Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32.Delf.uv


  • This topic is locked This topic is locked
21 replies to this topic

#1 jc6498

jc6498

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 04 March 2011 - 07:49 PM

My son's computer was experiencing fake infection alerts. Something called Internet Security Essentials was showing up as installed but was not shown in the Add/Remove Programs list. Any attempt to use the internet was blocked and malware removal programs would not run. Right clicking on the Internet Security Essentials link in the Start button area gave me an option to open the target folder. It showed in a subfolder under c:/programdata called ffOble, yet when I open programdata, there was no such subfolder shown. In the subfolder ffOble there was a file called isffO_302.exe. I tried several times to open the Task Manager and was blocked. I could not even shut down the computer, I had to force it off. I then started the Task Manager as soon as I could after restarting and found a process with the same isffo name, so I ended it and finally got control of the computer. I ran both Malwarebytes Anti Malware and Spybot, Spybot reported Win32.Delf.uv Trojan. Both programs would attempt to clean but after the reboot, the infection would come back. Eventually I was able to start the malware cleaners quickly enough that I could do an update and eventually Malwarebyte, Spybot and the resident security program Microsoft Security Essentials no longer find anything during full scans. However, I am now experiencing Google search redirection, and have entries in the event log about Microsoft antimalware being unable to run. Need your expertise on how to get the residule stuff cleaned out. The two files from DDR are provided. I have Win 7 64 bit so did not run GMER.

Thanks!

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Cory at 17:07:34.87 on Fri 03/04/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6335 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cory\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mabinogi.nexon.net/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
IFEO-X64: image file execution options - svchost.exe
IFEO-X64: OLT.exe - svchost.exe
Hosts: 96.44.181.245 www.google.com
Hosts: 96.44.181.245 google.com
Hosts: 96.44.181.245 google.com.au
Hosts: 96.44.181.245 www.google.com.au
Hosts: 96.44.181.245 google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-7 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-7 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-26 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-7 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-26 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-7 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-7 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-10-7 321064]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-7 158976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
.
=============== Created Last 30 ================
.
2011-03-04 00:53:42 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{810A457C-4283-4214-AE45-C43F4F0C7FD1}\mpengine.dll
2011-02-28 01:16:27 -------- d-----w- C:\Users\Cory\AppData\Roaming\Malwarebytes
2011-02-28 01:16:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-28 01:16:23 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-28 01:16:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-28 01:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-27 20:48:20 -------- d-sh--w- C:\Users\Cory\AppData\Roaming\Internet Security Essentials
2011-02-27 20:47:13 -------- d-sh--w- C:\PROGRA~3\ISQWPQECLE
2011-02-27 20:46:39 -------- d-sh--w- C:\PROGRA~3\ff0b1e
2011-02-23 04:14:11 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 04:14:11 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 00:54:07 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 00:54:07 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 00:54:07 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 00:54:06 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-14 23:26:06 -------- d-----w- C:\Users\Cory\AppData\Roaming\.minecraft - Copy
2011-02-13 18:18:59 -------- d-----w- C:\Users\Cory\AppData\Roaming\SPORE
2011-02-13 18:17:14 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-02-13 18:17:01 -------- d-----w- C:\Users\Cory\AppData\Local\Downloaded Installations
2011-02-13 15:28:11 -------- d-----w- C:\Users\Cory\AppData\Local\Google
2011-02-13 15:27:56 -------- d-----w- C:\Users\Cory\AppData\Local\Deployment
2011-02-13 15:27:56 -------- d-----w- C:\Users\Cory\AppData\Local\Apps
2011-02-09 00:44:54 714752 ----a-w- C:\Windows\System32\kerberos.dll
2011-02-07 04:03:20 230400 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzppw71.dll
.
==================== Find3M ====================
.
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-23 05:22:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 17:08:16.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Casey_boy

Casey_boy

    Bleeping physicist


  • Malware Response Team
  • 7,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:02:23 PM

Posted 12 March 2011 - 11:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.

Casey

If I have been helping you and I do not reply within 48hours, feel free to send me a PM.


* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *


#3 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 March 2011 - 05:08 AM

Thanks for the reply, yes I still need help.

I do not have the Windows CD. It is Windows 7 64 bit.

In addition to the problems I discribed in my original post, I am unable to get the drop down on this site to work, the one you click on to access your profile, nor can I get any of the search fields on the site to work correctly. I am having to use a different computer and a thumb drive because I could not get to my post unless I scrolled through the list.

I did not use GMER because of the 64 bit.

Here are the updated logs:

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Cory at 2:55:49.52 on Sun 03/13/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.8151.6315 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\SftVss64.exe
C:\Windows\System32\vds.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cory\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mabinogi.nexon.net/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: image file execution options - svchost.exe
IFEO: OLT.exe - svchost.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
IFEO-X64: image file execution options - svchost.exe
IFEO-X64: OLT.exe - svchost.exe
Hosts: 96.44.181.245 www.google.com
Hosts: 96.44.181.245 google.com
Hosts: 96.44.181.245 google.com.au
Hosts: 96.44.181.245 www.google.com.au
Hosts: 96.44.181.245 google.be
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-7 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-7 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-26 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-7 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-26 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-7 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-7 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-10-7 321064]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-7 158976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
.
=============== Created Last 30 ================
.
2011-03-13 09:48:56 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{73281EC9-4EEC-46A9-8993-F952DDF8C5F0}\mpengine.dll
2011-02-28 01:16:27 -------- d-----w- C:\Users\Cory\AppData\Roaming\Malwarebytes
2011-02-28 01:16:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-28 01:16:23 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-28 01:16:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-28 01:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-27 20:48:20 -------- d-sh--w- C:\Users\Cory\AppData\Roaming\Internet Security Essentials
2011-02-27 20:47:13 -------- d-sh--w- C:\PROGRA~3\ISQWPQECLE
2011-02-27 20:46:39 -------- d-sh--w- C:\PROGRA~3\ff0b1e
2011-02-23 04:14:11 367104 ----a-w- C:\Windows\System32\wcncsvc.dll
2011-02-23 04:14:11 276992 ----a-w- C:\Windows\SysWow64\wcncsvc.dll
2011-02-23 00:54:07 662528 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 00:54:07 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 00:54:07 442880 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 00:54:06 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-14 23:26:06 -------- d-----w- C:\Users\Cory\AppData\Roaming\.minecraft - Copy
2011-02-13 18:18:59 -------- d-----w- C:\Users\Cory\AppData\Roaming\SPORE
2011-02-13 18:17:14 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-02-13 18:17:01 -------- d-----w- C:\Users\Cory\AppData\Local\Downloaded Installations
2011-02-13 15:28:11 -------- d-----w- C:\Users\Cory\AppData\Local\Google
2011-02-13 15:27:56 -------- d-----w- C:\Users\Cory\AppData\Local\Deployment
2011-02-13 15:27:56 -------- d-----w- C:\Users\Cory\AppData\Local\Apps
.
==================== Find3M ====================
.
2011-01-26 06:53:10 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-01-26 06:53:10 265088 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2011-01-26 06:31:20 144384 ----a-w- C:\Windows\System32\cdd.dll
2011-01-23 05:22:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 06:20:30 612352 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 05:37:33 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
2010-12-21 06:16:27 97280 ----a-w- C:\Windows\System32\wscsvc.dll
2010-12-21 06:16:27 62976 ----a-w- C:\Windows\System32\wscapi.dll
2010-12-21 06:16:16 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-21 06:16:14 442880 ----a-w- C:\Windows\System32\winhttp.dll
2010-12-21 06:16:14 1197056 ----a-w- C:\Windows\System32\wininet.dll
2010-12-21 06:16:09 258048 ----a-w- C:\Windows\System32\WebClnt.dll
2010-12-21 06:15:55 264192 ----a-w- C:\Windows\System32\upnp.dll
2010-12-21 06:15:31 15360 ----a-w- C:\Windows\System32\slwga.dll
2010-12-21 06:13:03 2003968 ----a-w- C:\Windows\System32\msxml6.dll
2010-12-21 06:13:03 1880576 ----a-w- C:\Windows\System32\msxml3.dll
2010-12-21 06:10:22 100864 ----a-w- C:\Windows\System32\davclnt.dll
2010-12-21 05:38:24 51200 ----a-w- C:\Windows\SysWow64\wscapi.dll
2010-12-21 05:38:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-12-21 05:38:22 350720 ----a-w- C:\Windows\SysWow64\winhttp.dll
2010-12-21 05:38:21 204800 ----a-w- C:\Windows\SysWow64\WebClnt.dll
2010-12-21 05:38:19 204288 ----a-w- C:\Windows\SysWow64\upnp.dll
2010-12-21 05:38:16 14336 ----a-w- C:\Windows\SysWow64\slwga.dll
2010-12-21 05:36:17 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll
2010-12-21 05:36:16 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2010-12-21 05:34:12 80384 ----a-w- C:\Windows\SysWow64\davclnt.dll
2010-12-18 06:11:41 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-12-18 06:11:34 714752 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-18 05:29:40 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-12-18 05:29:31 541184 ----a-w- C:\Windows\SysWow64\kerberos.dll
2010-12-18 04:55:03 482816 ----a-w- C:\Windows\System32\html.iec
2010-12-18 04:20:55 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-12-18 04:13:40 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-12-18 03:47:59 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
.
============= FINISH: 2:56:14.33 ===============

Attached Files



#4 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 13 March 2011 - 06:49 AM

Hi jc6498, and welcome to Bleeping Computer.

Firstly,
  • Download TDSSKiller.zip and extract TDSSKiller.exe to your Desktop.
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
Posted Image

  • If Malicious objects are found, ensure Cure is selected (it should be by default).
  • Click Continue then click Reboot now.
  • Once complete, a log will be produced at the root drive which is typically C:\

    For example, C:\TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Please post that log here.

Secondly,
Download OTL.com by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#5 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 13 March 2011 - 05:33 PM

Thank you so much for your assistance.


2011/03/13 15:06:08.0308 1364 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/13 15:06:08.0324 1364 ================================================================================
2011/03/13 15:06:08.0324 1364 SystemInfo:
2011/03/13 15:06:08.0324 1364
2011/03/13 15:06:08.0324 1364 OS Version: 6.1.7600 ServicePack: 0.0
2011/03/13 15:06:08.0324 1364 Product type: Workstation
2011/03/13 15:06:08.0324 1364 ComputerName: CORY-PC
2011/03/13 15:06:08.0324 1364 UserName: Cory
2011/03/13 15:06:08.0324 1364 Windows directory: C:\Windows
2011/03/13 15:06:08.0324 1364 System windows directory: C:\Windows
2011/03/13 15:06:08.0324 1364 Running under WOW64
2011/03/13 15:06:08.0324 1364 Processor architecture: Intel x64
2011/03/13 15:06:08.0324 1364 Number of processors: 8
2011/03/13 15:06:08.0324 1364 Page size: 0x1000
2011/03/13 15:06:08.0324 1364 Boot type: Normal boot
2011/03/13 15:06:08.0324 1364 ================================================================================
2011/03/13 15:06:08.0511 1364 Initialize success
2011/03/13 15:06:16.0420 1564 ================================================================================
2011/03/13 15:06:16.0420 1564 Scan started
2011/03/13 15:06:16.0420 1564 Mode: Manual;
2011/03/13 15:06:16.0420 1564 ================================================================================
2011/03/13 15:06:16.0592 1564 1394ohci (969c91060cbb5d17cb8440b5f78b4c51) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/03/13 15:06:16.0623 1564 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/03/13 15:06:16.0670 1564 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/03/13 15:06:16.0717 1564 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/03/13 15:06:16.0732 1564 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/03/13 15:06:16.0748 1564 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/03/13 15:06:16.0795 1564 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/03/13 15:06:16.0810 1564 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/03/13 15:06:16.0842 1564 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/03/13 15:06:16.0873 1564 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/03/13 15:06:16.0904 1564 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/03/13 15:06:17.0076 1564 amdkmdag (522a8bd1414cc7517faec907f138db9c) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/03/13 15:06:17.0263 1564 amdkmdap (f712c26d40bf3cd2c020bb518e8150b1) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/03/13 15:06:17.0278 1564 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/03/13 15:06:17.0310 1564 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/03/13 15:06:17.0325 1564 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/03/13 15:06:17.0356 1564 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/03/13 15:06:17.0372 1564 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/03/13 15:06:17.0419 1564 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/03/13 15:06:17.0434 1564 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/03/13 15:06:17.0450 1564 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/03/13 15:06:17.0497 1564 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/03/13 15:06:17.0559 1564 athr (e0fabc10635c670bd7d89fd214a405d7) C:\Windows\system32\DRIVERS\athrx.sys
2011/03/13 15:06:17.0637 1564 AtiHdmiService (77c149e6d702737b2e372dee166faef8) C:\Windows\system32\drivers\AtiHdmi.sys
2011/03/13 15:06:17.0700 1564 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/03/13 15:06:17.0731 1564 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/03/13 15:06:17.0793 1564 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/03/13 15:06:17.0840 1564 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/03/13 15:06:17.0887 1564 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/03/13 15:06:17.0918 1564 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/03/13 15:06:17.0918 1564 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/03/13 15:06:17.0949 1564 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/03/13 15:06:17.0980 1564 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/03/13 15:06:17.0996 1564 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/03/13 15:06:18.0012 1564 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/03/13 15:06:18.0027 1564 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/03/13 15:06:18.0058 1564 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/03/13 15:06:18.0090 1564 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/03/13 15:06:18.0105 1564 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/03/13 15:06:18.0152 1564 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/03/13 15:06:18.0214 1564 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/03/13 15:06:18.0246 1564 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/03/13 15:06:18.0292 1564 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/03/13 15:06:18.0339 1564 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/03/13 15:06:18.0355 1564 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/03/13 15:06:18.0417 1564 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/03/13 15:06:18.0480 1564 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/03/13 15:06:18.0511 1564 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/03/13 15:06:18.0542 1564 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/03/13 15:06:18.0604 1564 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/03/13 15:06:18.0651 1564 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/03/13 15:06:18.0714 1564 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/03/13 15:06:18.0807 1564 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/03/13 15:06:18.0823 1564 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/03/13 15:06:18.0854 1564 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/03/13 15:06:18.0870 1564 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/03/13 15:06:18.0901 1564 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/03/13 15:06:18.0916 1564 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/03/13 15:06:18.0932 1564 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/03/13 15:06:18.0948 1564 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/03/13 15:06:18.0979 1564 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/03/13 15:06:19.0010 1564 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/03/13 15:06:19.0026 1564 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/03/13 15:06:19.0057 1564 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/03/13 15:06:19.0088 1564 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/03/13 15:06:19.0135 1564 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/03/13 15:06:19.0166 1564 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/03/13 15:06:19.0213 1564 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/03/13 15:06:19.0244 1564 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
2011/03/13 15:06:19.0275 1564 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/03/13 15:06:19.0291 1564 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/03/13 15:06:19.0322 1564 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/03/13 15:06:19.0369 1564 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/03/13 15:06:19.0400 1564 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/03/13 15:06:19.0431 1564 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/03/13 15:06:19.0478 1564 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/03/13 15:06:19.0494 1564 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/03/13 15:06:19.0525 1564 iaStor (631fa8935163b01fc0c02966cb3adb92) C:\Windows\system32\DRIVERS\iaStor.sys
2011/03/13 15:06:19.0556 1564 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/03/13 15:06:19.0618 1564 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/03/13 15:06:19.0650 1564 Impcd (dd587a55390ed2295bce6d36ad567da9) C:\Windows\system32\DRIVERS\Impcd.sys
2011/03/13 15:06:19.0728 1564 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
2011/03/13 15:06:19.0774 1564 IntcDAud (58cf58dee26c909bd6f977b61d246295) C:\Windows\system32\DRIVERS\IntcDAud.sys
2011/03/13 15:06:19.0806 1564 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/03/13 15:06:19.0837 1564 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/03/13 15:06:19.0868 1564 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/03/13 15:06:19.0884 1564 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/03/13 15:06:19.0899 1564 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/03/13 15:06:19.0930 1564 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/03/13 15:06:19.0946 1564 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/03/13 15:06:19.0977 1564 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/03/13 15:06:20.0008 1564 k57nd60a (9d7ea8c7215d8d4ae7be110eee61085d) C:\Windows\system32\DRIVERS\k57nd60a.sys
2011/03/13 15:06:20.0040 1564 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/03/13 15:06:20.0055 1564 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/03/13 15:06:20.0071 1564 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/03/13 15:06:20.0102 1564 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/03/13 15:06:20.0133 1564 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/03/13 15:06:20.0180 1564 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/03/13 15:06:20.0227 1564 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/03/13 15:06:20.0242 1564 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/03/13 15:06:20.0258 1564 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/03/13 15:06:20.0274 1564 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/03/13 15:06:20.0289 1564 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/03/13 15:06:20.0320 1564 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/03/13 15:06:20.0336 1564 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/03/13 15:06:20.0352 1564 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/03/13 15:06:20.0383 1564 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/03/13 15:06:20.0398 1564 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/03/13 15:06:20.0430 1564 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/03/13 15:06:20.0445 1564 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/03/13 15:06:20.0492 1564 MpFilter (e6ba8e5a4a871899e23d64573ef58ee9) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/03/13 15:06:20.0523 1564 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/03/13 15:06:20.0554 1564 MpNWMon (98b09a4f2c462441030b83a80a3f6fb3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/03/13 15:06:20.0554 1564 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/03/13 15:06:20.0586 1564 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/03/13 15:06:20.0601 1564 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/03/13 15:06:20.0632 1564 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/03/13 15:06:20.0648 1564 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/03/13 15:06:20.0695 1564 msahci (bccf16d5fb1109162380e3e28dc9e4e5) C:\Windows\system32\DRIVERS\msahci.sys
2011/03/13 15:06:20.0710 1564 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/03/13 15:06:20.0742 1564 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/03/13 15:06:20.0757 1564 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/03/13 15:06:20.0773 1564 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/03/13 15:06:20.0804 1564 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/03/13 15:06:20.0851 1564 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/03/13 15:06:20.0866 1564 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/03/13 15:06:20.0898 1564 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/03/13 15:06:20.0913 1564 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/03/13 15:06:20.0944 1564 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/03/13 15:06:20.0960 1564 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/03/13 15:06:20.0976 1564 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/03/13 15:06:21.0038 1564 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/03/13 15:06:21.0100 1564 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/03/13 15:06:21.0147 1564 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/03/13 15:06:21.0194 1564 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/03/13 15:06:21.0225 1564 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/03/13 15:06:21.0256 1564 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/03/13 15:06:21.0272 1564 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/03/13 15:06:21.0288 1564 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/03/13 15:06:21.0319 1564 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/03/13 15:06:21.0381 1564 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/03/13 15:06:21.0412 1564 NisDrv (3713e8452b88d3e0be095e06b6fbc776) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
2011/03/13 15:06:21.0444 1564 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/03/13 15:06:21.0522 1564 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/03/13 15:06:21.0568 1564 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/03/13 15:06:21.0631 1564 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/03/13 15:06:21.0662 1564 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/03/13 15:06:21.0693 1564 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/03/13 15:06:21.0709 1564 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/03/13 15:06:21.0740 1564 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/03/13 15:06:21.0787 1564 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/03/13 15:06:21.0818 1564 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/03/13 15:06:21.0849 1564 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/03/13 15:06:21.0880 1564 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/03/13 15:06:21.0912 1564 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/03/13 15:06:21.0927 1564 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/03/13 15:06:21.0958 1564 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/03/13 15:06:22.0036 1564 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/03/13 15:06:22.0052 1564 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/03/13 15:06:22.0083 1564 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/03/13 15:06:22.0114 1564 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/03/13 15:06:22.0161 1564 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/03/13 15:06:22.0208 1564 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/03/13 15:06:22.0239 1564 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/03/13 15:06:22.0270 1564 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/03/13 15:06:22.0302 1564 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/03/13 15:06:22.0333 1564 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/03/13 15:06:22.0348 1564 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/03/13 15:06:22.0395 1564 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/03/13 15:06:22.0426 1564 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/03/13 15:06:22.0442 1564 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/03/13 15:06:22.0458 1564 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/03/13 15:06:22.0473 1564 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/03/13 15:06:22.0504 1564 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/03/13 15:06:22.0536 1564 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/03/13 15:06:22.0567 1564 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/03/13 15:06:22.0614 1564 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/03/13 15:06:22.0645 1564 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/03/13 15:06:22.0676 1564 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/03/13 15:06:22.0707 1564 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/03/13 15:06:22.0738 1564 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/03/13 15:06:22.0754 1564 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/03/13 15:06:22.0770 1564 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/03/13 15:06:22.0816 1564 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/03/13 15:06:22.0832 1564 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/03/13 15:06:22.0848 1564 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/03/13 15:06:22.0863 1564 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/03/13 15:06:22.0910 1564 Sftfs (72cd52403efc137290cb5a328510ebca) C:\Windows\system32\DRIVERS\Sftfslh.sys
2011/03/13 15:06:22.0988 1564 Sftplay (31a36ef71af36eabcc4b4f8ab8f76465) C:\Windows\system32\DRIVERS\Sftplaylh.sys
2011/03/13 15:06:23.0035 1564 Sftredir (2d969194fcc8eb41ed1d52863bfe7f52) C:\Windows\system32\DRIVERS\Sftredirlh.sys
2011/03/13 15:06:23.0082 1564 Sftvol (08b36d2f63af3ca2248458a4280c0c50) C:\Windows\system32\DRIVERS\Sftvollh.sys
2011/03/13 15:06:23.0144 1564 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/03/13 15:06:23.0175 1564 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/03/13 15:06:23.0206 1564 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/03/13 15:06:23.0284 1564 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/03/13 15:06:23.0362 1564 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/03/13 15:06:23.0409 1564 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/03/13 15:06:23.0440 1564 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/03/13 15:06:23.0472 1564 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/03/13 15:06:23.0503 1564 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/03/13 15:06:23.0581 1564 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/03/13 15:06:23.0659 1564 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/03/13 15:06:23.0690 1564 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/03/13 15:06:23.0721 1564 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/03/13 15:06:23.0737 1564 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/03/13 15:06:23.0752 1564 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/03/13 15:06:23.0768 1564 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/03/13 15:06:23.0815 1564 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/03/13 15:06:23.0862 1564 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/03/13 15:06:23.0893 1564 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/03/13 15:06:23.0924 1564 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
2011/03/13 15:06:23.0971 1564 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/03/13 15:06:24.0002 1564 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/03/13 15:06:24.0033 1564 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/03/13 15:06:24.0080 1564 USBAAPL64 (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
2011/03/13 15:06:24.0127 1564 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/03/13 15:06:24.0142 1564 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/03/13 15:06:24.0189 1564 usbehci (cb490987a7f6928a04bb838e3bd8a936) C:\Windows\system32\DRIVERS\usbehci.sys
2011/03/13 15:06:24.0220 1564 usbhub (18124ef0a881a00ee222d02a3ee30270) C:\Windows\system32\DRIVERS\usbhub.sys
2011/03/13 15:06:24.0252 1564 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/03/13 15:06:24.0283 1564 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/03/13 15:06:24.0298 1564 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/03/13 15:06:24.0314 1564 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/03/13 15:06:24.0345 1564 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/03/13 15:06:24.0376 1564 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/03/13 15:06:24.0392 1564 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/03/13 15:06:24.0423 1564 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/03/13 15:06:24.0439 1564 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/03/13 15:06:24.0454 1564 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/03/13 15:06:24.0486 1564 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/03/13 15:06:24.0517 1564 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/03/13 15:06:24.0548 1564 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/03/13 15:06:24.0579 1564 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/03/13 15:06:24.0610 1564 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/03/13 15:06:24.0626 1564 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/03/13 15:06:24.0642 1564 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/13 15:06:24.0657 1564 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/03/13 15:06:24.0688 1564 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/03/13 15:06:24.0720 1564 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/03/13 15:06:24.0782 1564 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/03/13 15:06:24.0829 1564 WimFltr (b14ef15bd757fa488f9c970eee9c0d35) C:\Windows\system32\DRIVERS\wimfltr.sys
2011/03/13 15:06:24.0860 1564 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/03/13 15:06:24.0891 1564 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/03/13 15:06:24.0938 1564 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/03/13 15:06:24.0969 1564 WudfPf (c63907207b837a5c05cf6d1606aa0008) C:\Windows\system32\drivers\WudfPf.sys
2011/03/13 15:06:25.0016 1564 WUDFRd (d885a873d733020f8b9b9ff4b1666158) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/03/13 15:06:25.0094 1564 ================================================================================
2011/03/13 15:06:25.0094 1564 Scan finished
2011/03/13 15:06:25.0094 1564 ================================================================================
2011/03/13 15:07:04.0593 4288 Deinitialize success










OTL logfile created on: 3/13/2011 3:13:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Cory\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.20 Gb Total Space | 1306.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS
Drive I: | 978.72 Mb Total Space | 978.64 Mb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/13 15:02:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cory\Desktop\OTL.com
PRC - [2010/05/21 10:00:52 | 000,783,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
PRC - [2010/05/21 09:59:12 | 001,760,064 | ---- | M] (SoftThinks - Dell) -- C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
PRC - [2010/05/21 09:58:30 | 000,673,088 | ---- | M] (SoftThinks) -- C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
PRC - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/02/09 11:34:00 | 001,807,680 | ---- | M] () -- C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
PRC - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/10/02 11:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/07/17 14:07:58 | 000,237,568 | ---- | M] (Alcor Micro Corp.) -- C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
PRC - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
PRC - [2009/05/05 03:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
PRC - [2009/05/05 03:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/03/13 15:02:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cory\Desktop\OTL.com
MOD - [2010/08/20 22:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/10/26 19:51:36 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 18:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/06/09 07:11:14 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2010/10/07 11:41:46 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/10/07 11:27:22 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2010/05/21 09:58:30 | 000,673,088 | ---- | M] (SoftThinks) [Auto | Running] -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE -- (SftService)
SRV - [2010/04/24 01:10:34 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:28 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/02 11:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel®
SRV - [2009/09/18 02:54:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009/06/26 09:19:12 | 001,124,848 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe -- (RoxMediaDB10)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/21 06:59:08 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2009/05/05 03:39:18 | 000,206,064 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe -- (sprtsvc_DellComms) SupportSoft Sprocket Service (DellComms)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/26 21:00:14 | 008,012,288 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/10/26 19:14:22 | 000,287,232 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/04/24 01:10:32 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010/04/24 01:10:28 | 000,269,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010/04/24 01:10:28 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010/04/24 01:10:20 | 000,721,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2010/02/26 16:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010/02/03 06:38:30 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel®
DRV:64bit: - [2010/01/28 23:33:38 | 000,116,736 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/10/16 04:32:24 | 000,321,064 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/10/02 13:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 13:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel®
DRV:64bit: - [2009/07/13 18:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 18:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/09 03:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/06/10 13:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 16:10:10 | 001,478,144 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2006/11/01 10:51:00 | 000,151,656 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2009/06/26 08:27:28 | 000,065,520 | ---- | M] (Sonic Solutions) [File_System | System | Stopped] -- C:\Windows\SysWOW64\drivers\RxFilter.sys -- (RxFilter)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mabinogi.nexon.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


[2010/12/18 10:21:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Cory\AppData\Roaming\Mozilla\Extensions

O1 HOSTS File: ([2011/02/27 14:39:43 | 000,002,177 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 96.44.181.245 www.google.com
O1 - Hosts: 96.44.181.245 google.com
O1 - Hosts: 96.44.181.245 google.com.au
O1 - Hosts: 96.44.181.245 www.google.com.au
O1 - Hosts: 96.44.181.245 google.be
O1 - Hosts: 96.44.181.245 www.google.be
O1 - Hosts: 96.44.181.245 google.com.br
O1 - Hosts: 96.44.181.245 www.google.com.br
O1 - Hosts: 96.44.181.245 google.ca
O1 - Hosts: 96.44.181.245 www.google.ca
O1 - Hosts: 96.44.181.245 google.ch
O1 - Hosts: 96.44.181.245 www.google.ch
O1 - Hosts: 96.44.181.245 google.de
O1 - Hosts: 96.44.181.245 www.google.de
O1 - Hosts: 96.44.181.245 google.dk
O1 - Hosts: 96.44.181.245 www.google.dk
O1 - Hosts: 96.44.181.245 google.fr
O1 - Hosts: 96.44.181.245 www.google.fr
O1 - Hosts: 96.44.181.245 google.ie
O1 - Hosts: 96.44.181.245 www.google.ie
O1 - Hosts: 96.44.181.245 google.it
O1 - Hosts: 96.44.181.245 www.google.it
O1 - Hosts: 96.44.181.245 google.co.jp
O1 - Hosts: 96.44.181.245 www.google.co.jp
O1 - Hosts: 96.44.181.245 google.nl
O1 - Hosts: 22 more lines...
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Dell DataSafe Online] C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe ()
O4 - HKLM..\Run: [DellComms] C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe (Alcor Micro Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
O4 - HKLM..\RunOnce: [DSUpdateLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe (Dell)
O4 - HKLM..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe (Softthinks)
O4 - HKLM..\RunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\ToasterLauncher.exe ()
O4 - HKLM..\RunOnceEx: [ContentMerger] c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\ContentMerger10.exe (Sonic Solutions)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O27:64bit: - HKLM IFEO\OLT.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*


Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011/03/13 15:03:43 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Cory\Desktop\OTL.com
[2011/03/13 03:00:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2011/03/13 02:42:43 | 001,118,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sbe.dll
[2011/03/13 02:42:43 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2011/03/13 02:42:43 | 000,850,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\sbe.dll
[2011/03/13 02:42:43 | 000,723,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/03/13 02:42:43 | 000,642,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2011/03/13 02:42:43 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/03/13 02:42:43 | 000,259,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2011/03/13 02:42:42 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2011/03/13 02:42:41 | 003,138,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2011/03/13 02:42:41 | 002,690,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2011/03/13 02:42:40 | 001,097,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2011/03/13 02:42:40 | 001,034,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2011/03/10 12:27:50 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Cory\Desktop\TDSSKiller.exe
[2011/02/27 18:16:27 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\Malwarebytes
[2011/02/27 18:16:24 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/02/27 18:16:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/27 18:16:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/02/27 18:16:21 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/02/27 18:16:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/02/27 13:48:20 | 000,000,000 | -HSD | C] -- C:\Users\Cory\AppData\Roaming\Internet Security Essentials
[2011/02/27 13:47:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISQWPQECLE
[2011/02/27 13:46:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\ff0b1e
[2011/02/22 17:54:07 | 000,662,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsPrint.dll
[2011/02/22 17:54:07 | 000,475,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsGdiConverter.dll
[2011/02/22 17:54:07 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsPrint.dll
[2011/02/22 17:54:06 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsGdiConverter.dll
[2011/02/19 09:04:56 | 000,000,000 | ---D | C] -- C:\Users\Cory\Documents\MCEdit-schematics
[2011/02/17 21:56:53 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\WinRAR
[2011/02/17 21:56:35 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/17 21:56:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/02/17 21:55:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2011/02/14 17:09:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2011/02/14 17:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2011/02/14 16:26:06 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\.minecraft - Copy
[2011/02/13 11:18:59 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\SPORE
[2011/02/13 11:18:55 | 000,000,000 | RH-D | C] -- C:\Users\Cory\AppData\Roaming\SecuROM
[2011/02/13 11:17:01 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Downloaded Installations
[2011/02/13 11:06:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2011/02/13 08:29:28 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/02/13 08:28:11 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Google
[2011/02/13 08:27:56 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Deployment
[2011/02/13 08:27:56 | 000,000,000 | ---D | C] -- C:\Users\Cory\AppData\Local\Apps

========== Files - Modified Within 30 Days ==========

[2011/03/13 15:08:37 | 000,730,554 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/03/13 15:08:37 | 000,626,484 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/03/13 15:08:37 | 000,107,502 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/03/13 15:02:38 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Cory\Desktop\OTL.com
[2011/03/13 15:02:02 | 001,263,721 | ---- | M] () -- C:\Users\Cory\Desktop\tdsskiller.zip
[2011/03/13 14:33:05 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934272046-1000940707-946665727-1001UA.job
[2011/03/13 12:22:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 12:22:06 | 000,014,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/03/13 12:14:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/03/13 12:14:36 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 02:54:30 | 000,625,664 | ---- | M] () -- C:\Users\Cory\Desktop\dds.scr
[2011/03/10 12:27:50 | 001,377,112 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Cory\Desktop\TDSSKiller.exe
[2011/03/04 16:39:05 | 000,000,000 | ---- | M] () -- C:\Users\Cory\defogger_reenable
[2011/03/04 16:37:47 | 000,050,477 | ---- | M] () -- C:\Users\Cory\Desktop\Defogger.exe
[2011/03/02 17:46:02 | 000,001,259 | ---- | M] () -- C:\Users\Cory\Desktop\Bukkit.lnk
[2011/03/02 17:43:34 | 000,001,475 | ---- | M] () -- C:\Users\Cory\Desktop\Minecraft.lnk
[2011/03/02 17:26:39 | 000,000,359 | ---- | M] () -- C:\Users\Cory\Desktop\Recycle Bin - Shortcut.lnk
[2011/02/27 14:39:43 | 000,002,177 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110303-175618.backup
[2011/02/27 14:39:43 | 000,002,177 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/02/25 14:15:00 | 000,001,182 | ---- | M] () -- C:\Users\Cory\Desktop\ Mabinogi .lnk
[2011/02/20 13:10:17 | 000,001,359 | ---- | M] () -- C:\Users\Cory\Documents\mcedit.ini
[2011/02/19 08:33:00 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934272046-1000940707-946665727-1001Core.job
[2011/02/14 17:34:56 | 000,329,876 | ---- | M] () -- C:\Users\Cory\Documents\Minecraft Mod Manager.jar
[2011/02/13 11:17:14 | 000,001,240 | ---- | M] () -- C:\Windows\SysWow64\ealregsnapshot1.reg

========== Files Created - No Company Name ==========

[2011/03/13 15:03:42 | 001,263,721 | ---- | C] () -- C:\Users\Cory\Desktop\tdsskiller.zip
[2011/03/13 02:54:25 | 000,625,664 | ---- | C] () -- C:\Users\Cory\Desktop\dds.scr
[2011/03/04 16:39:05 | 000,000,000 | ---- | C] () -- C:\Users\Cory\defogger_reenable
[2011/03/04 16:37:47 | 000,050,477 | ---- | C] () -- C:\Users\Cory\Desktop\Defogger.exe
[2011/03/02 17:46:02 | 000,001,259 | ---- | C] () -- C:\Users\Cory\Desktop\Bukkit.lnk
[2011/03/02 17:26:39 | 000,000,359 | ---- | C] () -- C:\Users\Cory\Desktop\Recycle Bin - Shortcut.lnk
[2011/02/19 09:04:57 | 000,001,359 | ---- | C] () -- C:\Users\Cory\Documents\mcedit.ini
[2011/02/14 17:34:55 | 000,329,876 | ---- | C] () -- C:\Users\Cory\Documents\Minecraft Mod Manager.jar
[2011/02/13 11:17:14 | 000,001,240 | ---- | C] () -- C:\Windows\SysWow64\ealregsnapshot1.reg
[2011/02/13 08:28:12 | 000,000,904 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934272046-1000940707-946665727-1001UA.job
[2011/02/13 08:28:12 | 000,000,852 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3934272046-1000940707-946665727-1001Core.job
[2011/02/09 16:35:19 | 000,001,771 | ---- | C] () -- C:\Windows\SysWow64\msexcr.ini
[2011/01/18 11:27:42 | 000,743,932 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/26 03:05:35 | 000,000,243 | ---- | C] () -- C:\Windows\wininit.ini
[2010/10/07 13:19:17 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010/09/17 11:17:00 | 000,002,888 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2009/07/13 22:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 19:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 19:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 17:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/07/08 18:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
[2009/06/10 14:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/10/07 14:12:31 | 000,004,401 | RH-- | M] () -- C:\dell.sdr
[2011/03/13 12:14:36 | 2115,301,375 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/13 12:14:38 | 4252,057,599 | -HS- | M] () -- C:\pagefile.sys
[2011/03/13 15:07:04 | 000,063,182 | ---- | M] () -- C:\TDSSKiller.2.4.21.0_13.03.2011_15.06.08_log.txt

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >











OTL Extras logfile created on: 3/13/2011 3:13:20 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Cory\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.20 Gb Total Space | 1306.74 Gb Free Space | 94.40% Space Free | Partition Type: NTFS
Drive I: | 978.72 Mb Total Space | 978.64 Mb Free Space | 99.99% Space Free | Partition Type: FAT

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02AD9D20-03D2-4DE0-8793-E8253026AD86}" = EMCGadgets64
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{26A24AE4-039D-4CA4-87B4-2F86416020FF}" = Java™ 6 Update 20 (64-bit)
"{5EB6F3CB-46F4-451F-A028-7F6D8D35D7D0}" = Windows Live Language Selector
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{62B883AB-AC37-9127-56D0-2C3FC0AFC724}" = ccc-utility64
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}" = Dell Edoc Viewer
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{963BFE7E-C350-4346-B43C-B02358306A45}" = Apple Mobile Device Support
"{AB3FDAEC-7702-3A47-655B-4A34714CBEFA}" = ccc-utility64
"{B6EFD9A5-2ECE-4C22-BAEC-D16E73EA2013}" = iTunes
"{C73A3942-84C8-4597-9F9B-EE227DCBA758}" = Dell Dock
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DB9C43F7-0B0F-4E43-9E6B-F945C71C469E}" = VD64Inst
"{DBB03C04-9E78-6758-94C9-5D128401CFF8}" = WMV9/VC-1 Video Playback
"{E4F5E48E-7155-4CF9-88CD-7F377EC9AC54}" = Bonjour
"{E77543EE-6FB5-4FF6-AB70-635392C8C756}" = Microsoft Security Client
"{E974638C-9F47-48C4-672C-B9C65F2BAD62}" = AMD Drag and Drop Transcoding
"{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0032D29F-7E8F-40E5-AD12-8857AAB0DBFF}" = Catalyst Control Center - Branding
"{034C3647-3240-B744-D10B-637197A1E5B1}" = Catalyst Control Center InstallProxy
"{052bac4a-6f79-46d4-a024-1ce1b4f73cd4}" = Microsoft Visual C++ 2005 Redistributable
"{055EE59D-217B-43A7-ABFF-507B966405D8}" = ATI Catalyst Control Center
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Central Data
"{097E59B5-CCAB-46B6-6A0B-EDF2CA595C84}" = CCC Help French
"{098122AB-C605-4853-B441-C0A4EB359B75}" = DirectXInstallService
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0ED7EE95-6A97-47AA-AD73-152C08A15B04}" = Dell DataSafe Local Backup
"{11083C7A-D0D6-4DA4-8C3A-74B8389EC07B}" = ATI Catalyst Registration
"{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}" = Dell DataSafe Online
"{17DFE37C-064E-4834-AD8F-A4B2B4DF68F8}" = Adobe Photoshop Elements 8.0
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Central Tools
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{25FAEDD1-3733-86F7-55F5-D7AEAF2D93B0}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java™ 6 Update 23
"{280DF415-F2C2-122F-CC52-AA7EAECF3E14}" = CCC Help Czech
"{2C440596-FD75-9EA6-5472-B2EDBF5D222B}" = ccc-core-static
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{32773B3E-45CA-5CA3-0A6A-E3FF592B3AD3}" = Catalyst Control Center Graphics Previews Vista
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{351DE0AB-7787-4497-9A7A-4AA9E3A4E290}" = Dell Communications (Support Software)
"{36CEA188-3DFA-6391-4774-C92D4B092407}" = Skins
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology
"{46D936B9-DE22-983C-341C-968C3E122CF8}" = CCC Help Dutch
"{480C0D1B-C42A-FD87-F404-A54D9B1C619C}" = CCC Help Hungarian
"{481AB4A0-BB71-F2D9-E155-89F0D773FE9E}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{53447D64-FD9C-B3B9-25B3-47292EE10EBF}" = CCC Help Japanese
"{537BF16E-7412-448C-95D8-846E85A1D817}" = Roxio Easy CD and DVD Burning
"{56158912-D481-DE3A-298C-E13B24E3A87C}" = Catalyst Control Center Graphics Full New
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{612B5D2E-8084-4102-91DE-24281E4EFB2C}" = Roxio Easy CD and DVD Burning
"{6262B40D-FAA5-5CCF-6DE3-9FAFB6C7DC89}" = Catalyst Control Center Graphics Previews Common
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galactic Adventures
"{64997420-9AFE-289E-1B7A-E2C59937D973}" = CCC Help Portuguese
"{65C0025A-2CDE-43C5-82D0-C7A56EF0DB39}" = Bing Bar Platform
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6BBC8D43-AA08-8FCD-EDA6-EED2342A4FF0}" = CCC Help Turkish
"{72E5E3F5-5BE3-BA64-49A6-4FA26EF69721}" = Catalyst Control Center InstallProxy
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Central Audio
"{749FCBB7-D313-CCCA-E2CF-7850A019311F}" = CCC Help Finnish
"{74CC9A1B-4A3D-AEEC-3ED6-71F7B42A5EFE}" = CCC Help Chinese Traditional
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACEE78A-537D-2857-1A64-72198BC4A67D}" = Catalyst Control Center Graphics Previews Vista
"{7CD82818-18F2-E4D5-A502-9D1F16C8DF9C}" = Catalyst Control Center Graphics Previews Common
"{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}" = Dell Getting Started Guide
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A76CFCA-4BEC-C88E-3A7B-7CD18E3B86EA}" = CCC Help English
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8BBCF476-7566-9129-F7C0-619087484138}" = CCC Help Norwegian
"{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}" = Sonic CinePlayer Decoder Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF50F43-7BB0-4BF4-C67F-F9BF254AC278}" = CCC Help Spanish
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DD96558-0E0C-8563-E00D-C970155C5503}" = CCC Help German
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"{A58E067E-2C66-B40A-AF7A-4A82307E671C}" = CCC Help Thai
"{A69D7B32-2BE9-42BF-B576-69B5E0FF7394}" = Catalyst Control Center - Branding
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9668246-FB70-4103-A1E3-66C9BC2EFB49}" = Dell DataSafe Local Backup - Support Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA43D433-3DE8-F2CA-1728-4BA962D9FAE4}" = CCC Help Chinese Standard
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{AD17B1DD-9342-F787-92EC-E93441042A23}" = CCC Help English
"{AF1D271B-B122-1707-6707-9E29A96082D2}" = CCC Help Polish
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Central Copy
"{BEE0F537-96FA-8F84-FB5E-570EE86F636A}" = Catalyst Control Center Core Implementation
"{C07F8D75-7A8D-400E-A8F9-A3F396B49BB1}" = SPORE™ Creepy & Cute Parts Pack
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{CDD450A5-9F2E-1D61-5FEB-DDD30E985D23}" = CCC Help Korean
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D5BAE960-8312-3EB3-A116-3F5926A1E7B7}" = Catalyst Control Center Graphics Full Existing
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E4382E64-1EB5-09D2-5D29-FEBB46A6F340}" = CCC Help Italian
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E9E8E4CC-8274-3831-7103-10B2AD73588C}" = CCC Help Russian
"{EA100873-8DD1-4505-2D61-9666569B54B6}" = Catalyst Control Center Graphics Light
"{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EC877639-07AB-495C-BFD1-D63AF9140810}" = Roxio Activation Module
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Central Core
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F26A0379-5852-CA4C-0BF6-662AC274A3D8}" = CCC Help Swedish
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel® Control Center
"{F8C87E78-B318-C156-F8B0-427F6D3FC443}" = CCC Help Greek
"{FDB46DE7-9045-47BB-970A-3E4ED5369E03}" = EMC 10 Content
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF527B68-2D1D-B15B-0FFC-8BF8487AD194}" = ccc-core-static
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 8.0" = Adobe Photoshop Elements 8.0
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Combat Arms" = Combat Arms
"Dell Dock" = Dell Dock
"DFO" = DFOLauncher
"Disney Pirates of the Caribbean Online_TEST" = Disney Pirates of the Caribbean Online TEST
"GoToAssist" = GoToAssist 8.0.0.514
"InstallShield_{9F0A32A5-4EBF-4B9D-A3CD-31579F2E1400}" = Multimedia Card Reader
"Mabinogi" = Mabinogi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MapleStory" = MapleStory
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Vindictus" = Vindictus
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/15/2011 9:40:27 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/17/2011 10:58:51 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/18/2011 11:03:29 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A certificate chain could not be built to a trusted root authority.
.

Error - 2/18/2011 11:13:29 PM | Computer Name = Cory-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: A certificate chain could not be built to a trusted root authority.
.

Error - 2/20/2011 7:07:33 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/22/2011 9:27:40 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/23/2011 7:06:09 PM | Computer Name = Cory-PC | Source = Application Hang | ID = 1002
Description = The program java.exe version 6.0.230.5 stopped interacting with Windows
and was closed. To see if more information about the problem is available, check
the problem history in the Action Center control panel. Process ID: 3c8 Start Time:
01cbd3ae32358cf8 Termination Time: 2 Application Path: C:\Program Files (x86)\Java\jre6\bin\java.exe

Report
Id: 7b549eab-3fa1-11e0-9303-842b2ba6a4f2

Error - 2/24/2011 9:13:22 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

Error - 2/26/2011 3:07:36 PM | Computer Name = Cory-PC | Source = Application Error | ID = 1000
Description = Faulting application name: iexplore.exe, version: 8.0.7600.16722,
time stamp: 0x4d0c2f29 Faulting module name: Flash10m.ocx, version: 10.2.152.26,
time stamp: 0x4d4b5d09 Exception code: 0xc0000005 Fault offset: 0x00195b3c Faulting
process id: 0x17c0 Faulting application start time: 0x01cbd5e2af5eebc2 Faulting application
path: C:\Program Files (x86)\Internet Explorer\iexplore.exe Faulting module path:
C:\Windows\SysWOW64\Macromed\Flash\Flash10m.ocx Report Id: abf910aa-41db-11e0-94fe-842b2ba6a4f2

Error - 2/26/2011 8:29:45 PM | Computer Name = Cory-PC | Source = SideBySide | ID = 16842815
Description = Activation context generation failed for "c:\program files (x86)\spybot
- search & destroy\DelZip179.dll".Error in manifest or policy file "c:\program
files (x86)\spybot - search & destroy\DelZip179.dll" on line 8. The value "*" of
attribute "language" in element "assemblyIdentity" is invalid.

[ System Events ]
Error - 3/2/2011 7:22:39 PM | Computer Name = Cory-PC | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.99.209.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 3/3/2011 6:25:27 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 3/3/2011 6:25:35 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/3/2011 8:38:31 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 3/3/2011 8:38:39 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/3/2011 10:10:50 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 3/3/2011 10:10:57 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/4/2011 6:24:20 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7000
Description = The SessionLauncher service failed to start due to the following error:
%%2

Error - 3/4/2011 6:24:29 PM | Computer Name = Cory-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
RxFilter

Error - 3/4/2011 6:24:32 PM | Computer Name = Cory-PC | Source = Microsoft Antimalware | ID = 3002
Description = %%860 Real-Time Protection feature has encountered an error and failed.

Feature:
%%835 Error Code: 0x80004005 Error description: Unspecified error Reason: %%842


< End of report >

#6 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 14 March 2011 - 09:10 AM

Hi again jc6498!!.. :)

Firstly,
Please run OTL.exe.
  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):


    :OTL
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] File not found
    O27:64bit: - HKLM IFEO\OLT.exe: Debugger - C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
    O27 - HKLM IFEO\OLT.exe: Debugger - svchost.exe (Microsoft Corporation)
    [2011/03/13 03:00:40 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
    [2011/02/27 13:48:20 | 000,000,000 | -HSD | C] -- C:\Users\Cory\AppData\Roaming\Internet Security Essentials
    [2011/02/27 13:47:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\ISQWPQECLE
    [2011/02/27 13:46:39 | 000,000,000 | -HSD | C] -- C:\ProgramData\ff0b1e
    :Commands
    [EmptyTemp]
    [EMPTYFLASH]
    [RESETHOSTS]

  • Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Secondly,
Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer (32 bit version - Start --> All programs --> Internet Explorer) for this scan. Internet Explorer must be run as administrator - right click and choose: Run as administrator.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files (x86)\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#7 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 14 March 2011 - 08:32 PM

Hi snemelk, here are the logs:

All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RESTART_STICKY_NOTES deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ deleted successfully.
Item C:\Windows\SysNative\svchost.exe is whitelisted and cannot be moved.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\OLT.exe\ not found.
Item C:\Windows\SysWow64\svchost.exe is whitelisted and cannot be moved.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows\IETldCache folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft\Windows folder moved successfully.
C:\Windows\SysWow64\%APPDATA%\Microsoft folder moved successfully.
C:\Windows\SysWow64\%APPDATA% folder moved successfully.
C:\Users\Cory\AppData\Roaming\Internet Security Essentials folder moved successfully.
C:\ProgramData\ISQWPQECLE folder moved successfully.
C:\ProgramData\ff0b1e\Quarantine Items folder moved successfully.
C:\ProgramData\ff0b1e\ISESys folder moved successfully.
C:\ProgramData\ff0b1e folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Cory
->Temp folder emptied: 25863417 bytes
->Temporary Internet Files folder emptied: 148811618 bytes
->Java cache emptied: 22538271 bytes
->Google Chrome cache emptied: 23249834 bytes
->Flash cache emptied: 53882 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 22141083 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
RecycleBin emptied: 4878869398 bytes

Total Files Cleaned = 4,884.00 mb


[EMPTYFLASH]

User: All Users

User: Cory
->Flash cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 03142011_164248

Files\Folders moved on Reboot...
C:\Users\Cory\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...







ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)
# OnlineScanner.ocx=1.0.0.6425
# api_version=3.0.2
# EOSSerial=5e1e43bb0a93cc409916b00b5871f4a2
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-03-15 01:00:35
# local_time=2011-03-14 06:00:35 (-0700, US Mountain Standard Time)
# country="United States"
# lang=9
# osver=6.1.7600 NT
# compatibility_mode=5893 16776574 66 85 51675943 51690860 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=210092
# found=0
# cleaned=0
# scan_time=3425

#8 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 15 March 2011 - 05:43 PM

Hi again jc6498!!.. :)

That looks good!!.. Does any problem persist??..

We need to update outdated programs (with security vulnerabilities) on your machine:

- Adobe Acrobat Reader:

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 9.1.2 first):
Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

- Java

Go to Start -> Control Panel -> Programs and Features, highlight a program to see the available option on the toolbar for it. Choose Uninstall for:
Java™ 6 Update 20 (64-bit)
Java™ 6 Update 23


Then,
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says Java Platform, Standard Edition / "Java SE 6 Update 24".
  • Click the "Download JRE" button to the right.
  • In the Window that opens, select Windows, your Language, check the "agree" box and click Continue.
  • Click on the link to download Windows Offline Installation and save to your Desktop.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u24-windows-i586.exe that you downloaded to install the newest version.

If you wish to use Java on a 64bit browser, download and install a Windows x64 version as well...

- Skype: I suggest upgrading to the latest version: Skype

- Adobe Flash Player:

To make sure you have the latest version of Adobe Flash Player installed:
1. To uninstall an older version, download this file to your Desktop: uninstall_flash_player.exe
2. Quit ALL running applications, including all Internet Explorer or other browser windows, and messenger applications (like AOL Instant Messenger, Yahoo Messenger, MSN Messenger.
3. Double-click on the file you've downloaded to uninstall Flash.
4. If uninstalled successfully, go to this site: Install Adobe Flash Player, and choose Agree and install now. This will install the newest version of Flash for your browser (note: Flash plugins for IE and Firefox must be installed separately).
Note: I recommend you uncheck an optional install (Free McAfee Security Scan or Free Google Toolbar).

- Service Pack 1 for Windows 7: the latest Service pack for Windows 7 is out (see here: KB976932)! I recommend you install it. It should be available via Windows Update...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#9 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 16 March 2011 - 11:31 PM

Hello again,

I updated all of those items (just left Skype uninstalled) and did the Service Pack 1 update. While the drop downs work on web pages, search is still redirecting.

I ran DDS again and provided the logs...

.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Cory at 21:24:55.85 on Wed 03/16/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8151.6254 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Cory\Desktop\dds.scr
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mabinogi.nexon.net/
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Google Update] "C:\Users\Cory\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [DellComms] "C:\Program Files (x86)\Dell\DellComms\bin\sprtcmd.exe" /P DellComms
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
uPolicies-explorer: DisallowRun = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: image file execution options - svchost.exe
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
IFEO-X64: image file execution options - svchost.exe
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-10-7 55280]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 188928]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-10-7 13336]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-26 1153368]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-10-7 673088]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [2009-5-5 206064]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2011-1-26 9085952]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2011-1-26 299520]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-10-7 56344]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-7 271872]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-10-7 321064]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2010-4-24 721768]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2010-4-24 269672]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2010-4-24 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2010-4-24 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?]
S3 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-9-18 169312]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-10-7 158976]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-3-16 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-29 1255736]
.
=============== Created Last 30 ================
.
2011-03-17 04:02:22 -------- d-----w- C:\Windows\System32\SPReview
2011-03-17 04:00:59 867840 ----a-w- C:\Windows\System32\SearchFolder.dll
2011-03-17 03:59:59 78848 ----a-w- C:\Windows\System32\tabcal.exe
2011-03-17 03:58:57 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-03-17 03:58:57 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-03-17 03:58:57 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-03-17 03:58:55 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-03-17 03:58:54 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-03-17 03:58:49 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-03-17 03:58:49 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-03-17 03:41:44 -------- d-----w- C:\Users\Cory\AppData\Local\ElevatedDiagnostics
2011-03-17 03:03:12 -------- d-----w- C:\Windows\System32\EventProviders
2011-03-17 01:49:50 -------- d-----w- C:\Program Files (x86)\Microsoft
2011-03-17 01:48:35 7947600 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{90BECFBB-9CC7-408E-A849-5703F93DB6CB}\mpengine.dll
2011-03-17 01:46:34 321024 ----a-w- C:\Windows\System32\d3d10_1core.dll
2011-03-17 01:46:34 219136 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2011-03-17 01:46:34 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2011-03-17 01:46:34 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2011-03-17 01:45:17 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2011-03-17 01:45:16 902656 ----a-w- C:\Windows\System32\d2d1.dll
2011-03-17 01:45:16 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2011-03-17 01:45:16 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2011-03-17 01:45:16 1076736 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-03-16 04:50:41 -------- d-----w- C:\Users\Cory\AppData\Local\Adobe
2011-03-14 23:56:37 -------- d-----w- C:\Program Files (x86)\ESET
2011-03-14 23:42:48 -------- d-----w- C:\_OTL
2011-03-13 09:42:43 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-13 09:42:43 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-13 09:42:43 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-13 09:42:43 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-13 09:42:43 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-13 09:42:43 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-13 09:42:43 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-13 09:42:42 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-02-28 01:16:27 -------- d-----w- C:\Users\Cory\AppData\Roaming\Malwarebytes
2011-02-28 01:16:24 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-02-28 01:16:23 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-02-28 01:16:21 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-02-28 01:16:20 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-02-23 00:54:07 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-02-23 00:54:07 475648 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-23 00:54:07 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-02-23 00:54:06 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
.
==================== Find3M ====================
.
2011-03-17 04:05:32 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-03-17 04:05:32 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-03-16 05:12:09 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-03-16 05:11:10 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-02-13 18:17:14 1240 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2011-01-27 06:37:22 9085952 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-01-27 06:22:20 22295040 ----a-w- C:\Windows\System32\atio6axx.dll
2011-01-27 06:00:46 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-01-27 06:00:32 596480 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-01-27 05:59:48 17204736 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-01-27 05:59:12 708608 ----a-w- C:\Windows\System32\aticfx64.dll
2011-01-27 05:56:30 462848 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-01-27 05:56:16 479232 ----a-w- C:\Windows\System32\atieclxx.exe
2011-01-27 05:55:38 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-01-27 05:54:22 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-01-27 05:54:02 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-01-27 05:53:56 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-01-27 05:53:44 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-01-27 05:53:38 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2011-01-27 05:53:34 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-01-27 05:53:28 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-01-27 05:49:46 4105728 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-01-27 05:40:04 4847616 ----a-w- C:\Windows\System32\atidxx64.dll
2011-01-27 05:32:48 1208320 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-01-27 05:32:14 1912832 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-01-27 05:32:02 3222016 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-01-27 05:28:54 4170752 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-01-27 05:27:54 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-01-27 05:27:52 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-01-27 05:27:44 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-01-27 05:27:42 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-01-27 05:27:32 6982144 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-01-27 05:25:52 5580800 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-01-27 05:24:20 3463680 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-01-27 05:22:00 5316096 ----a-w- C:\Windows\System32\atiumd64.dll
2011-01-27 05:20:46 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-01-27 05:14:16 354304 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-01-27 05:14:10 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-01-27 05:13:58 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-01-27 05:13:54 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-01-27 05:13:54 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-01-27 05:13:52 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-01-27 05:13:44 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-01-27 05:13:34 299520 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-01-27 05:12:48 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-01-27 05:12:42 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-01-27 05:12:34 38400 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-01-27 05:12:26 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-01-27 05:11:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-01-27 05:08:48 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2011-01-27 05:08:48 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-01-27 05:08:42 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-01-27 05:08:42 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-01-07 12:14:11 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 09:51:01 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-01-07 09:20:44 366592 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 07:45:57 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 06:01:22 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-01-07 05:43:36 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 10:34:00 612864 ----a-w- C:\Windows\System32\vbscript.dll
2011-01-05 06:56:24 3129344 ----a-w- C:\Windows\System32\win32k.sys
2011-01-05 05:55:55 428032 ----a-w- C:\Windows\SysWow64\vbscript.dll
2010-12-17 11:42:18 214016 ----a-w- C:\Windows\System32\winsrv.dll
2010-12-17 11:40:10 715776 ----a-w- C:\Windows\System32\kerberos.dll
2010-12-17 07:07:55 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 21:25:53.80 ===============

Attached Files



#10 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 17 March 2011 - 01:14 PM

Hi again jc6498 and thanks for the update!.. :)

While the drop downs work on web pages, search is still redirecting.

Hmmm, the modified Hosts file is gone, but there is still one possibility left - do you use a router (does this computer connect through a router?) ?

Please run this scan for me:
Please run OTL.exe.
  • On the upper bar click the button: None.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    nslookup www.google.com /c

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open one Notepad window. OTL.Txt - saved in the same location as OTL. Post the log in this thread.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#11 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 17 March 2011 - 05:53 PM

Yes, I use a router. There are 3 other computers on it and they are able to search without any problems.


OTL logfile created on: 3/17/2011 3:49:36 PM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Cory\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 79.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1384.20 Gb Total Space | 1315.45 Gb Free Space | 95.03% Space Free | Partition Type: NTFS

Computer Name: CORY-PC | User Name: Cory | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========


< nslookup www.google.com /c >
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.254.254
DNS request timed out.
timeout was 2 seconds.
DNS request timed out.
timeout was 2 seconds.
Name: WWW.GOOGLE.COM
Address: 74.40.38.28

< >

< End of report >

#12 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 17 March 2011 - 06:34 PM

Hi again jc6498!!.. :)

Yes, I use a router. There are 3 other computers on it and they are able to search without any problems.

I see - usually, when a router is hijacked, the search engine redirection persists on all computers connected to the network - usually, but not always...

Anyway, that IP address certainly doesn't belong to Google:
Name: WWW.GOOGLE.COM
Address: 74.40.38.28


That's why I would recommend resetting your router:

Please read my article here: Routers - security, then (after disconnecting other machines from the router) reset it back to the factory default settings, and change the username/password on your router...

Let me know if you need help with it...
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#13 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 17 March 2011 - 08:22 PM

I reset the router and changed the password but the search is still redirecting.

#14 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:04:23 PM

Posted 18 March 2011 - 05:20 AM

Hi again jc6498!!.. :)

Strange... Let's try something simple first, before a more thorough check:

Reset the DNS Cache:
Start --> All Programs --> Accessories --> right-click the Command prompt icon and choose: "Run As Administrator".
In the Command prompt window, type the following (or copy and right-click paste) and hit enter:

ipconfig /flushdns

If everything goes well, you'll see a confirmation dialog window:
Windows IP Configuration. Successfully flushed the DNS Resolver Cache.

Does it still redirect? If yes, do this:

Close all Internet Explorer windows...
Click Start -> All Programs -> Accessories -> System Tools, and then click Internet Explorer (No Add-ons).

Does it redirect in a "No Add-ons" mode as well??..
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#15 jc6498

jc6498
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:23 AM

Posted 18 March 2011 - 06:14 PM

yes, still redirecting after dns flush, still redirecting running with no add ons. This is where it is redirecting to if that tells you anything: hxxp://findgala.com/?&uid=302&q=nn

Edited by snemelk, 19 March 2011 - 04:28 PM.
to disable a live link...





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users