Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect virus no end in sight


  • This topic is locked This topic is locked
30 replies to this topic

#1 nivekk91

nivekk91

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 13 October 2011 - 02:04 PM

I have tried everything and even reinstalled windows yet the links in google are still redirecting me.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000
Run by Kevin at 14:50:22 on 2011-10-13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.9206.7269 [GMT -4:00]
.
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\MHotKey.exe
C:\Windows\ChiFuncExt.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe
C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\CNYHKey.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\ModLedKey.exe
C:\Program Files (x86)\Internet Explorer\IEUser.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
mRun: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun: [UpdReg] C:\Windows\UpdReg.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LchDrvKey] LchDrvKey.exe
mRun: [LedKey] CNYHKey.exe
dRunOnce: [StartMSu] "C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe" /s
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B60FA805-863C-4C84-9CF0-EA95A19405A8} : DhcpNameServer = 192.168.1.1
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~2\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
TB-X64: Show Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [VolPanel] "C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" /r
mRun-x64: [UpdReg] C:\Windows\UpdReg.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [LchDrvKey] LchDrvKey.exe
mRun-x64: [LedKey] CNYHKey.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39wr4x9c.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-2-17 149352]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
R3 gwfilt64;gwfilt64;C:\Windows\system32\drivers\gwfilt64.sys --> C:\Windows\system32\drivers\gwfilt64.sys [?]
R3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RTS5121.sys --> C:\Windows\system32\Drivers\RTS5121.sys [?]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2008-1-26 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-1-26 79360]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
S3 IDSvia64;Symantec Intrusion Prevention Driver;C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvia64.sys [2008-1-26 359472]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 Symantec Core LC;Symantec Core LC;C:\PROGRA~2\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe [2008-1-26 1245064]
.
=============== Created Last 30 ================
.
2011-10-13 17:44:24 -------- d-sh--w- C:\$RECYCLE.BIN
2011-10-13 17:29:33 -------- d-----w- C:\Users\Kevin\AppData\Local\temp
2011-10-13 16:34:19 -------- d-----w- C:\ComboFix
2011-10-13 16:28:52 98816 ----a-w- C:\Windows\sed.exe
2011-10-13 16:28:52 518144 ----a-w- C:\Windows\SWREG.exe
2011-10-13 16:28:52 256000 ----a-w- C:\Windows\PEV.exe
2011-10-13 16:28:52 208896 ----a-w- C:\Windows\MBR.exe
2011-10-13 15:38:13 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes
2011-10-13 15:38:05 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-13 15:38:01 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-13 15:38:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-13 03:45:48 -------- d-----w- C:\Windows\pss
2011-10-13 01:29:31 -------- d-----w- C:\Users\Kevin\riotsGamesLogs
2011-10-13 01:29:09 -------- d-----w- C:\Users\Kevin\AppData\Roaming\LolClient
2011-10-12 17:57:07 -------- d-----w- C:\_OTM
2011-10-11 22:16:02 68616 ----a-w- C:\Windows\SysWow64\XAPOFX1_1.dll
2011-10-11 22:16:02 509448 ----a-w- C:\Windows\SysWow64\XAudio2_2.dll
2011-10-11 22:16:02 467984 ----a-w- C:\Windows\SysWow64\d3dx10_39.dll
2011-10-11 22:16:02 3851784 ----a-w- C:\Windows\SysWow64\D3DX9_39.dll
2011-10-11 22:16:02 1493528 ----a-w- C:\Windows\SysWow64\D3DCompiler_39.dll
2011-10-11 22:13:13 -------- d-----w- C:\Riot Games
2011-10-11 21:34:33 -------- d-----w- C:\Users\Kevin\AppData\Local\PMB Files
2011-10-11 21:34:18 -------- d-----w- C:\ProgramData\PMB Files
2011-10-11 21:33:59 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2011-10-11 21:33:55 0 ----a-w- C:\Windows\ativpsrm.bin
2011-10-11 21:33:45 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-10-11 21:33:32 -------- d-----w- C:\Program Files\ATI
2011-10-11 21:30:56 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 21:29:55 -------- d-----w- C:\Users\Kevin\AppData\Local\Adobe
2011-10-11 21:16:51 -------- d-----w- C:\Users\Kevin\AppData\Local\Google
2011-10-11 21:01:40 -------- d-----w- C:\Program Files (x86)\Northstar
2011-10-11 20:57:46 6172160 ----a-w- C:\Windows\System32\RTS5121icon.dll
2011-10-11 20:57:46 349184 ----a-w- C:\Windows\System32\rts5121.dll
2011-10-11 20:57:46 204288 ----a-w- C:\Windows\System32\drivers\RTS5121.sys
2011-10-11 20:57:29 581120 ----a-w- C:\Windows\mHotkey.exe
2011-10-11 20:57:29 57344 ----a-w- C:\Windows\ChiFuncExt.exe
2011-10-11 20:57:29 53248 ----a-w- C:\Windows\ModLEDKey.exe
2011-10-11 20:57:29 36864 ----a-w- C:\Windows\LchDrvKey.exe
2011-10-11 20:57:29 339968 ----a-w- C:\Windows\CNYHKey.exe
2011-10-11 20:57:29 294912 ----a-w- C:\Windows\PIC.dll
2011-10-11 20:56:56 -------- d-----w- C:\Users\Kevin\AppData\Local\ATI
2011-10-11 20:56:55 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Symantec
2011-10-11 20:56:13 -------- d-----w- C:\Users\Kevin\AppData\Local\VirtualStore
2011-10-11 20:53:38 -------- d-----w- C:\Program Files\eBay
2011-10-11 20:47:11 -------- d-sh--we C:\Documents and Settings
.
==================== Find3M ====================
.
2011-10-11 21:35:09 525792 ----a-w- C:\Windows\DIFxAPI.dll
.
============= FINISH: 14:57:48.47 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 17 October 2011 - 09:13 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 18 October 2011 - 09:13 PM

The redirections seem to be intermittent. Sometimes i will go a whole day with no redirections and others there wont be a single link that does not redirect.




ComboFix 11-10-18.04 - Kevin 10/18/2011 21:16:30.2.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.9206.7490 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 01:41 . 2011-10-19 01:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-13 15:38 . 2011-10-13 15:38 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 15:38 . 2011-10-13 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-13 15:38 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 17:57 . 2011-10-12 17:57 -------- d-----w- C:\_OTM
2011-10-12 15:23 . 2011-10-12 15:23 -------- d-----w- c:\program files\Google
2011-10-11 22:16 . 2008-07-31 14:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-10-11 22:16 . 2008-07-31 14:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-10-11 22:16 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-10-11 22:16 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-10-11 22:16 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-10-11 22:13 . 2011-10-11 22:13 -------- d-----w- C:\Riot Games
2011-10-11 21:33 . 2011-10-11 21:33 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files\ATI
2011-10-11 21:30 . 2011-10-11 21:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 21:01 . 2011-10-11 21:01 -------- d-----w- c:\program files (x86)\Northstar
2011-10-11 20:57 . 2008-06-04 06:06 204288 ----a-w- c:\windows\system32\drivers\RTS5121.sys
2011-10-11 20:57 . 2008-05-20 02:04 6172160 ----a-w- c:\windows\system32\RTS5121icon.dll
2011-10-11 20:57 . 2008-02-20 01:18 349184 ----a-w- c:\windows\system32\rts5121.dll
2011-10-11 20:57 . 2008-05-30 14:50 581120 ----a-w- c:\windows\mHotkey.exe
2011-10-11 20:57 . 2008-04-23 21:05 339968 ----a-w- c:\windows\CNYHKey.exe
2011-10-11 20:57 . 2008-02-01 15:04 57344 ----a-w- c:\windows\ChiFuncExt.exe
2011-10-11 20:57 . 2007-03-28 21:55 36864 ----a-w- c:\windows\LchDrvKey.exe
2011-10-11 20:57 . 2007-01-08 18:51 53248 ----a-w- c:\windows\ModLEDKey.exe
2011-10-11 20:57 . 2003-07-03 18:21 294912 ----a-w- c:\windows\PIC.dll
2011-10-11 20:56 . 2011-10-11 20:56 -------- d-----w- c:\programdata\ATI
2011-10-11 20:53 . 2011-10-11 20:53 -------- d-----w- c:\program files\eBay
2011-10-11 20:53 . 2011-10-12 15:32 -------- d-----w- c:\program files (x86)\Google
2011-10-11 20:52 . 2011-10-13 01:29 -------- d-----w- c:\users\Kevin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 21:35 . 2008-01-26 21:27 525792 ----a-w- c:\windows\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_17.12.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-10-13 03:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-10-14 21:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-14 20:56 . 2011-10-14 21:56 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-13 03:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-10-14 21:56 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-10-14 18:28 32192 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-10-14 21:58 60824 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-13 00:14 . 2011-10-13 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-13 00:14 . 2011-10-17 00:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-13 00:14 . 2011-10-13 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 00:14 . 2011-10-17 00:36 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 15:30 . 2011-10-14 18:25 4342 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-10-12 20:08 . 2011-10-14 17:57 1924 c:\windows\system32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-10-11 20:54 . 2011-10-14 21:58 4624 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1676951889-258123732-715374635-1000_UserData.bin
+ 2011-10-19 01:53 . 2011-10-19 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-13 17:10 . 2011-10-13 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-13 17:10 . 2011-10-13 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-19 01:53 . 2011-10-19 01:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-12 17:28 . 2011-10-19 01:05 251392 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-10-13 16:36 595446 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-10-14 22:02 595446 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-13 16:36 101144 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-10-14 22:02 101144 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-07-10 225396]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"LedKey"="CNYHKey.exe" [2008-04-23 339968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMSu"="c:\program files (x86)\Creative\MediaSource5\Startmsu.exe" [2006-10-02 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-01-26 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
R3 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvia64.sys [2008-02-13 359472]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-17 149352]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 15:32]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 15:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39wr4x9c.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\windows\CNYHKey.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\IEUser.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-10-18 22:10:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 02:10
ComboFix2.txt 2011-10-13 17:29
.
Pre-Run: 695,804,301,312 bytes free
Post-Run: 695,695,966,208 bytes free
.
- - End Of File - - 5D4319A4BD4F75C5FD332AACFCB5A3D7

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 18 October 2011 - 09:30 PM

Greetings

Good That cleaned up some bad guys but I see some other stuff that we need to go after, so I want you to run this custom script for me.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 01:25 AM

after doing this i just tried to search and am still getting google redirects.


ComboFix 11-10-18.04 - Kevin 10/19/2011 1:38.3.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.9206.7804 [GMT -4:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
Command switches used :: c:\users\Kevin\Desktop\CFScript.txt
AV: Norton 360 *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton 360 *Disabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-09-19 to 2011-10-19 )))))))))))))))))))))))))))))))
.
.
2011-10-19 06:03 . 2011-10-19 06:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-13 15:38 . 2011-10-13 15:38 -------- d-----w- c:\programdata\Malwarebytes
2011-10-13 15:38 . 2011-10-13 15:38 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-10-13 15:38 . 2011-08-31 21:00 25416 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-12 17:57 . 2011-10-12 17:57 -------- d-----w- C:\_OTM
2011-10-12 15:23 . 2011-10-12 15:23 -------- d-----w- c:\program files\Google
2011-10-11 22:16 . 2008-07-31 14:41 68616 ----a-w- c:\windows\SysWow64\XAPOFX1_1.dll
2011-10-11 22:16 . 2008-07-31 14:40 509448 ----a-w- c:\windows\SysWow64\XAudio2_2.dll
2011-10-11 22:16 . 2008-07-12 12:18 467984 ----a-w- c:\windows\SysWow64\d3dx10_39.dll
2011-10-11 22:16 . 2008-07-12 12:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll
2011-10-11 22:16 . 2008-07-12 12:18 1493528 ----a-w- c:\windows\SysWow64\D3DCompiler_39.dll
2011-10-11 22:13 . 2011-10-11 22:13 -------- d-----w- C:\Riot Games
2011-10-11 21:33 . 2011-10-11 21:33 0 ----a-w- c:\windows\ativpsrm.bin
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files (x86)\Pando Networks
2011-10-11 21:33 . 2011-10-11 21:33 -------- d-----w- c:\program files\ATI
2011-10-11 21:30 . 2011-10-11 21:30 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 21:01 . 2011-10-11 21:01 -------- d-----w- c:\program files (x86)\Northstar
2011-10-11 20:57 . 2008-06-04 06:06 204288 ----a-w- c:\windows\system32\drivers\RTS5121.sys
2011-10-11 20:57 . 2008-05-20 02:04 6172160 ----a-w- c:\windows\system32\RTS5121icon.dll
2011-10-11 20:57 . 2008-02-20 01:18 349184 ----a-w- c:\windows\system32\rts5121.dll
2011-10-11 20:57 . 2008-05-30 14:50 581120 ----a-w- c:\windows\mHotkey.exe
2011-10-11 20:57 . 2008-04-23 21:05 339968 ----a-w- c:\windows\CNYHKey.exe
2011-10-11 20:57 . 2008-02-01 15:04 57344 ----a-w- c:\windows\ChiFuncExt.exe
2011-10-11 20:57 . 2007-03-28 21:55 36864 ----a-w- c:\windows\LchDrvKey.exe
2011-10-11 20:57 . 2007-01-08 18:51 53248 ----a-w- c:\windows\ModLEDKey.exe
2011-10-11 20:57 . 2003-07-03 18:21 294912 ----a-w- c:\windows\PIC.dll
2011-10-11 20:56 . 2011-10-11 20:56 -------- d-----w- c:\programdata\ATI
2011-10-11 20:53 . 2011-10-11 20:53 -------- d-----w- c:\program files\eBay
2011-10-11 20:53 . 2011-10-12 15:32 -------- d-----w- c:\program files (x86)\Google
2011-10-11 20:52 . 2011-10-13 01:29 -------- d-----w- c:\users\Kevin
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-11 21:35 . 2008-01-26 21:27 525792 ----a-w- c:\windows\DIFxAPI.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-13_17.12.16 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-21 03:20 . 2011-10-13 03:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2008-01-21 03:20 . 2011-10-19 01:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-14 20:56 . 2011-10-19 01:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2008-01-21 03:20 . 2011-10-13 03:47 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 03:20 . 2011-10-19 01:53 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2008-01-21 02:23 . 2011-10-14 18:28 32192 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2011-10-19 01:55 60896 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2011-10-13 00:14 . 2011-10-13 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-10-13 00:14 . 2011-10-19 03:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-10-13 00:14 . 2011-10-13 00:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 00:14 . 2011-10-19 03:59 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-10-13 15:30 . 2011-10-14 18:25 4342 c:\windows\system32\WDI\ERCQueuedResolutions.dat
+ 2011-10-12 20:08 . 2011-10-14 17:57 1924 c:\windows\system32\WDI\{88d4896f-f553-446a-9c75-9dec124ff8b7}.bin
+ 2011-10-11 20:54 . 2011-10-19 01:55 4656 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1676951889-258123732-715374635-1000_UserData.bin
+ 2011-10-19 06:05 . 2011-10-19 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-13 17:10 . 2011-10-13 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-13 17:10 . 2011-10-13 17:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-19 06:05 . 2011-10-19 06:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-10-12 17:28 . 2011-10-19 01:05 251392 c:\windows\system32\WDI\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2006-11-02 12:46 . 2011-10-13 16:36 595446 c:\windows\system32\perfh009.dat
+ 2006-11-02 12:46 . 2011-10-19 01:57 595446 c:\windows\system32\perfh009.dat
- 2006-11-02 12:46 . 2011-10-13 16:36 101144 c:\windows\system32\perfc009.dat
+ 2006-11-02 12:46 . 2011-10-19 01:57 101144 c:\windows\system32\perfc009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-11 3077528]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-10-11 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VolPanel"="c:\program files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe" [2008-07-10 225396]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"LchDrvKey"="LchDrvKey.exe" [2007-03-28 36864]
"LedKey"="CNYHKey.exe" [2008-04-23 339968]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"StartMSu"="c:\program files (x86)\Creative\MediaSource5\Startmsu.exe" [2006-10-02 81920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-10-11 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2008-01-26 79360]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 135664]
R3 IDSvia64;Symantec Intrusion Prevention Driver;c:\progra~3\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvia64.sys [2008-02-13 359472]
R3 Rts516xIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 LiveUpdate Notice;LiveUpdate Notice;c:\program files (x86)\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-17 149352]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
S3 RSUSBSTOR;RTS5121.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTS5121.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 15:32]
.
2011-10-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-10-12 15:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-09-18 6495264]
"Skytel"="Skytel.exe" [BU]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-07-20 182808]
"RunDLLEntry"="c:\windows\system32\RunDLL32.exe" [2006-11-02 46592]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\39wr4x9c.default\
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\EnableFullPage]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Implemented Categories]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@SACL=
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash.9"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Control]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@SACL=
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Programmable]
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash9f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@SACL=
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@SACL=
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@SACL=
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}]
@Denied: (A 2) (Everyone)
@SACL=
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil9f.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\Elevation]
@SACL=
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\LocalServer32]
@SACL=
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil9f.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D4304BCF-B8E9-4B35-BEA0-DC5B522670C2}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@SACL=
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@SACL=
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@SACL=
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@SACL=
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@SACL=
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@SACL=
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\MHotKey.exe
c:\windows\ChiFuncExt.exe
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Internet Explorer\IEUser.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
c:\windows\CNYHKey.exe
c:\windows\ModLedKey.exe
.
**************************************************************************
.
Completion time: 2011-10-19 02:22:55 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-19 06:22
ComboFix2.txt 2011-10-19 02:10
ComboFix3.txt 2011-10-13 17:29
.
Pre-Run: 695,526,129,664 bytes free
Post-Run: 695,220,412,416 bytes free
.
- - End Of File - - 804553581EA7AE42CDE58C7DDA6CFA3D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 19 October 2011 - 06:10 AM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 12:45 PM

Still having redirects and the scan found nothing.


13:43:32.0750 4148 TDSS rootkit removing tool 2.6.11.0 Oct 19 2011 13:50:27
13:43:33.0067 4148 ============================================================
13:43:33.0067 4148 Current date / time: 2011/10/19 13:43:33.0067
13:43:33.0067 4148 SystemInfo:
13:43:33.0067 4148
13:43:33.0067 4148 OS Version: 6.0.6001 ServicePack: 1.0
13:43:33.0067 4148 Product type: Workstation
13:43:33.0067 4148 ComputerName: KEVIN-PC
13:43:33.0067 4148 UserName: Kevin
13:43:33.0067 4148 Windows directory: C:\Windows
13:43:33.0067 4148 System windows directory: C:\Windows
13:43:33.0067 4148 Running under WOW64
13:43:33.0067 4148 Processor architecture: Intel x64
13:43:33.0067 4148 Number of processors: 8
13:43:33.0067 4148 Page size: 0x1000
13:43:33.0067 4148 Boot type: Normal boot
13:43:33.0067 4148 ============================================================
13:43:33.0354 4148 Initialize success
13:43:35.0431 5072 ============================================================
13:43:35.0431 5072 Scan started
13:43:35.0431 5072 Mode: Manual;
13:43:35.0431 5072 ============================================================
13:43:35.0734 5072 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
13:43:35.0735 5072 ACPI - ok
13:43:35.0779 5072 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:43:35.0781 5072 adp94xx - ok
13:43:35.0847 5072 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:43:35.0847 5072 adpahci - ok
13:43:35.0855 5072 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:43:35.0856 5072 adpu160m - ok
13:43:35.0864 5072 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:43:35.0865 5072 adpu320 - ok
13:43:35.0910 5072 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
13:43:35.0912 5072 AFD - ok
13:43:35.0979 5072 AgereSoftModem (385471f8147e1bd6a08c031e3aad3910) C:\Windows\system32\DRIVERS\agrsm64.sys
13:43:35.0985 5072 AgereSoftModem - ok
13:43:35.0993 5072 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:43:35.0993 5072 agp440 - ok
13:43:36.0020 5072 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:43:36.0020 5072 aic78xx - ok
13:43:36.0029 5072 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:43:36.0029 5072 aliide - ok
13:43:36.0036 5072 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:43:36.0037 5072 amdide - ok
13:43:36.0080 5072 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:43:36.0081 5072 AmdK8 - ok
13:43:36.0138 5072 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:43:36.0139 5072 arc - ok
13:43:36.0147 5072 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:43:36.0147 5072 arcsas - ok
13:43:36.0186 5072 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:43:36.0186 5072 AsyncMac - ok
13:43:36.0200 5072 atapi (62bd869afa2bf2e30f9d3ff428c87d5c) C:\Windows\system32\drivers\atapi.sys
13:43:36.0200 5072 atapi - ok
13:43:36.0363 5072 atikmdag (0adc170bcac8260539df29032a2e9d8d) C:\Windows\system32\DRIVERS\atikmdag.sys
13:43:36.0383 5072 atikmdag - ok
13:43:36.0442 5072 Beep - ok
13:43:36.0520 5072 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:43:36.0520 5072 blbdrive - ok
13:43:36.0548 5072 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
13:43:36.0549 5072 bowser - ok
13:43:36.0556 5072 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:43:36.0556 5072 BrFiltLo - ok
13:43:36.0563 5072 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:43:36.0563 5072 BrFiltUp - ok
13:43:36.0607 5072 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:43:36.0607 5072 Brserid - ok
13:43:36.0614 5072 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:43:36.0615 5072 BrSerWdm - ok
13:43:36.0621 5072 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:43:36.0622 5072 BrUsbMdm - ok
13:43:36.0629 5072 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:43:36.0629 5072 BrUsbSer - ok
13:43:36.0636 5072 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:43:36.0637 5072 BTHMODEM - ok
13:43:36.0647 5072 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:43:36.0647 5072 cdfs - ok
13:43:36.0673 5072 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
13:43:36.0673 5072 cdrom - ok
13:43:36.0687 5072 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
13:43:36.0687 5072 circlass - ok
13:43:36.0724 5072 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
13:43:36.0726 5072 CLFS - ok
13:43:36.0746 5072 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:43:36.0747 5072 cmdide - ok
13:43:36.0767 5072 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:43:36.0767 5072 Compbatt - ok
13:43:36.0782 5072 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:43:36.0783 5072 crcdisk - ok
13:43:36.0808 5072 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
13:43:36.0808 5072 DfsC - ok
13:43:36.0851 5072 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
13:43:36.0852 5072 disk - ok
13:43:36.0876 5072 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:43:36.0876 5072 drmkaud - ok
13:43:36.0903 5072 DXGKrnl (645b6c9dad903edde4703cb76929b7dc) C:\Windows\System32\drivers\dxgkrnl.sys
13:43:36.0907 5072 DXGKrnl - ok
13:43:36.0929 5072 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:43:36.0930 5072 E1G60 - ok
13:43:36.0940 5072 e1yexpress (b37f6853d6e0c6f5f8efde33e831b5f8) C:\Windows\system32\DRIVERS\e1y60x64.sys
13:43:36.0942 5072 e1yexpress - ok
13:43:36.0977 5072 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
13:43:36.0978 5072 Ecache - ok
13:43:37.0010 5072 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:43:37.0011 5072 elxstor - ok
13:43:37.0021 5072 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:43:37.0021 5072 ErrDev - ok
13:43:37.0034 5072 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
13:43:37.0036 5072 exfat - ok
13:43:37.0044 5072 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
13:43:37.0045 5072 fastfat - ok
13:43:37.0064 5072 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:43:37.0065 5072 fdc - ok
13:43:37.0075 5072 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:43:37.0075 5072 FileInfo - ok
13:43:37.0082 5072 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:43:37.0083 5072 Filetrace - ok
13:43:37.0090 5072 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:43:37.0090 5072 flpydisk - ok
13:43:37.0099 5072 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
13:43:37.0101 5072 FltMgr - ok
13:43:37.0134 5072 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
13:43:37.0135 5072 Fs_Rec - ok
13:43:37.0141 5072 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:43:37.0141 5072 gagp30kx - ok
13:43:37.0162 5072 GEARAspiWDM (7508fcfb8d93556213f530dffaedec45) C:\Windows\system32\Drivers\GEARAspiWDM.sys
13:43:37.0162 5072 GEARAspiWDM - ok
13:43:37.0222 5072 gwfilt64 (5e114600f350f3bee3f92516e51144f1) C:\Windows\system32\drivers\gwfilt64.sys
13:43:37.0222 5072 gwfilt64 - ok
13:43:37.0232 5072 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
13:43:37.0234 5072 HdAudAddService - ok
13:43:37.0246 5072 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:43:37.0253 5072 HDAudBus - ok
13:43:37.0274 5072 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:43:37.0274 5072 HidBth - ok
13:43:37.0282 5072 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
13:43:37.0282 5072 HidIr - ok
13:43:37.0304 5072 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
13:43:37.0305 5072 HidUsb - ok
13:43:37.0318 5072 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:43:37.0319 5072 HpCISSs - ok
13:43:37.0347 5072 HTTP (7c39506bc3be2b77b7671bb320fdb736) C:\Windows\system32\drivers\HTTP.sys
13:43:37.0349 5072 HTTP - ok
13:43:37.0379 5072 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:43:37.0379 5072 i2omp - ok
13:43:37.0387 5072 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:43:37.0387 5072 i8042prt - ok
13:43:37.0446 5072 iaStor (fc28e90f2204d8fd147fa9bfa8a51c01) C:\Windows\system32\DRIVERS\iaStor.sys
13:43:37.0448 5072 iaStor - ok
13:43:37.0471 5072 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:43:37.0472 5072 iaStorV - ok
13:43:37.0531 5072 IDSvia64 (b80ab7dc30b38307bccf1db3894aa33f) C:\PROGRA~3\Symantec\DEFINI~1\SymcData\ipsdefs\20080215.001\IDSvia64.sys
13:43:37.0533 5072 IDSvia64 - ok
13:43:37.0540 5072 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:43:37.0541 5072 iirsp - ok
13:43:37.0605 5072 IntcAzAudAddService (6fdf709500c20362ffc5057f0d1e0c8d) C:\Windows\system32\drivers\RTKVHD64.sys
13:43:37.0612 5072 IntcAzAudAddService - ok
13:43:37.0619 5072 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:43:37.0620 5072 intelide - ok
13:43:37.0645 5072 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:43:37.0646 5072 intelppm - ok
13:43:37.0686 5072 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:43:37.0687 5072 IpFilterDriver - ok
13:43:37.0694 5072 IpInIp - ok
13:43:37.0702 5072 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:43:37.0703 5072 IPMIDRV - ok
13:43:37.0711 5072 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:43:37.0713 5072 IPNAT - ok
13:43:37.0719 5072 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:43:37.0720 5072 IRENUM - ok
13:43:37.0727 5072 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:43:37.0727 5072 isapnp - ok
13:43:37.0764 5072 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
13:43:37.0765 5072 iScsiPrt - ok
13:43:37.0772 5072 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:43:37.0772 5072 iteatapi - ok
13:43:37.0780 5072 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:43:37.0781 5072 iteraid - ok
13:43:37.0788 5072 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:43:37.0789 5072 kbdclass - ok
13:43:37.0806 5072 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:43:37.0807 5072 kbdhid - ok
13:43:37.0850 5072 KSecDD (a6f636c447cf3def5f50018f0c0e1aae) C:\Windows\system32\Drivers\ksecdd.sys
13:43:37.0857 5072 KSecDD - ok
13:43:37.0867 5072 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:43:37.0867 5072 ksthunk - ok
13:43:37.0900 5072 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:43:37.0901 5072 lltdio - ok
13:43:37.0932 5072 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:43:37.0933 5072 LSI_FC - ok
13:43:37.0941 5072 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:43:37.0941 5072 LSI_SAS - ok
13:43:37.0949 5072 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:43:37.0950 5072 LSI_SCSI - ok
13:43:37.0958 5072 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:43:37.0959 5072 luafv - ok
13:43:37.0967 5072 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:43:37.0967 5072 megasas - ok
13:43:37.0985 5072 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:43:37.0987 5072 MegaSR - ok
13:43:38.0009 5072 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:43:38.0009 5072 Modem - ok
13:43:38.0040 5072 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:43:38.0040 5072 monitor - ok
13:43:38.0051 5072 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:43:38.0051 5072 mouclass - ok
13:43:38.0064 5072 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:43:38.0065 5072 mouhid - ok
13:43:38.0072 5072 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:43:38.0073 5072 MountMgr - ok
13:43:38.0082 5072 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:43:38.0082 5072 mpio - ok
13:43:38.0098 5072 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:43:38.0099 5072 mpsdrv - ok
13:43:38.0108 5072 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:43:38.0108 5072 Mraid35x - ok
13:43:38.0117 5072 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
13:43:38.0119 5072 MRxDAV - ok
13:43:38.0141 5072 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:43:38.0143 5072 mrxsmb - ok
13:43:38.0152 5072 mrxsmb10 (7aca70376a4eca01a8e02957e55d2710) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:43:38.0156 5072 mrxsmb10 - ok
13:43:38.0175 5072 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:43:38.0177 5072 mrxsmb20 - ok
13:43:38.0196 5072 msahci (f01c2bad560b4334b2d8b49f18e1ce08) C:\Windows\system32\drivers\msahci.sys
13:43:38.0197 5072 msahci - ok
13:43:38.0221 5072 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:43:38.0222 5072 msdsm - ok
13:43:38.0231 5072 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:43:38.0232 5072 Msfs - ok
13:43:38.0258 5072 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:43:38.0258 5072 msisadrv - ok
13:43:38.0273 5072 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:43:38.0274 5072 MSKSSRV - ok
13:43:38.0281 5072 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:43:38.0282 5072 MSPCLOCK - ok
13:43:38.0299 5072 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:43:38.0299 5072 MSPQM - ok
13:43:38.0318 5072 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
13:43:38.0322 5072 MsRPC - ok
13:43:38.0342 5072 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:43:38.0343 5072 mssmbios - ok
13:43:38.0362 5072 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:43:38.0363 5072 MSTEE - ok
13:43:38.0384 5072 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
13:43:38.0384 5072 Mup - ok
13:43:38.0402 5072 NativeWifiP (7c81124ea83cca576558371c6ac0896d) C:\Windows\system32\DRIVERS\nwifi.sys
13:43:38.0404 5072 NativeWifiP - ok
13:43:38.0448 5072 NAVENG (80269301bdbc362d053b697f9162749a) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080213.036\ENG64.SYS
13:43:38.0449 5072 NAVENG - ok
13:43:38.0480 5072 NAVEX15 (860a3966135e107b40de92eebde551cf) C:\PROGRA~3\Symantec\DEFINI~1\VIRUSD~1\20080213.036\EX64.SYS
13:43:38.0486 5072 NAVEX15 - ok
13:43:38.0517 5072 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
13:43:38.0520 5072 NDIS - ok
13:43:38.0534 5072 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:43:38.0535 5072 NdisTapi - ok
13:43:38.0547 5072 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:43:38.0548 5072 Ndisuio - ok
13:43:38.0555 5072 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
13:43:38.0556 5072 NdisWan - ok
13:43:38.0564 5072 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:43:38.0564 5072 NDProxy - ok
13:43:38.0580 5072 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:43:38.0581 5072 NetBIOS - ok
13:43:38.0602 5072 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
13:43:38.0605 5072 netbt - ok
13:43:38.0638 5072 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:43:38.0639 5072 nfrd960 - ok
13:43:38.0647 5072 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
13:43:38.0648 5072 Npfs - ok
13:43:38.0678 5072 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:43:38.0678 5072 nsiproxy - ok
13:43:38.0712 5072 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
13:43:38.0718 5072 Ntfs - ok
13:43:38.0738 5072 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:43:38.0738 5072 Null - ok
13:43:38.0758 5072 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:43:38.0759 5072 nvraid - ok
13:43:38.0766 5072 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:43:38.0767 5072 nvstor - ok
13:43:38.0775 5072 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:43:38.0776 5072 nv_agp - ok
13:43:38.0782 5072 NwlnkFlt - ok
13:43:38.0789 5072 NwlnkFwd - ok
13:43:38.0833 5072 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
13:43:38.0833 5072 ohci1394 - ok
13:43:38.0844 5072 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:43:38.0844 5072 Parport - ok
13:43:38.0852 5072 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
13:43:38.0853 5072 partmgr - ok
13:43:38.0863 5072 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
13:43:38.0864 5072 pci - ok
13:43:38.0872 5072 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
13:43:38.0872 5072 pciide - ok
13:43:38.0880 5072 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:43:38.0881 5072 pcmcia - ok
13:43:38.0904 5072 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:43:38.0912 5072 PEAUTH - ok
13:43:38.0938 5072 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
13:43:38.0939 5072 PptpMiniport - ok
13:43:38.0963 5072 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
13:43:38.0964 5072 Processor - ok
13:43:39.0009 5072 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
13:43:39.0011 5072 PSched - ok
13:43:39.0031 5072 PxHlpa64 (05f46042208e515b9c240aafc54e7aa2) C:\Windows\system32\Drivers\PxHlpa64.sys
13:43:39.0031 5072 PxHlpa64 - ok
13:43:39.0079 5072 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:43:39.0084 5072 ql2300 - ok
13:43:39.0092 5072 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:43:39.0093 5072 ql40xx - ok
13:43:39.0119 5072 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:43:39.0120 5072 QWAVEdrv - ok
13:43:39.0130 5072 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:43:39.0130 5072 RasAcd - ok
13:43:39.0145 5072 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:43:39.0147 5072 Rasl2tp - ok
13:43:39.0156 5072 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
13:43:39.0157 5072 RasPppoe - ok
13:43:39.0172 5072 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
13:43:39.0173 5072 RasSstp - ok
13:43:39.0197 5072 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
13:43:39.0201 5072 rdbss - ok
13:43:39.0209 5072 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:43:39.0209 5072 RDPCDD - ok
13:43:39.0239 5072 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:43:39.0240 5072 rdpdr - ok
13:43:39.0247 5072 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:43:39.0248 5072 RDPENCDD - ok
13:43:39.0257 5072 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
13:43:39.0261 5072 RDPWD - ok
13:43:39.0291 5072 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:43:39.0293 5072 rspndr - ok
13:43:39.0338 5072 RSUSBSTOR (1807ea271c9685a25571d94ae4e3a8dd) C:\Windows\system32\Drivers\RTS5121.sys
13:43:39.0339 5072 RSUSBSTOR - ok
13:43:39.0380 5072 RTL8187Se (462308d94e4e3318503267991b0cdc7f) C:\Windows\system32\DRIVERS\RTL8187Se.sys
13:43:39.0381 5072 RTL8187Se - ok
13:43:39.0388 5072 Rts516xIR - ok
13:43:39.0404 5072 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:43:39.0404 5072 sbp2port - ok
13:43:39.0434 5072 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:43:39.0434 5072 secdrv - ok
13:43:39.0448 5072 Serenum (2449316316411d65bd2c761a6ffb2ce2) C:\Windows\system32\DRIVERS\serenum.sys
13:43:39.0449 5072 Serenum - ok
13:43:39.0462 5072 Serial (4b438170be2fc8e0bd35ee87a960f84f) C:\Windows\system32\DRIVERS\serial.sys
13:43:39.0462 5072 Serial - ok
13:43:39.0469 5072 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:43:39.0470 5072 sermouse - ok
13:43:39.0482 5072 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:43:39.0482 5072 sffdisk - ok
13:43:39.0505 5072 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:43:39.0505 5072 sffp_mmc - ok
13:43:39.0512 5072 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:43:39.0513 5072 sffp_sd - ok
13:43:39.0520 5072 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:43:39.0520 5072 sfloppy - ok
13:43:39.0531 5072 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:43:39.0531 5072 SiSRaid2 - ok
13:43:39.0539 5072 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:43:39.0539 5072 SiSRaid4 - ok
13:43:39.0572 5072 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
13:43:39.0573 5072 Smb - ok
13:43:39.0587 5072 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
13:43:39.0587 5072 spldr - ok
13:43:39.0608 5072 SRTSP (7e4cc24a23262a84ae99dbffef69a6b0) C:\Windows\system32\Drivers\SRTSP64.SYS
13:43:39.0610 5072 SRTSP - ok
13:43:39.0641 5072 SRTSPL (8b1dedeba049a3e1daf8219eec87eb00) C:\Windows\system32\Drivers\SRTSPL64.SYS
13:43:39.0643 5072 SRTSPL - ok
13:43:39.0651 5072 SRTSPX (3db35652e4460da6730bb44908fa39cb) C:\Windows\system32\Drivers\SRTSPX64.SYS
13:43:39.0651 5072 SRTSPX - ok
13:43:39.0662 5072 srv (b02f20d0d581496b826e21f8572c62b0) C:\Windows\system32\DRIVERS\srv.sys
13:43:39.0668 5072 srv - ok
13:43:39.0676 5072 srv2 (68dcd148225f40ef1cdf6cfc115cb6fe) C:\Windows\system32\DRIVERS\srv2.sys
13:43:39.0679 5072 srv2 - ok
13:43:39.0687 5072 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
13:43:39.0689 5072 srvnet - ok
13:43:39.0715 5072 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:43:39.0716 5072 swenum - ok
13:43:39.0726 5072 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:43:39.0726 5072 Symc8xx - ok
13:43:39.0747 5072 SymEvent (70c8d165063eb76f1a373b74456d2aab) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
13:43:39.0748 5072 SymEvent - ok
13:43:39.0771 5072 SymIM (93526d381fcff03e666b767e2a920ac9) C:\Windows\system32\DRIVERS\SymIMv.sys
13:43:39.0771 5072 SymIM - ok
13:43:39.0780 5072 SYMREDRV (c082fc0d3dd1f990d120049a2285b33c) C:\Windows\System32\Drivers\SYMREDRV.SYS
13:43:39.0781 5072 SYMREDRV - ok
13:43:39.0801 5072 SYMTDI (4ea607f6fb7288acf624fa4078f93ac7) C:\Windows\System32\Drivers\SYMTDI.SYS
13:43:39.0802 5072 SYMTDI - ok
13:43:39.0810 5072 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:43:39.0810 5072 Sym_hi - ok
13:43:39.0819 5072 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:43:39.0819 5072 Sym_u3 - ok
13:43:39.0858 5072 Tcpip (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\drivers\tcpip.sys
13:43:39.0865 5072 Tcpip - ok
13:43:39.0899 5072 Tcpip6 (8e041924441ff8755e5b4f135c8c3767) C:\Windows\system32\DRIVERS\tcpip.sys
13:43:39.0905 5072 Tcpip6 - ok
13:43:39.0921 5072 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
13:43:39.0922 5072 tcpipreg - ok
13:43:39.0951 5072 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:43:39.0952 5072 TDPIPE - ok
13:43:39.0959 5072 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:43:39.0960 5072 TDTCP - ok
13:43:39.0967 5072 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
13:43:39.0969 5072 tdx - ok
13:43:39.0994 5072 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
13:43:39.0995 5072 TermDD - ok
13:43:40.0009 5072 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:43:40.0010 5072 tssecsrv - ok
13:43:40.0034 5072 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:43:40.0034 5072 tunmp - ok
13:43:40.0045 5072 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
13:43:40.0045 5072 tunnel - ok
13:43:40.0078 5072 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:43:40.0078 5072 uagp35 - ok
13:43:40.0088 5072 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
13:43:40.0092 5072 udfs - ok
13:43:40.0103 5072 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:43:40.0104 5072 uliagpkx - ok
13:43:40.0114 5072 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:43:40.0115 5072 uliahci - ok
13:43:40.0124 5072 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:43:40.0125 5072 UlSata - ok
13:43:40.0133 5072 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:43:40.0134 5072 ulsata2 - ok
13:43:40.0141 5072 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:43:40.0142 5072 umbus - ok
13:43:40.0173 5072 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:43:40.0175 5072 usbccgp - ok
13:43:40.0181 5072 USBCCID - ok
13:43:40.0190 5072 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
13:43:40.0190 5072 usbcir - ok
13:43:40.0208 5072 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
13:43:40.0209 5072 usbehci - ok
13:43:40.0218 5072 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
13:43:40.0221 5072 usbhub - ok
13:43:40.0253 5072 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
13:43:40.0253 5072 usbohci - ok
13:43:40.0266 5072 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:43:40.0266 5072 usbprint - ok
13:43:40.0273 5072 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:43:40.0275 5072 USBSTOR - ok
13:43:40.0304 5072 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:43:40.0305 5072 usbuhci - ok
13:43:40.0326 5072 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:43:40.0327 5072 vga - ok
13:43:40.0335 5072 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:43:40.0335 5072 VgaSave - ok
13:43:40.0341 5072 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:43:40.0342 5072 viaide - ok
13:43:40.0356 5072 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
13:43:40.0357 5072 volmgr - ok
13:43:40.0368 5072 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
13:43:40.0373 5072 volmgrx - ok
13:43:40.0383 5072 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
13:43:40.0387 5072 volsnap - ok
13:43:40.0414 5072 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:43:40.0415 5072 vsmraid - ok
13:43:40.0426 5072 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:43:40.0426 5072 WacomPen - ok
13:43:40.0458 5072 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:40.0459 5072 Wanarp - ok
13:43:40.0461 5072 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
13:43:40.0462 5072 Wanarpv6 - ok
13:43:40.0472 5072 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:43:40.0472 5072 Wd - ok
13:43:40.0503 5072 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:43:40.0514 5072 Wdf01000 - ok
13:43:40.0548 5072 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:43:40.0548 5072 WmiAcpi - ok
13:43:40.0581 5072 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:43:40.0582 5072 ws2ifsl - ok
13:43:40.0625 5072 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:43:40.0627 5072 WUDFRd - ok
13:43:40.0638 5072 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:43:40.0653 5072 \Device\Harddisk0\DR0 - ok
13:43:40.0655 5072 Boot (0x1200) (8b5d4dce11d7019b4c73f7bb3aa95e5a) \Device\Harddisk0\DR0\Partition0
13:43:40.0656 5072 \Device\Harddisk0\DR0\Partition0 - ok
13:43:40.0657 5072 ============================================================
13:43:40.0657 5072 Scan finished
13:43:40.0657 5072 ============================================================
13:43:40.0662 4248 Detected object count: 0
13:43:40.0662 4248 Actual detected object count: 0

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 19 October 2011 - 12:57 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 01:09 PM

Thanks again for all your time.


Windows IP Configuration

Host Name . . . . . . . . . . . . : Kevin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82567LF-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-22-68-39-59-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d19:89eb:3567:f18a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 19, 2011 2:05:52 AM
Lease Expires . . . . . . . . . . : Thursday, October 20, 2011 1:30:16 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1430:3d0:3f57:fefa(Preferred)
Link-local IPv6 Address . . . . . : fe80::1430:3d0:3f57:fefa%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.105
72.14.204.147
72.14.204.99
72.14.204.103
72.14.204.104

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70



Pinging google.com [72.14.204.99] with 32 bytes of data:

Reply from 72.14.204.99: bytes=32 time=8ms TTL=54

Reply from 72.14.204.99: bytes=32 time=8ms TTL=54



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 8ms, Maximum = 8ms, Average = 8ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=55ms TTL=51

Reply from 209.191.122.70: bytes=32 time=47ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 55ms, Average = 51ms

===========================================================================
Interface List
10 ...00 22 68 39 59 a8 ...... Intel® 82567LF-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.home
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 21
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 276
192.168.1.5 255.255.255.255 On-link 192.168.1.5 276
192.168.1.255 255.255.255.255 On-link 192.168.1.5 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:1430:3d0:3f57:fefa/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::1430:3d0:3f57:fefa/128
On-link
10 276 fe80::2d19:89eb:3567:f18a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 19 October 2011 - 01:19 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 01:28 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : Kevin-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Intel® 82567LF-2 Gigabit Network Connection
Physical Address. . . . . . . . . : 00-22-68-39-59-A8
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2d19:89eb:3567:f18a%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 19, 2011 2:24:02 PM
Lease Expires . . . . . . . . . . : Thursday, October 20, 2011 2:24:02 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:4f8:34d6:3f57:fefd(Preferred)
Link-local IPv6 Address . . . . . : fe80::4f8:34d6:3f57:fefd%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: google.com
Addresses: 72.14.204.147
72.14.204.99
72.14.204.103
72.14.204.104
72.14.204.105

Server: Wireless_Broadband_Router.home
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
98.139.180.149
209.191.122.70
67.195.160.76
72.30.2.43



Pinging google.com [72.14.204.103] with 32 bytes of data:

Reply from 72.14.204.103: bytes=32 time=12ms TTL=54

Reply from 72.14.204.103: bytes=32 time=10ms TTL=54



Ping statistics for 72.14.204.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 10ms, Maximum = 12ms, Average = 11ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=47ms TTL=51

Reply from 209.191.122.70: bytes=32 time=54ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 54ms, Average = 50ms

===========================================================================
Interface List
10 ...00 22 68 39 59 a8 ...... Intel® 82567LF-2 Gigabit Network Connection
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:4f8:34d6:3f57:fefd/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::4f8:34d6:3f57:fefd/128
On-link
10 276 fe80::2d19:89eb:3567:f18a/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 19 October 2011 - 02:41 PM

how are things doing now


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 03:20 PM

Just tried to log into use google to access facebook via click a link and it too me to topusaprizes.com then after hitting back and clicking again it took me to facebook. Seems as if the redirections are very hit or miss.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,773 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:01 PM

Posted 19 October 2011 - 09:29 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTListIt.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 nivekk91

nivekk91
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:01 PM

Posted 19 October 2011 - 09:46 PM

OTL logfile created on: 10/19/2011 10:43:29 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Kevin\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.99 Gb Total Physical Memory | 6.68 Gb Available Physical Memory | 74.28% Memory free
18.00 Gb Paging File | 15.85 Gb Available in Paging File | 88.09% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 698.54 Gb Total Space | 646.34 Gb Free Space | 92.53% Space Free | Partition Type: NTFS

Computer Name: KEVIN-PC | User Name: Kevin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kevin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Windows\mHotkey.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Windows\CNYHKey.exe (Creative)
PRC - C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Windows\ChiFuncExt.exe (Chicony)
PRC - C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
PRC - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Windows\ModLEDKey.exe (Chicony)


========== Modules (No Company Name) ==========

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Windows\mHotkey.exe ()
MOD - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\cryptocme2.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe ()
SRV:64bit: - (Ati External Event Utility) -- C:\Windows\SysNative\Ati2evxx.exe ()
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\Gateway Games\Gateway Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (LiveUpdate) -- c:\Program Files (x86)\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
SRV - (Automatic LiveUpdate Scheduler) -- c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
SRV - (LiveUpdate Notice) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (CLTNetCnService) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccSetMgr) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (ccEvtMgr) -- c:\Program Files (x86)\Common Files\Symantec Shared\ccSvcHst.exe (Symantec Corporation)
SRV - (Symantec Core LC) -- C:\Program Files (x86)\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (comHost) -- c:\Program Files (x86)\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (RTL8187Se) -- C:\Windows\SysNative\DRIVERS\RTL8187Se.sys ()
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\DRIVERS\atikmdag.sys ()
DRV:64bit: - (e1yexpress) Intel® -- C:\Windows\SysNative\DRIVERS\e1y60x64.sys ()
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\Drivers\RTS5121.sys ()
DRV:64bit: - (gwfilt64) -- C:\Windows\SysNative\drivers\gwfilt64.sys ()
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\DRIVERS\SymIMv.sys ()
DRV:64bit: - (SYMTDI) -- C:\Windows\SysNative\Drivers\SYMTDI.SYS ()
DRV:64bit: - (SYMREDRV) -- C:\Windows\SysNative\Drivers\SYMREDRV.SYS ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys ()
DRV:64bit: - (SRTSPL) -- C:\Windows\SysNative\Drivers\SRTSPL64.SYS ()
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\SRTSP64.SYS ()
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\SRTSPX64.SYS ()
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS ()
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys ()
DRV - (IDSvia64) -- C:\ProgramData\Symantec\Definitions\SymcData\ipsdefs\20080215.001\IDSviA64.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080213.036\EX64.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Symantec\Definitions\VirusDefs\20080213.036\ENG64.SYS (Symantec Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1676951889-258123732-715374635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1676951889-258123732-715374635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&s=1&o=vp64&d=1011&m=fx6800-01e
IE - HKU\S-1-5-21-1676951889-258123732-715374635-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKU\S-1-5-21-1676951889-258123732-715374635-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/11 17:18:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/10/11 17:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kevin\AppData\Roaming\Mozilla\Extensions
[2011/10/19 20:58:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/19 20:58:10 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/10/19 02:06:28 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Reg Error: Value error.) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.6.0_05\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\Program Files (x86)\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3:64bit: - HKU\S-1-5-21-1676951889-258123732-715374635-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL ()
O4:64bit: - HKLM..\Run: [Skytel] Skytel.exe File not found
O4 - HKLM..\Run: [LchDrvKey] C:\Windows\LchDrvKey.exe ()
O4 - HKLM..\Run: [LedKey] C:\Windows\CNYHKey.exe (Creative)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB X-Fi MB\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-21-1676951889-258123732-715374635-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\.DEFAULT..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-18..\RunOnce: [StartMSu] C:\Program Files (x86)\Creative\MediaSource5\Startmsu.exe (Creative Technology Ltd)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1676951889-258123732-715374635-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1676951889-258123732-715374635-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B60FA805-863C-4C84-9CF0-EA95A19405A8}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/19 22:42:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/10/19 20:57:52 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Skype
[2011/10/19 20:57:48 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/10/19 20:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/10/19 20:57:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/10/19 13:43:15 | 001,559,856 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\TDSSKiller.exe
[2011/10/19 02:26:37 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/10/19 02:23:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/10/19 02:23:29 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\temp
[2011/10/19 01:29:18 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/10/13 14:37:17 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2011/10/13 12:28:52 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/10/13 12:28:52 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/10/13 12:28:52 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/10/13 12:26:46 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/13 12:24:17 | 004,265,077 | R--- | C] (Swearware) -- C:\Users\Kevin\Desktop\ComboFix.exe
[2011/10/13 11:38:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Malwarebytes
[2011/10/13 11:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/10/13 11:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/10/13 11:38:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/10/12 23:45:48 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2011/10/12 21:29:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin\riotsGamesLogs
[2011/10/12 21:29:09 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\LolClient
[2011/10/12 14:01:47 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\GooredFix Backups
[2011/10/12 14:01:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Kevin\Desktop\GooredFix.exe
[2011/10/12 13:57:07 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/10/12 13:56:13 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTM.exe
[2011/10/12 13:55:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/10/12 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\WinRAR
[2011/10/12 13:53:23 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/12 13:53:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011/10/12 13:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/10/12 11:23:37 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/10/11 18:16:02 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2011/10/11 18:16:02 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2011/10/11 18:16:02 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2011/10/11 18:16:02 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2011/10/11 18:16:02 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2011/10/11 18:13:13 | 000,000,000 | ---D | C] -- C:\Riot Games
[2011/10/11 18:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games
[2011/10/11 17:35:41 | 000,000,000 | ---D | C] -- C:\Users\Kevin\Desktop\LeagueOfLegends
[2011/10/11 17:34:33 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\PMB Files
[2011/10/11 17:34:18 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files
[2011/10/11 17:34:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2011/10/11 17:33:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2011/10/11 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks
[2011/10/11 17:33:32 | 000,000,000 | ---D | C] -- C:\Program Files\ATI
[2011/10/11 17:32:02 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2011/10/11 17:30:56 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/11 17:30:36 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2011/10/11 17:29:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Adobe
[2011/10/11 17:21:02 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Macromedia
[2011/10/11 17:18:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Mozilla
[2011/10/11 17:18:43 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Mozilla
[2011/10/11 17:18:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011/10/11 17:16:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Adobe
[2011/10/11 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Google
[2011/10/11 17:16:51 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Google
[2011/10/11 17:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go
[2011/10/11 17:01:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartLauncher
[2011/10/11 17:01:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SmartCopy
[2011/10/11 17:01:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Northstar
[2011/10/11 16:58:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Realtek Card Reader
[2011/10/11 16:57:29 | 000,339,968 | ---- | C] (Creative) -- C:\Windows\CNYHKey.exe
[2011/10/11 16:57:29 | 000,057,344 | ---- | C] (Chicony) -- C:\Windows\ChiFuncExt.exe
[2011/10/11 16:57:29 | 000,053,248 | ---- | C] (Chicony) -- C:\Windows\ModLEDKey.exe
[2011/10/11 16:57:20 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\InstallShield
[2011/10/11 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\ATI
[2011/10/11 16:56:56 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\ATI
[2011/10/11 16:56:56 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/11 16:56:55 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Symantec
[2011/10/11 16:56:29 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011/10/11 16:56:29 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Searches
[2011/10/11 16:56:29 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011/10/11 16:56:18 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Identities
[2011/10/11 16:56:15 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Contacts
[2011/10/11 16:56:13 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\VirtualStore
[2011/10/11 16:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\eBay
[2011/10/11 16:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Google
[2011/10/11 16:53:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Temporary Internet Files
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Templates
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Start Menu
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\SendTo
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Recent
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\PrintHood
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\NetHood
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Videos
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Pictures
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Documents\My Music
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\My Documents
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Local Settings
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\History
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Cookies
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\Application Data
[2011/10/11 16:52:39 | 000,000,000 | -HSD | C] -- C:\Users\Kevin\AppData\Local\Application Data
[2011/10/11 16:52:38 | 000,000,000 | --SD | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Videos
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Saved Games
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Pictures
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Music
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Links
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Favorites
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Downloads
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Documents
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\Desktop
[2011/10/11 16:52:38 | 000,000,000 | R--D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011/10/11 16:52:38 | 000,000,000 | -H-D | C] -- C:\Users\Kevin\AppData
[2011/10/11 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Local\Microsoft
[2011/10/11 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Media Center Programs
[2011/10/11 16:52:38 | 000,000,000 | ---D | C] -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Templates
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Start Menu
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Videos
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Pictures
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\My Music
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favorites
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Documents
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Desktop
[2011/10/11 16:47:11 | 000,000,000 | -HSD | C] -- C:\ProgramData\Application Data

========== Files - Modified Within 30 Days ==========

[2011/10/19 22:41:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTL.exe
[2011/10/19 22:12:45 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 22:12:45 | 000,004,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/19 21:47:01 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/19 20:57:48 | 000,001,890 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/19 20:12:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/10/19 13:55:38 | 001,559,856 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kevin\Desktop\TDSSKiller.exe
[2011/10/19 13:47:01 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/19 02:10:45 | 000,690,960 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/10/19 02:10:45 | 000,595,446 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/10/19 02:10:45 | 000,101,144 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/10/19 02:06:28 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/10/19 02:05:47 | 1064,484,862 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/18 21:09:05 | 004,265,077 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\ComboFix.exe
[2011/10/13 14:37:02 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Kevin\Desktop\dds.scr
[2011/10/13 11:38:05 | 000,000,950 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/12 14:03:38 | 001,541,309 | ---- | M] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2011/10/12 14:00:48 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Kevin\Desktop\GooredFix.exe
[2011/10/12 13:55:45 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin\Desktop\OTM.exe
[2011/10/11 18:16:04 | 000,001,670 | ---- | M] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/11 17:46:25 | 000,047,092 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011/10/11 17:37:02 | 000,000,159 | RH-- | M] () -- C:\Windows\ctfile.rfc
[2011/10/11 17:35:09 | 000,525,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\DIFxAPI.dll
[2011/10/11 17:33:55 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin
[2011/10/11 17:30:56 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011/10/11 17:18:41 | 000,000,914 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/11 17:18:41 | 000,000,890 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/11 17:06:49 | 000,295,384 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/10/11 17:04:04 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\Gateway_FX6800-01e__PTG410X001847087B82700.MRK
[2011/10/11 16:58:28 | 000,001,816 | ---- | M] () -- C:\Users\Public\Desktop\Rcc.lnk
[2011/10/11 16:56:42 | 000,000,975 | ---- | M] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/05 10:09:48 | 048,324,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mrt.exe

========== Files Created - No Company Name ==========

[2011/10/19 20:57:48 | 000,001,890 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011/10/13 12:28:52 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/10/13 12:28:52 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/10/13 12:28:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/10/13 12:28:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/10/13 12:28:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/10/13 11:38:05 | 000,000,950 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/10/13 11:38:01 | 000,025,416 | ---- | C] () -- C:\Windows\SysNative\drivers\mbam.sys
[2011/10/12 14:04:04 | 001,541,309 | ---- | C] () -- C:\Users\Kevin\Desktop\tdsskiller.zip
[2011/10/12 11:32:18 | 000,000,898 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/12 11:32:18 | 000,000,894 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/11 18:16:04 | 000,001,670 | ---- | C] () -- C:\Users\Public\Desktop\Play League of Legends.lnk
[2011/10/11 17:33:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/10/11 17:18:41 | 000,000,914 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/11 17:18:41 | 000,000,902 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2011/10/11 17:18:41 | 000,000,890 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2011/10/11 17:04:05 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\drivers\Gateway_FX6800-01e__PTG410X001847087B82700.MRK
[2011/10/11 16:58:28 | 000,001,816 | ---- | C] () -- C:\Users\Public\Desktop\Rcc.lnk
[2011/10/11 16:57:46 | 006,172,160 | ---- | C] () -- C:\Windows\SysNative\RTS5121icon.dll
[2011/10/11 16:57:46 | 000,349,184 | ---- | C] () -- C:\Windows\SysNative\rts5121.dll
[2011/10/11 16:57:46 | 000,204,288 | ---- | C] () -- C:\Windows\SysNative\drivers\RTS5121.sys
[2011/10/11 16:57:29 | 000,581,120 | ---- | C] () -- C:\Windows\mHotkey.exe
[2011/10/11 16:57:29 | 000,294,912 | ---- | C] () -- C:\Windows\PIC.dll
[2011/10/11 16:57:29 | 000,036,864 | ---- | C] () -- C:\Windows\LchDrvKey.exe
[2011/10/11 16:57:29 | 000,003,088 | ---- | C] () -- C:\Windows\MODLED.xml
[2011/10/11 16:57:29 | 000,003,084 | ---- | C] () -- C:\Windows\mHotkey.xml
[2011/10/11 16:57:29 | 000,000,870 | ---- | C] () -- C:\Windows\mhotkey_reg.ini
[2011/10/11 16:56:42 | 000,000,951 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011/10/11 16:56:32 | 000,000,981 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2011/10/11 16:56:27 | 000,000,976 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011/10/11 16:56:15 | 000,000,917 | ---- | C] () -- C:\Users\Kevin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows Mail.lnk
[2011/10/11 16:54:40 | 1064,484,862 | -HS- | C] () -- C:\hiberfil.sys
[2011/10/11 16:54:05 | 000,000,975 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/11 16:52:38 | 000,000,258 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2011/10/11 16:52:38 | 000,000,240 | ---- | C] () -- C:\Users\Kevin\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2008/09/24 02:18:03 | 003,107,788 | ---- | C] () -- C:\Windows\SysWow64\atiumdva.dat
[2008/01/26 17:44:44 | 000,001,324 | ---- | C] () -- C:\Windows\FF08_not_Spk_Hp.ini
[2008/01/26 17:44:44 | 000,001,269 | ---- | C] () -- C:\Windows\FF08_Render_Spk_Hp.ini
[2008/01/26 17:44:25 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2008/01/26 17:44:25 | 000,071,680 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2008/01/20 22:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 22:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2008/01/20 22:49:13 | 000,100,043 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2006/11/02 11:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 08:26:55 | 000,018,271 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

< End of report >




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users