:Cleveland, Ohio
  • Local time:11:20 PM

Posted 29 December 2009 - 08:33 PM

Topic is closed
Have a good day
Mark
Posted Image
why won't my laptop work?

Having grandkids is God's way of giving you a 2nd chance because you were too busy working your butt off the 1st time around
Do not send me PMs with problems that should be posted in the forums. Keep it in the forums, so everyone benefits
Become a BleepingComputer fan: Facebook and Twitter




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users