Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with TDSS? google keeps redirecting


  • This topic is locked This topic is locked
9 replies to this topic

#1 ysm7997

ysm7997

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 22 October 2011 - 07:20 PM

I believe my PC is infected with a TDSS according to what I have read on the forums. However I tried to run the TDSSKiller and it found nothing. Basically, EVERY time I click on a google link I am redirected. this has been happening for a month now however it has gotten consistently worse. Initially, it would only redirect sometimes, it would redirect me, I would hit the back button,click on my link again and have access...but as of yesterday it changed. Now it is almost EVERYTIME! No matter how many times I hit the back button or re-click, its sending me elsewhere. the only way I can get to a link is to copy and paste the address. The only time it works the first go round is when I open a new browser window (I'm notorious for having 20tabs open). But even with the new browser window it only works a couple times before the same redirect behavior begins again.

There is a specific address that pops up each time after I click on the link, before it sends me to the final redirected destination: njksearch.net
the rest of the address was a series of numbers I wasn't able to get.

Just to provide some background info, in addition to the redirects, about 2 to 3 weeks ago I was experiencing a virus telling me my computer was infected and I needed to perform a scan or update my anti-virus, or something to that effect. I knew it was a virus bc it would take over and not let me leave the page or do anything on my pc until I clicked cancel, or "no stay infected" etc. The program would then put about 8 pop up screens all over my window as I was attempting to leave the page, i would have to hit escape to exit. The virus said it was apart of CLOUD? At the same time that this was going on, randomly as I attempted to leave some redirect sites, a popup would come up saying "You are our new winner", and as I clicked 'X', another pop up wpuld appear saying WAIT WAIT don't leave. A bunch of junk, but the same each time.

So here's what I did, I performed some system recovery operations on my pc a few times, which I though got rid of most of the stuff. However, I did not save my recovery points so each time I did a subsequent recovery, the date would be for a later date which I think caused me to keep some of the viruses. IDK. I just know I am not seeing those popups as much but I did see them yesterday for the first time in a few days, the redirects however, never stopped, they got worse. But up until yesterday I thought they were some sick marketing scheme from Google not a virus. Now I think its all related.

Also somehow, a company called Blinkx put its screen saver on my pc. I went in and deleted it yesterday and thats when my redirects got worse, i dont remember at what point I got the blinkx on there. All I know is it appears that some of these so-called java updates and windows updates I have received were not really java and windows and I am confused on how to know the difference. I know its a lot, but hopefully it makes sense and is all connected, please help. I am running Windows 7 and I use Mozilla firefox. The DDS log is below:



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Shante at 18:35:41 on 2011-10-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.475 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Users\Shante\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\windows\helppane.exe
C:\Users\Shante\AppData\Local\Temp\0.9769029124922984exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\windows\system32\conhost.exe
C:\Users\Shante\AppData\Local\volmgr.exe
C:\Users\Shante\Downloads\Kdirect.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\Shante\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON NX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\windows\TEMP\E_S11F0.tmp" /EF "HKCU"
uRun: [usrCommsSupport] rundll32.exe "C:\Users\Shante\AppData\Local\acxMapusb\usrCommsSupport.dll",DfrgWebdsc SystemcrtPlay
uRun: [winupd] C:\Users\Shante\AppData\Local\Temp\winupd.exe
uRun: [volmgr] C:\Users\Shante\AppData\Local\volmgr.exe
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Shante\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Shante\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupd.lnk - C:\Users\Shante\AppData\Local\Temp\winupd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{660CA1E8-8C47-4583-B432-92B3C3E7DE8F} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554132303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554335343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554931343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554933363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\4786F6D6163793 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\C696E6B6379737 : DhcpNameServer = 68.94.156.1 151.164.8.201
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110824&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Shante\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: SmartDeals: smartdeals@smart-deals.com - %profile%\extensions\smartdeals@smart-deals.com
FF - Ext: SmartDeals: smartdeals@smart-deals.com_temp - %profile%\extensions\smartdeals@smart-deals.com_temp
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101224.001\IDSviA64.sys [2010-12-24 476792]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S3 bcm;WiMAX Network Adapter;C:\windows\system32\DRIVERS\drxvi314_64.sys --> C:\windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\windows\system32\DRIVERS\cm_ser.sys --> C:\windows\system32\DRIVERS\cm_ser.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-26 132656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-10-22 02:47:22 24064 --sh--w- C:\Users\Shante\AppData\Local\volmgr.dll
2011-10-22 02:47:21 68096 --sh--w- C:\Users\Shante\AppData\Local\volmgr.exe
2011-10-17 00:45:14 -------- d-----w- C:\Users\Shante\AppData\Roaming\zCkVlBx0ci
2011-10-17 00:45:07 -------- d-----w- C:\Users\Shante\AppData\Roaming\Ju23GaQQH6dK7R9
2011-10-17 00:45:05 -------- d-----w- C:\Users\Shante\AppData\Roaming\GdddEEK8gR
2011-10-05 19:31:26 703488 ----a-w- C:\windows\System32\xvidcore.dll
2011-10-05 19:31:26 255488 ----a-w- C:\windows\System32\xvidvfw.dll
2011-10-05 19:31:26 173056 ----a-w- C:\windows\System32\xvid.ax
2011-10-05 19:31:25 650752 ----a-w- C:\windows\SysWow64\xvidcore.dll
2011-10-05 19:31:25 240640 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2011-10-05 19:31:25 152064 ----a-w- C:\windows\SysWow64\xvid.ax
2011-10-05 19:31:25 -------- d-----w- C:\Program Files (x86)\Xvid
2011-10-05 19:30:34 -------- d-----w- C:\Users\Shante\AppData\Local\Real
2011-10-05 19:30:11 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-10-05 19:29:51 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-10-05 19:29:41 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-05 19:29:34 107008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-04 17:07:58 -------- d-----w- C:\Users\Shante\AppData\Roaming\xWK7fEL9gZjCkV
2011-10-04 17:07:57 -------- d-----w- C:\Users\Shante\AppData\Roaming\BtxA0ucS2b3n4Q6
2011-10-04 08:41:04 -------- d--h--w- C:\Program Files (x86)\Minibar
2011-10-04 08:41:02 -------- d--h--w- C:\Program Files (x86)\FaceSmooch Smileys
2011-10-04 07:59:06 -------- d-----w- C:\Users\Shante\AppData\Roaming\iccAAiiD2npmHQd
2011-10-04 07:59:06 -------- d-----w- C:\Users\Shante\AppData\Roaming\A88gRZhYXkUVltP
2011-10-04 07:58:56 -------- d-----w- C:\Users\Shante\AppData\Roaming\PAAA1vv2oFpm5J7
2011-10-04 07:58:55 -------- d-----w- C:\Users\Shante\AppData\Roaming\ES11vD3oFmH5J7E
2011-10-04 04:21:00 -------- d-----w- C:\Users\Shante\AppData\Roaming\EkrBPcio4Hs7LZY
2011-10-04 04:20:59 -------- d-----w- C:\Users\Shante\AppData\Roaming\Gkt013Gms7
2011-10-03 19:37:53 -------- d--h--w- C:\windows\$BLSTUN$
2011-10-03 19:01:21 -------- d-----w- C:\Users\Shante\AppData\Roaming\utyc1oFmGdEKZhw
2011-10-03 19:01:20 -------- d-----w- C:\Users\Shante\AppData\Roaming\hddRZYXwV
2011-10-03 19:01:12 -------- d-----w- C:\Users\Shante\AppData\Roaming\zBBrrzONyx
2011-10-03 18:56:51 -------- d-----we C:\windows\system64
2011-10-02 05:01:27 -------- d-----w- C:\Users\Shante\AppData\Local\DDMSettings
2011-10-02 04:45:24 -------- d--h--w- C:\Program Files\DivX
2011-10-02 04:45:10 -------- d--h--w- C:\Program Files (x86)\Common Files\DivX Shared
2011-10-02 04:44:12 -------- d-----w- C:\Program Files (x86)\DivX
2011-10-02 04:26:51 -------- d--h--w- C:\ProgramData\DivX
.
==================== Find3M ====================
.
2011-10-05 19:29:27 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-10-05 19:29:27 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-09-29 00:21:46 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-21 02:19:04 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-09-21 02:19:04 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
.
============= FINISH: 18:38:11.90 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,669 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:13 PM

Posted 27 October 2011 - 07:25 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/424594 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 ysm7997

ysm7997
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 28 October 2011 - 12:20 AM

I still need help PLEASE DDS Below



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_22
Run by Shante at 18:35:41 on 2011-10-22
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.1787.475 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Outdated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\atieclxx.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
C:\Windows\System32\rundll32.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\windows\system32\wuauclt.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
C:\windows\splwow64.exe
C:\Users\Shante\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\windows\helppane.exe
C:\Users\Shante\AppData\Local\Temp\0.9769029124922984exe
C:\PROGRA~2\Java\jre6\bin\jp2launcher.exe
C:\Program Files (x86)\Java\jre6\bin\java.exe
C:\windows\system32\conhost.exe
C:\Users\Shante\AppData\Local\volmgr.exe
C:\Users\Shante\Downloads\Kdirect.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: TOSHIBA Media Controller Plug-in: {f3c88694-effa-4d78-b409-54b7b2535b14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
uRun: [Google Update] "C:\Users\Shante\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON NX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\windows\TEMP\E_S11F0.tmp" /EF "HKCU"
uRun: [usrCommsSupport] rundll32.exe "C:\Users\Shante\AppData\Local\acxMapusb\usrCommsSupport.dll",DfrgWebdsc SystemcrtPlay
uRun: [winupd] C:\Users\Shante\AppData\Local\Temp\winupd.exe
uRun: [volmgr] C:\Users\Shante\AppData\Local\volmgr.exe
uRunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe -update plugin
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
StartupFolder: C:\Users\Shante\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\Users\Shante\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupd.lnk - C:\Users\Shante\AppData\Local\Temp\winupd.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{660CA1E8-8C47-4583-B432-92B3C3E7DE8F} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554132303 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554335343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554931343 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\2375942554933363 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\4786F6D6163793 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}\C696E6B6379737 : DhcpNameServer = 68.94.156.1 151.164.8.201
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEPlg.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe" UNATTENDED
mRun-x64: [EEventManager] C:\PROGRA~2\EPSONS~1\EVENTM~1\EEventManager.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110824&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Shante\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: SmartDeals: smartdeals@smart-deals.com - %profile%\extensions\smartdeals@smart-deals.com
FF - Ext: SmartDeals: smartdeals@smart-deals.com_temp - %profile%\extensions\smartdeals@smart-deals.com_temp
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-22 953904]
R1 ccHP;Symantec Hash Provider;C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys --> C:\windows\system32\drivers\NISx64\1108000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101224.001\IDSviA64.sys [2010-12-24 476792]
R1 SymIRON;Symantec Iron Driver;C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS --> C:\windows\system32\drivers\NISx64\1108000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS --> C:\windows\system32\Drivers\NISx64\1108000.005\SYMTDIV.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R3 amdkmdag;amdkmdag;C:\windows\system32\DRIVERS\atipmdag.sys --> C:\windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\windows\system32\DRIVERS\atikmpag.sys --> C:\windows\system32\DRIVERS\atikmpag.sys [?]
R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
S3 bcm;WiMAX Network Adapter;C:\windows\system32\DRIVERS\drxvi314_64.sys --> C:\windows\system32\DRIVERS\drxvi314_64.sys [?]
S3 bcmbusctr;WiMAX Bus Driver;C:\windows\system32\DRIVERS\BcmBusCtr_64.sys --> C:\windows\system32\DRIVERS\BcmBusCtr_64.sys [?]
S3 cm_ser;C-motech USB Serial Port2 Driver;C:\windows\system32\DRIVERS\cm_ser.sys --> C:\windows\system32\DRIVERS\cm_ser.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-26 132656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
.
=============== Created Last 30 ================
.
2011-10-22 02:47:22 24064 --sh--w- C:\Users\Shante\AppData\Local\volmgr.dll
2011-10-22 02:47:21 68096 --sh--w- C:\Users\Shante\AppData\Local\volmgr.exe
2011-10-17 00:45:14 -------- d-----w- C:\Users\Shante\AppData\Roaming\zCkVlBx0ci
2011-10-17 00:45:07 -------- d-----w- C:\Users\Shante\AppData\Roaming\Ju23GaQQH6dK7R9
2011-10-17 00:45:05 -------- d-----w- C:\Users\Shante\AppData\Roaming\GdddEEK8gR
2011-10-05 19:31:26 703488 ----a-w- C:\windows\System32\xvidcore.dll
2011-10-05 19:31:26 255488 ----a-w- C:\windows\System32\xvidvfw.dll
2011-10-05 19:31:26 173056 ----a-w- C:\windows\System32\xvid.ax
2011-10-05 19:31:25 650752 ----a-w- C:\windows\SysWow64\xvidcore.dll
2011-10-05 19:31:25 240640 ----a-w- C:\windows\SysWow64\xvidvfw.dll
2011-10-05 19:31:25 152064 ----a-w- C:\windows\SysWow64\xvid.ax
2011-10-05 19:31:25 -------- d-----w- C:\Program Files (x86)\Xvid
2011-10-05 19:30:34 -------- d-----w- C:\Users\Shante\AppData\Local\Real
2011-10-05 19:30:11 11776 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
2011-10-05 19:29:51 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-10-05 19:29:41 150696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
2011-10-05 19:29:34 107008 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
2011-10-04 17:07:58 -------- d-----w- C:\Users\Shante\AppData\Roaming\xWK7fEL9gZjCkV
2011-10-04 17:07:57 -------- d-----w- C:\Users\Shante\AppData\Roaming\BtxA0ucS2b3n4Q6
2011-10-04 08:41:04 -------- d--h--w- C:\Program Files (x86)\Minibar
2011-10-04 08:41:02 -------- d--h--w- C:\Program Files (x86)\FaceSmooch Smileys
2011-10-04 07:59:06 -------- d-----w- C:\Users\Shante\AppData\Roaming\iccAAiiD2npmHQd
2011-10-04 07:59:06 -------- d-----w- C:\Users\Shante\AppData\Roaming\A88gRZhYXkUVltP
2011-10-04 07:58:56 -------- d-----w- C:\Users\Shante\AppData\Roaming\PAAA1vv2oFpm5J7
2011-10-04 07:58:55 -------- d-----w- C:\Users\Shante\AppData\Roaming\ES11vD3oFmH5J7E
2011-10-04 04:21:00 -------- d-----w- C:\Users\Shante\AppData\Roaming\EkrBPcio4Hs7LZY
2011-10-04 04:20:59 -------- d-----w- C:\Users\Shante\AppData\Roaming\Gkt013Gms7
2011-10-03 19:37:53 -------- d--h--w- C:\windows\$BLSTUN$
2011-10-03 19:01:21 -------- d-----w- C:\Users\Shante\AppData\Roaming\utyc1oFmGdEKZhw
2011-10-03 19:01:20 -------- d-----w- C:\Users\Shante\AppData\Roaming\hddRZYXwV
2011-10-03 19:01:12 -------- d-----w- C:\Users\Shante\AppData\Roaming\zBBrrzONyx
2011-10-03 18:56:51 -------- d-----we C:\windows\system64
2011-10-02 05:01:27 -------- d-----w- C:\Users\Shante\AppData\Local\DDMSettings
2011-10-02 04:45:24 -------- d--h--w- C:\Program Files\DivX
2011-10-02 04:45:10 -------- d--h--w- C:\Program Files (x86)\Common Files\DivX Shared
2011-10-02 04:44:12 -------- d-----w- C:\Program Files (x86)\DivX
2011-10-02 04:26:51 -------- d--h--w- C:\ProgramData\DivX
.
==================== Find3M ====================
.
2011-10-05 19:29:27 499712 ----a-w- C:\windows\SysWow64\msvcp71.dll
2011-10-05 19:29:27 348160 ----a-w- C:\windows\SysWow64\msvcr71.dll
2011-09-29 00:21:46 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-21 02:19:04 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-09-21 02:19:04 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
.
============= FINISH: 18:38:11.90 ===============

Attached Files



#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 28 October 2011 - 12:17 PM

Hello ysm7997,

Apologies for the delay.

  • Please download MBRCheck by clicking here and save it to your desktop.
    • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt).
    • A window will open on your desktop.
    • If an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
    • If nothing unusual is found just press Enter.
    • A .txt file named MBRCheck_mm.dd.yy_hh.mm.txt should appear on your desktop.
    • Please post the contents of that file in your next reply.
    Please download OTL by OldTimer.
    • Save it to your desktop.
    • Double click on the OTL icon on your desktop.
    • Check the "Scan All Users" checkbox.
    • Check the "Standard Output".
    • Click Run Scan button.
    • Two reports will open:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
  • Copy and paste OTL.txt and attach Extra.txt to your reply.


#5 ysm7997

ysm7997
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 28 October 2011 - 09:15 PM

No problem. Now, strangely enough GOOGLE is not working for me at all. Cannot use the search bar in my toolbar, and can't even load the actual google page. every attempt results in 504 Gateway Timeout msg? Gmail works and all other search engines like bing and yahoo work, And yes my links are redirected there as well but they still work. Not sure if this is related but cannot wait to get this repair going. The MBRCheck and OTL txts are below as requested and the otl attachment is attached.

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: TOSHIBA
BIOS Manufacturer: Insyde Corp.
System Manufacturer: TOSHIBA
System Product Name: Satellite C655D
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 160):
0x02A60000 \SystemRoot\system32\ntoskrnl.exe
0x02A17000 \SystemRoot\system32\hal.dll
0x00BC5000 \SystemRoot\system32\kdcom.dll
0x00CA8000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00CB5000 \SystemRoot\system32\PSHED.dll
0x00CC9000 \SystemRoot\system32\CLFS.SYS
0x00D27000 \SystemRoot\system32\CI.dll
0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DE7000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E8D000 \SystemRoot\system32\drivers\ACPI.sys
0x00EE4000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00EED000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EF7000 \SystemRoot\system32\drivers\pci.sys
0x00F2A000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F37000 \SystemRoot\System32\drivers\partmgr.sys
0x00F4C000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00F55000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00F61000 \SystemRoot\system32\drivers\volmgr.sys
0x00F76000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FD2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00FEC000 \SystemRoot\system32\drivers\pciide.sys
0x00E00000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00E10000 \SystemRoot\system32\drivers\atapi.sys
0x00E19000 \SystemRoot\system32\drivers\ataport.SYS
0x00E43000 \SystemRoot\system32\drivers\msahci.sys
0x00E4E000 \SystemRoot\system32\drivers\amdxata.sys
0x010DA000 \SystemRoot\system32\drivers\fltmgr.sys
0x01126000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMDS64.SYS
0x01194000 \SystemRoot\system32\drivers\fileinfo.sys
0x011A8000 \SystemRoot\system32\drivers\NISx64\1108000.005\SYMEFA64.SYS
0x01209000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x013AC000 \SystemRoot\System32\Drivers\ksecdd.sys
0x0105E000 \SystemRoot\System32\Drivers\cng.sys
0x013C7000 \SystemRoot\System32\drivers\pcw.sys
0x013D8000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01487000 \SystemRoot\system32\drivers\ndis.sys
0x0157A000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01609000 \SystemRoot\System32\drivers\tcpip.sys
0x0180D000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01857000 \SystemRoot\system32\drivers\volsnap.sys
0x018A3000 \SystemRoot\system32\DRIVERS\TVALZ_O.SYS
0x018A8000 \SystemRoot\System32\Drivers\spldr.sys
0x018B0000 \SystemRoot\System32\drivers\rdyboost.sys
0x018EA000 \SystemRoot\System32\Drivers\mup.sys
0x018FC000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01905000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0193F000 \SystemRoot\system32\DRIVERS\disk.sys
0x01955000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01985000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
0x019C5000 \SystemRoot\system32\drivers\cdrom.sys
0x019EF000 \SystemRoot\System32\Drivers\Null.SYS
0x019F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x0142B000 \SystemRoot\System32\drivers\vga.sys
0x01439000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0145E000 \SystemRoot\System32\drivers\watchdog.sys
0x01600000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0146E000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01477000 \SystemRoot\system32\drivers\rdprefmp.sys
0x015DA000 \SystemRoot\System32\Drivers\Msfs.SYS
0x015E5000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00E59000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013E2000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CD4000 \SystemRoot\System32\Drivers\NISx64\1108000.005\SYMTDIV.SYS
0x02D4A000 \??\C:\windows\system32\Drivers\SYMEVENT64x86.SYS
0x02C00000 \SystemRoot\system32\drivers\afd.sys
0x02C89000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D80000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D89000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02DAF000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x02DC5000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DD4000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x011E3000 \SystemRoot\system32\drivers\termdd.sys
0x0366D000 \SystemRoot\system32\drivers\NISx64\1108000.005\Ironx64.SYS
0x03694000 \SystemRoot\system32\drivers\NISx64\1108000.005\SRTSPX64.SYS
0x036A8000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036F9000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03705000 \SystemRoot\system32\drivers\mssmbios.sys
0x03710000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101224.001\IDSvia64.sys
0x03AE4000 \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
0x03B5A000 \SystemRoot\System32\drivers\discache.sys
0x03B69000 \SystemRoot\System32\Drivers\dfsc.sys
0x03A00000 \SystemRoot\system32\drivers\NISx64\1108000.005\ccHPx64.sys
0x03A9C000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03CB0000 \??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys
0x03D9D000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03DC3000 \SystemRoot\system32\DRIVERS\FwLnk.sys
0x03DCB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x04825000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x04E94000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04F88000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04200000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
0x0422C000 \SystemRoot\system32\DRIVERS\tdcmdpst.sys
0x04236000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x03C34000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043D9000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04FCE000 \SystemRoot\system32\drivers\HDAudBus.sys
0x04800000 \SystemRoot\system32\drivers\i8042prt.sys
0x043EA000 \SystemRoot\system32\drivers\kbdclass.sys
0x03B87000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x043F9000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C8A000 \SystemRoot\system32\drivers\mouclass.sys
0x043FB000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x03C99000 \SystemRoot\system32\drivers\CompositeBus.sys
0x03DE0000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x03BD9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04241000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x03AAD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x0378B000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x037A6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x037C7000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x0481E000 \SystemRoot\system32\drivers\swenum.sys
0x03600000 \SystemRoot\system32\drivers\ks.sys
0x03643000 \SystemRoot\system32\drivers\umbus.sys
0x044C6000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04520000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04535000 \SystemRoot\system32\drivers\CHDRT64.sys
0x04400000 \SystemRoot\system32\drivers\portcls.sys
0x0443D000 \SystemRoot\system32\drivers\drmk.sys
0x0445F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04465000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x04482000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04490000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x0449C000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x044A7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x044BA000 \SystemRoot\System32\drivers\Dxapi.sys
0x045E8000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00440000 \SystemRoot\System32\TSDDD.dll
0x00670000 \SystemRoot\System32\cdd.dll
0x0198D000 \SystemRoot\system32\drivers\luafv.sys
0x026CC000 \SystemRoot\system32\drivers\WudfPf.sys
0x026ED000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02702000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02755000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x02768000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02600000 \SystemRoot\system32\drivers\HTTP.sys
0x02780000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0279E000 \SystemRoot\System32\drivers\mpsdrv.sys
0x027B6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x038A4000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x038F2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03916000 \SystemRoot\system32\drivers\peauth.sys
0x039BC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x039C7000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03800000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03812000 \SystemRoot\System32\DRIVERS\srv2.sys
0x05613000 \SystemRoot\System32\DRIVERS\srv.sys
0x05723000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x0424D000 \SystemRoot\system32\DRIVERS\athrx.sys
0x0576A000 \SystemRoot\system32\DRIVERS\vwifibus.sys
0x0572E000 \SystemRoot\System32\Drivers\fastfat.SYS
0x0577F000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x05787000 \SystemRoot\System32\Drivers\RootMdm.sys
0x0578F000 \SystemRoot\system32\drivers\modem.sys
0x77C00000 \Windows\System32\ntdll.dll
0x47A40000 \Windows\System32\smss.exe
0xFFF20000 \Windows\System32\apisetschema.dll

Processes (total 111):
0 System Idle Process
4 System
264 C:\Windows\System32\smss.exe
368 csrss.exe
440 C:\Windows\System32\wininit.exe
452 csrss.exe
512 C:\Windows\System32\winlogon.exe
548 C:\Windows\System32\services.exe
564 C:\Windows\System32\lsass.exe
572 C:\Windows\System32\lsm.exe
692 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\svchost.exe
828 C:\Windows\System32\atiesrxx.exe
908 C:\Windows\System32\svchost.exe
944 C:\Windows\System32\svchost.exe
984 C:\Windows\System32\svchost.exe
376 C:\Windows\System32\svchost.exe
636 C:\Windows\System32\svchost.exe
1116 C:\Windows\System32\atieclxx.exe
1248 C:\Windows\System32\spoolsv.exe
1280 C:\Windows\System32\svchost.exe
1376 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
1404 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
1476 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
1512 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
1580 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
1696 C:\PROGRA~2\PHAROS~1\Core\CTskMstr.exe
1980 C:\Windows\System32\TODDSrv.exe
2020 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
2056 C:\Windows\System32\SearchIndexer.exe
1712 C:\Windows\System32\svchost.exe
1760 C:\Program Files\Windows Media Player\wmpnetwk.exe
3020 C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
3088 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
3452 C:\Windows\System32\dwm.exe
3496 C:\Windows\explorer.exe
3304 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
620 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe
3380 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
1716 C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
3708 C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
2824 C:\Windows\System32\spool\drivers\x64\3\E_IATIFBA.EXE
3728 C:\Windows\System32\rundll32.exe
3656 C:\Windows\SysWOW64\rundll32.exe
3648 C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
3736 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3676 C:\Windows\System32\wuauclt.exe
3216 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
3424 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
2184 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
3436 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
612 C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
4164 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4776 C:\Windows\System32\svchost.exe
4908 C:\Windows\System32\svchost.exe
5020 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3832 C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
4436 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
2952 C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
680 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE
7508 C:\Windows\splwow64.exe
8524 C:\Users\Shante\AppData\Local\volmgr.exe
7076 C:\Program Files (x86)\Real\RealUpgrade\realupgrade.exe
5140 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
9872 C:\Program Files\TOSHIBA\BulletinBoard\TosBulletinBoard.exe
10728 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
8420 C:\Windows\SysWOW64\notepad.exe
9948 C:\Windows\SysWOW64\notepad.exe
7792 C:\Program Files\TOSHIBA\ReelTime\TosReelTime.exe
5900 C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
7784 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
5080 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
11316 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
6756 C:\Users\Shante\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
11348 C:\Windows\SysWOW64\rundll32.exe
7100 C:\Program Files (x86)\Internet Explorer\iexplore.exe
5372 C:\Program Files (x86)\Internet Explorer\iexplore.exe
10624 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
10292 D:\start.exe
6696 C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
8520 C:\Windows\SysWOW64\notepad.exe
9968 C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
3864 C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
9440 C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
8936 C:\Windows\System32\dinotify.exe
9480 C:\Windows\System32\taskeng.exe
2380 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
9352 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11844 C:\Windows\System32\audiodg.exe
10184 C:\Users\Shante\Desktop\MBRCheck.exe
8072 C:\Windows\System32\conhost.exe
2392 C:\Windows\System32\dllhost.exe
6280 <unknown>
5268 <unknown>
448 <unknown>
4336 <unknown>
7764 <unknown>
10812 <unknown>
7652 <unknown>
8984 <unknown>
11960 <unknown>
10024 <unknown>
6468 <unknown>
5952 <unknown>
4820 <unknown>
10688 <unknown>
7604 <unknown>
11692 <unknown>
6784 <unknown>
7772 <unknown>
11512 <unknown>

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`5dd00000 (NTFS)

PhysicalDrive0 Model Number: ST9250315AS, Rev: 0002SDM1

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: BBAD517F7EAC529451E4B9586C847AE190574F61


Done!



OTL logfile created on: 10/28/2011 8:51:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Shante\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.44 Gb Available Physical Memory | 25.07% Memory free
5.24 Gb Paging File | 2.23 Gb Available in Paging File | 42.59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 222.42 Gb Total Space | 186.26 Gb Free Space | 83.74% Space Free | Partition Type: NTFS
Drive D: | 569.57 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: SHANTE-PC | User Name: Shante | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/10/28 20:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shante\Desktop\OTL.exe
PRC - [2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Shante\AppData\Local\volmgr.exe
PRC - [2011/10/05 14:29:28 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2011/09/28 19:18:19 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/09/07 18:14:04 | 000,161,336 | ---- | M] (Google) -- C:\Users\Shante\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2011/01/24 04:00:34 | 000,120,248 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe
PRC - [2011/01/24 04:00:26 | 004,505,456 | ---- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\hsplayer.exe
PRC - [2011/01/17 18:37:40 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011/01/17 18:37:40 | 011,314,688 | -H-- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccsvchst.exe
PRC - [2010/01/15 07:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe
PRC - [2009/11/02 19:24:58 | 000,257,440 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10d.exe
PRC - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe
PRC - [2009/05/29 04:37:51 | 004,707,135 | R--- | M] (Research In Motion Limited ) -- D:\start.exe
PRC - [2009/05/12 11:36:18 | 000,623,888 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/05/12 11:36:06 | 001,701,136 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Research In Motion\BlackBerry\DesktopMgr.exe
PRC - [2009/04/30 12:19:18 | 001,406,224 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/02 16:50:16 | 000,376,832 | ---- | M] (Research In Motion Limited) -- C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe


========== Modules (No Company Name) ==========

MOD - [2011/10/28 17:19:58 | 000,188,416 | ---- | M] () -- C:\Users\Shante\AppData\Local\Temp\wrd3bb102c0.~lk\1.mdd
MOD - [2011/10/28 17:19:58 | 000,163,840 | ---- | M] () -- C:\Users\Shante\AppData\Local\Temp\wrd3bb102c0.~lk\4.mdd
MOD - [2011/10/28 17:19:58 | 000,110,592 | ---- | M] () -- C:\Users\Shante\AppData\Local\Temp\wrd3bb102c0.~lk\0.mdd
MOD - [2011/10/28 17:19:58 | 000,090,112 | ---- | M] () -- C:\Users\Shante\AppData\Local\Temp\wrd3bb102c0.~lk\3.mdd
MOD - [2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Shante\AppData\Local\volmgr.exe
MOD - [2011/10/21 09:51:38 | 000,024,064 | -HS- | M] () -- C:\Users\Shante\AppData\Local\volmgr.dll
MOD - [2011/10/03 05:05:36 | 000,008,192 | ---- | M] () -- C:\Program Files (x86)\Java\jre6\bin\jp2native.dll
MOD - [2011/09/28 19:21:46 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MOD - [2011/09/28 19:18:19 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
MOD - [2011/09/18 04:19:12 | 000,131,072 | ---- | M] () -- C:\Users\Shante\AppData\Local\acxMapusb\usrCommsSupport.dll
MOD - [2011/05/18 11:53:42 | 001,496,576 | ---- | M] () -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MOD - [2011/05/18 11:53:42 | 000,346,112 | ---- | M] () -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MOD - [2011/04/29 04:54:54 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011/04/29 04:54:54 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2009/02/14 07:04:38 | 000,756,040 | ---- | M] () -- C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/15 11:56:20 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010/02/05 19:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2009/11/06 00:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2009/07/28 17:48:06 | 000,140,632 | -H-- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2011/01/24 04:00:34 | 000,120,248 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\SymcPCCULaunchSvc.exe -- (Norton PC Checkup Application Launcher)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 19:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ccSvcHst.exe -- (NIS)
SRV - [2010/01/15 07:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010/01/14 19:16:16 | 000,345,600 | ---- | M] (Pharos Systems International) [Auto | Running] -- C:\Program Files (x86)\PharosSystems\Core\CTskMstr.exe -- (Pharos Systems ComTaskMaster)
SRV - [2009/12/03 21:30:18 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/10/06 11:21:50 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/24 17:49:41 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.3.198\ccSvcHst.exe -- (PCCUJobMgr)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/04/20 09:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/04/05 09:55:48 | 000,389,408 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\drxvi314_64.sys -- (bcm)
DRV:64bit: - [2011/04/05 09:55:46 | 000,067,360 | ---- | M] (Beceem communications pvt ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BcmBusCtr_64.sys -- (bcmbusctr)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/24 20:20:51 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 06:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/05 23:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 00:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 22:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 21:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 21:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/03/15 12:06:28 | 006,403,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/03/15 11:00:58 | 000,188,928 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/03/10 20:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/02/25 19:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/01 12:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010/01/18 19:45:50 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009/11/06 14:56:06 | 001,550,848 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009/10/14 22:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1108000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/30 22:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009/07/14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/07 10:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/05 11:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009/01/09 15:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/05/29 14:53:26 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cm_ser.sys -- (cm_ser)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2010/11/25 04:23:51 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/11/25 04:23:51 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/11/23 00:47:46 | 000,476,792 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20101224.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/11/22 21:20:07 | 000,953,904 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20101123.003\BHDrvx64.sys -- (BHDrvx64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/?pc=Z125&install_date=20110824
IE - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/ig?brand=TSNA&bmod=TSNA
IE - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: smartdeals@smart-deals.com:1.5.3
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z125&form=ZGAADF&install_date=20110824&q="
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@skyhookwireless.com/LokiPlugin,version=3.1.0.05: C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll (Skyhook Wireless)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Shante\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Shante\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\IPSFFPlgn\ [2011/07/31 17:32:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\coFFPlgn_2010_9_0_6 [2011/10/17 03:09:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/10/17 03:07:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/05 14:29:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/05 14:30:11 | 000,000,000 | ---D | M]

[2010/11/24 18:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shante\AppData\Roaming\Mozilla\Extensions
[2011/10/28 00:29:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions
[2011/10/17 03:07:51 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/17 03:07:50 | 000,000,000 | ---D | M] (SmartDeals) -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\smartdeals@smart-deals.com
[2011/10/17 03:07:50 | 000,000,000 | ---D | M] (SmartDeals) -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\smartdeals@smart-deals.com_temp
[2011/10/17 03:07:50 | 000,000,000 | ---D | M] (BetterLinks) -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\extensions\smartlinks@getsmartlinks.com
[2011/08/23 21:09:47 | 000,001,945 | ---- | M] () -- C:\Users\Shante\AppData\Roaming\Mozilla\Firefox\Profiles\f1kln3zd.default\searchplugins\bing-zugo.xml
[2011/10/27 04:21:22 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/10/04 12:42:33 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/10/27 04:21:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
[2011/10/17 03:07:10 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\google\chrome\application\12.0.742.100\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Chrome NaCl (Disabled) = C:\Program Files (x86)\google\chrome\application\12.0.742.100\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\google\chrome\application\12.0.742.100\pdf.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Shante\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Shante\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: Loki Plugin (Enabled) = C:\Program Files (x86)\Skyhook Wireless\Loki ActiveX Component\versions\3.1.0.05\loki.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Shante\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\

O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.8.0.5\coIEplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [] File not found
O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [SmoothView] C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files (x86)\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\TOSHIBA\Toshiba Online Backup\Activation\TobuActivation.exe (Toshiba)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [EPSON NX110 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIFBA.EXE /FU "C:\windows\TEMP\E_S11F0.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [usrCommsSupport] C:\Users\Shante\AppData\Local\acxMapusb\usrCommsSupport.dll ()
O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [volmgr] C:\Users\Shante\AppData\Local\volmgr.exe ()
O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [winupd] C:\Users\Shante\AppData\Local\Temp\winupd.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\RunOnce: [FlashPlayerUpdate] C:\windows\SysWOW64\Macromed\Flash\FlashUtil10x_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\Shante\AppData\Local\Temp\winupd.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{660CA1E8-8C47-4583-B432-92B3C3E7DE8F}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CBD3669B-1F25-42A3-8C9A-4E04D6B65770}: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/05/29 04:37:41 | 000,000,075 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{9addc2b4-7ee4-11df-9e52-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9addc2b4-7ee4-11df-9e52-806e6f6e6963}\Shell\AutoRun\command - "" = D:\start.exe -- [2009/05/29 04:37:51 | 004,707,135 | R--- | M] (Research In Motion Limited )
O33 - MountPoints2\{f214c19b-fcb9-11df-9e68-00266c586986}\Shell - "" = AutoRun
O33 - MountPoints2\{f214c19b-fcb9-11df-9e68-00266c586986}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/10/28 20:48:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Shante\Desktop\OTL.exe
[2011/10/28 19:28:55 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Local\Programs
[2011/10/28 18:50:58 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Research In Motion
[2011/10/28 18:36:54 | 000,031,744 | ---- | C] (Research in Motion Ltd) -- C:\windows\SysNative\drivers\RimSerial_AMD64.sys
[2011/10/28 18:35:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlackBerry
[2011/10/28 18:35:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Roxio Shared
[2011/10/28 18:34:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Research In Motion
[2011/10/28 18:34:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Research In Motion
[2011/10/28 17:38:28 | 000,000,000 | ---D | C] -- C:\Users\Shante\Desktop\wanda's stream pymt_files
[2011/10/27 05:03:15 | 000,000,000 | ---D | C] -- C:\Users\Shante\Desktop\com.skillcheck.session_management.SK_Servlet_files
[2011/10/27 04:22:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2011/10/27 04:21:18 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/27 04:21:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/27 04:21:18 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/27 04:15:17 | 000,910,624 | ---- | C] (Sun Microsystems, Inc.) -- C:\Users\Shante\Desktop\jxpiinstall.exe
[2011/10/22 17:58:38 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Shante\Desktop\dds.scr
[2011/10/19 23:22:27 | 000,000,000 | ---D | C] -- C:\Users\Shante\Desktop\Direct Energy Payment Receipt- 10-19_files
[2011/10/16 19:45:14 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\zCkVlBx0ci
[2011/10/16 19:45:07 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Ju23GaQQH6dK7R9
[2011/10/16 19:45:05 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\GdddEEK8gR
[2011/10/10 12:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2011/10/05 14:31:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xvid
[2011/10/05 14:31:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xvid
[2011/10/05 14:30:34 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Local\Real
[2011/10/05 14:29:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2011/10/05 14:29:41 | 000,198,832 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2011/10/05 14:29:31 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2011/10/05 14:29:31 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2011/10/05 14:29:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Real
[2011/10/05 14:29:30 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/10/05 14:29:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Real
[2011/10/05 14:29:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Real
[2011/10/05 14:29:10 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Real
[2011/10/05 14:28:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2011/10/04 12:07:58 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\xWK7fEL9gZjCkV
[2011/10/04 12:07:57 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\BtxA0ucS2b3n4Q6
[2011/10/04 03:41:04 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Minibar
[2011/10/04 03:41:02 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\FaceSmooch Smileys
[2011/10/04 02:59:07 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Security Guard 2012
[2011/10/04 02:59:06 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\iccAAiiD2npmHQd
[2011/10/04 02:59:06 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\A88gRZhYXkUVltP
[2011/10/04 02:58:56 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\PAAA1vv2oFpm5J7
[2011/10/04 02:58:55 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\ES11vD3oFmH5J7E
[2011/10/03 23:21:00 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\EkrBPcio4Hs7LZY
[2011/10/03 23:20:59 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Gkt013Gms7
[2011/10/03 14:37:53 | 000,000,000 | -H-D | C] -- C:\windows\$BLSTUN$
[2011/10/03 14:01:22 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Cloud AV
[2011/10/03 14:01:21 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\utyc1oFmGdEKZhw
[2011/10/03 14:01:20 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\hddRZYXwV
[2011/10/03 14:01:12 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\zBBrrzONyx
[2011/10/03 13:56:51 | 000,000,000 | ---D | C] -- C:\windows\system64
[2011/10/02 00:01:27 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Local\DDMSettings
[2011/10/01 23:46:36 | 000,000,000 | ---D | C] -- C:\Users\Shante\AppData\Roaming\DivX
[2011/10/01 23:45:30 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX Plus
[2011/10/01 23:45:24 | 000,000,000 | -H-D | C] -- C:\Program Files\DivX
[2011/10/01 23:45:10 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\DivX Shared
[2011/10/01 23:44:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DivX
[2011/10/01 23:26:51 | 000,000,000 | -H-D | C] -- C:\ProgramData\DivX
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Shante\Desktop\*.tmp files -> C:\Users\Shante\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/10/28 20:48:28 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Shante\Desktop\OTL.exe
[2011/10/28 20:44:00 | 000,000,898 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/28 20:42:39 | 000,080,384 | ---- | M] () -- C:\Users\Shante\Desktop\MBRCheck.exe
[2011/10/28 20:27:01 | 000,000,912 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1272301894-312501613-2428284200-1000UA.job
[2011/10/28 19:17:17 | 002,629,144 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1108000.005\Cat.DB
[2011/10/28 19:06:51 | 000,726,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2011/10/28 19:06:51 | 000,624,178 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2011/10/28 19:06:51 | 000,106,522 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2011/10/28 19:05:29 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 19:05:29 | 000,015,792 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/10/28 18:51:03 | 000,000,256 | ---- | M] () -- C:\windows\SysWow64\pool.bin
[2011/10/28 18:35:45 | 000,002,003 | ---- | M] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/10/28 17:38:36 | 000,012,923 | ---- | M] () -- C:\Users\Shante\Desktop\wanda's stream pymt.htm
[2011/10/28 15:50:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/10/28 03:44:26 | 000,000,894 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/10/27 22:27:00 | 000,000,860 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1272301894-312501613-2428284200-1000Core.job
[2011/10/27 05:03:24 | 000,027,204 | ---- | M] () -- C:\Users\Shante\Desktop\com.skillcheck.session_management.SK_Servlet.htm
[2011/10/27 04:15:20 | 000,910,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Users\Shante\Desktop\jxpiinstall.exe
[2011/10/23 03:06:00 | 000,008,508 | ---- | M] () -- C:\Users\Shante\Desktop\1990.jpg
[2011/10/22 17:58:39 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Shante\Desktop\dds.scr
[2011/10/22 17:53:27 | 000,000,000 | ---- | M] () -- C:\Users\Shante\defogger_reenable
[2011/10/22 05:42:47 | 000,001,151 | ---- | M] () -- C:\Users\Shante\Desktop\Kdirect - Shortcut.lnk
[2011/10/21 21:43:11 | 000,001,028 | R-S- | M] () -- C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/10/21 16:51:25 | 000,027,995 | ---- | M] () -- C:\Users\Shante\Documents\YSM Resume.odt
[2011/10/21 16:41:39 | 000,072,117 | ---- | M] () -- C:\Users\Shante\Documents\YSM Resume2.pdf
[2011/10/21 09:51:40 | 000,068,096 | -HS- | M] () -- C:\Users\Shante\AppData\Local\volmgr.exe
[2011/10/21 09:51:38 | 000,024,064 | -HS- | M] () -- C:\Users\Shante\AppData\Local\volmgr.dll
[2011/10/20 02:39:59 | 000,000,115 | -H-- | M] () -- C:\Users\Shante\Documents\.~lock.Monthly Budget.ods#
[2011/10/20 01:36:59 | 000,010,325 | ---- | M] () -- C:\Users\Shante\Documents\Monthly Budget.ods
[2011/10/19 23:22:29 | 000,007,605 | ---- | M] () -- C:\Users\Shante\Desktop\Direct Energy Payment Receipt- 10-19.htm
[2011/10/18 21:23:49 | 000,026,038 | ---- | M] () -- C:\Users\Shante\Documents\Photography_photoshop Mini tutorial.odt
[2011/10/18 21:23:46 | 000,000,115 | -H-- | M] () -- C:\Users\Shante\Documents\.~lock.Photography_photoshop Mini tutorial.odt#
[2011/10/17 03:09:04 | 1405,272,064 | -HS- | M] () -- C:\hiberfil.sys
[2011/10/12 09:23:03 | 000,028,019 | ---- | M] () -- C:\Users\Shante\Documents\Yasmin McGain.odt
[2011/10/10 12:00:13 | 000,070,376 | ---- | M] () -- C:\Users\Shante\Documents\BOA PRIME FORECLOSURE SPECIALIST CANDIDATE.pdf
[2011/10/10 11:50:09 | 000,022,533 | ---- | M] () -- C:\Users\Shante\Documents\BOA AOI.odt
[2011/10/06 15:03:33 | 002,628,328 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1108000.005\Cat(84).DB
[2011/10/06 13:31:38 | 000,002,351 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 14:30:04 | 000,001,275 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/05 14:29:41 | 000,198,832 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\rmoc3260.dll
[2011/10/05 14:29:31 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\windows\SysWow64\pncrt.dll
[2011/10/05 14:29:31 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5016.dll
[2011/10/05 14:29:31 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\windows\SysWow64\pndx5032.dll
[2011/10/05 14:28:50 | 000,002,250 | ---- | M] () -- C:\Users\Shante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/03 05:06:16 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaws.exe
[2011/10/03 05:06:15 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\javaw.exe
[2011/10/03 05:06:14 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\java.exe
[2011/10/03 05:06:03 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\SysWow64\deployJava1.dll
[2011/09/30 01:23:09 | 002,628,328 | ---- | M] () -- C:\windows\SysNative\drivers\NISx64\1108000.005\Cat(7105).DB
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]
[1 C:\Users\Shante\Desktop\*.tmp files -> C:\Users\Shante\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/10/28 20:42:37 | 000,080,384 | ---- | C] () -- C:\Users\Shante\Desktop\MBRCheck.exe
[2011/10/28 18:51:03 | 000,000,256 | ---- | C] () -- C:\windows\SysWow64\pool.bin
[2011/10/28 18:35:37 | 000,002,003 | ---- | C] () -- C:\Users\Public\Desktop\Desktop Manager.lnk
[2011/10/28 17:38:25 | 000,012,923 | ---- | C] () -- C:\Users\Shante\Desktop\wanda's stream pymt.htm
[2011/10/27 05:03:14 | 000,027,204 | ---- | C] () -- C:\Users\Shante\Desktop\com.skillcheck.session_management.SK_Servlet.htm
[2011/10/23 03:05:54 | 000,008,508 | ---- | C] () -- C:\Users\Shante\Desktop\1990.jpg
[2011/10/22 18:20:44 | 000,611,139 | ---- | C] () -- C:\Users\Shante\Documents\Resume.pdf
[2011/10/22 18:17:30 | 001,878,015 | ---- | C] () -- C:\Users\Shante\Documents\elementary_pan.pdf
[2011/10/22 18:01:22 | 000,070,376 | ---- | C] () -- C:\Users\Shante\Documents\BOA PRIME FORECLOSURE SPECIALIST CANDIDATE.pdf
[2011/10/22 18:01:22 | 000,066,224 | ---- | C] () -- C:\Users\Shante\Documents\DHA- Section 8 App.pdf
[2011/10/22 18:01:22 | 000,022,533 | ---- | C] () -- C:\Users\Shante\Documents\BOA AOI.odt
[2011/10/22 17:53:27 | 000,000,000 | ---- | C] () -- C:\Users\Shante\defogger_reenable
[2011/10/22 05:42:46 | 000,001,151 | ---- | C] () -- C:\Users\Shante\Desktop\Kdirect - Shortcut.lnk
[2011/10/21 21:47:22 | 000,024,064 | -HS- | C] () -- C:\Users\Shante\AppData\Local\volmgr.dll
[2011/10/21 21:47:21 | 000,068,096 | -HS- | C] () -- C:\Users\Shante\AppData\Local\volmgr.exe
[2011/10/21 21:43:10 | 000,001,028 | R-S- | C] () -- C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk
[2011/10/21 16:41:39 | 000,072,117 | ---- | C] () -- C:\Users\Shante\Documents\YSM Resume2.pdf
[2011/10/20 02:39:59 | 000,000,115 | -H-- | C] () -- C:\Users\Shante\Documents\.~lock.Monthly Budget.ods#
[2011/10/20 01:36:55 | 000,010,325 | ---- | C] () -- C:\Users\Shante\Documents\Monthly Budget.ods
[2011/10/19 23:22:26 | 000,007,605 | ---- | C] () -- C:\Users\Shante\Desktop\Direct Energy Payment Receipt- 10-19.htm
[2011/10/18 21:23:46 | 000,000,115 | -H-- | C] () -- C:\Users\Shante\Documents\.~lock.Photography_photoshop Mini tutorial.odt#
[2011/10/18 21:23:44 | 000,026,038 | ---- | C] () -- C:\Users\Shante\Documents\Photography_photoshop Mini tutorial.odt
[2011/10/05 14:31:26 | 000,703,488 | ---- | C] () -- C:\windows\SysNative\xvidcore.dll
[2011/10/05 14:31:26 | 000,255,488 | ---- | C] () -- C:\windows\SysNative\xvidvfw.dll
[2011/10/05 14:31:26 | 000,173,056 | ---- | C] () -- C:\windows\SysNative\xvid.ax
[2011/10/05 14:31:25 | 000,650,752 | ---- | C] () -- C:\windows\SysWow64\xvidcore.dll
[2011/10/05 14:31:25 | 000,240,640 | ---- | C] () -- C:\windows\SysWow64\xvidvfw.dll
[2011/10/05 14:31:25 | 000,152,064 | ---- | C] () -- C:\windows\SysWow64\xvid.ax
[2011/10/05 14:30:04 | 000,001,275 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2011/10/05 14:28:50 | 000,002,351 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/10/05 14:28:50 | 000,002,250 | ---- | C] () -- C:\Users\Shante\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/10/05 14:28:30 | 000,000,898 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/10/05 14:28:28 | 000,000,894 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/07/11 04:04:11 | 000,136,540 | ---- | C] () -- C:\windows\hphins33.dat
[2011/07/11 04:04:11 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2011/06/24 17:10:56 | 000,000,273 | ---- | C] () -- C:\windows\SysWow64\initparams.ini
[2011/03/22 12:28:03 | 000,073,220 | ---- | C] () -- C:\windows\SysWow64\EPPICPrinterDB.dat
[2011/03/22 12:28:03 | 000,000,097 | ---- | C] () -- C:\windows\SysWow64\PICSDK.ini
[2011/03/22 12:28:02 | 000,031,053 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern131.dat
[2011/03/22 12:28:02 | 000,029,114 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern1.dat
[2011/03/22 12:28:02 | 000,027,417 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern121.dat
[2011/03/22 12:28:02 | 000,021,021 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern3.dat
[2011/03/22 12:28:02 | 000,015,670 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern5.dat
[2011/03/22 12:28:02 | 000,013,280 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern2.dat
[2011/03/22 12:28:02 | 000,010,673 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern4.dat
[2011/03/22 12:28:02 | 000,004,943 | ---- | C] () -- C:\windows\SysWow64\EPPICPattern6.dat
[2011/03/22 12:28:02 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_PT.dat
[2011/03/22 12:28:02 | 000,001,140 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_BP.dat
[2011/03/22 12:28:02 | 000,001,137 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_ES.dat
[2011/03/22 12:28:02 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_FR.dat
[2011/03/22 12:28:02 | 000,001,130 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_CF.dat
[2011/03/22 12:28:02 | 000,001,104 | ---- | C] () -- C:\windows\SysWow64\EPPICPresetData_EN.dat
[2010/06/23 11:51:59 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/06/23 11:49:45 | 000,001,105 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- C:\windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- C:\windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\SysWow64\BWContextHandler.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\SysWow64\mlang.dat

< End of report >

Attached Files



#6 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 29 October 2011 - 01:22 AM

Thanks for the feedback.

What is on D drive? Do you know D:\start.exe ?

  • Please open OTL.
    • Copy the text in code box and paste it to Custom Scans/Fixes section:

      :otl
      O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [volmgr] C:\Users\Shante\AppData\Local\volmgr.exe ()
      O4 - HKU\S-1-5-21-1272301894-312501613-2428284200-1000..\Run: [winupd] C:\Users\Shante\AppData\Local\Temp\winupd.exe ()
      O4 - Startup: C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\winupd.lnk = C:\Users\Shante\AppData\Local\Temp\winupd.exe ()
      :files
      C:\Users\Shante\AppData\Roaming\zCkVlBx0ci
      C:\Users\Shante\AppData\Roaming\Ju23GaQQH6dK7R9
      C:\Users\Shante\AppData\Roaming\GdddEEK8gR
      C:\Users\Shante\AppData\Roaming\xWK7fEL9gZjCkV
      C:\Users\Shante\AppData\Roaming\BtxA0ucS2b3n4Q6
      C:\Users\Shante\AppData\Roaming\iccAAiiD2npmHQd
      C:\Users\Shante\AppData\Roaming\A88gRZhYXkUVltP
      C:\Users\Shante\AppData\Roaming\PAAA1vv2oFpm5J7
      C:\Users\Shante\AppData\Roaming\ES11vD3oFmH5J7E
      C:\Users\Shante\AppData\Roaming\EkrBPcio4Hs7LZY
      C:\Users\Shante\AppData\Roaming\Gkt013Gms7
      C:\Users\Shante\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Cloud AV
      C:\Users\Shante\AppData\Roaming\utyc1oFmGdEKZhw
      C:\Users\Shante\AppData\Roaming\hddRZYXwV
      C:\Users\Shante\AppData\Roaming\zBBrrzONyx
      C:\Users\Shante\AppData\Local\Temp\wrd3bb102c0.~lk
      C:\Users\Shante\AppData\Local\volmgr.dll
      C:\Users\Shante\AppData\Local\volmgr.exe
      :commands
      
    • Click Run Fix button.
    • If the fix needed a reboot please do it.
    • After finished a log will open. Copy and paste the log to your reply.
  • Please download Malwarebytes' Anti-Malware from one of these locations:
    malwarebytes.org
    majorgeeks.com
    • Double Click mbam-setup.exe to install the application.
    • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish,so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the MBAM log.
    Extra Note:
    If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

Edited by farbar, 29 October 2011 - 01:23 AM.


#7 ysm7997

ysm7997
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:13 PM

Posted 30 October 2011 - 02:31 AM

Thanks for the quick response, sorry I am just now seeing this. My Blackberry desktop mgr/user tools cd was in my d:drive. By the way, I updated my firefox last night due to not being able to load google.com at all or its search engine in my toolbar. After the upgrade, not only was I able to load google, but I also have not experienced the redirects. However, redirects were not my only issue, so I am not convinced that my firefox upgrade cured me, those viruses are tricky. According to the OTL and the malware scans I had several trojans. I hope they're gone now. The OTL and Malware Bytes logs are below. Please let me know what you think,and thank you for your help.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8046

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

10/30/2011 2:08:53 AM
mbam-log-2011-10-30 (02-08-53).txt

Scan type: Quick scan
Objects scanned: 186186
Time elapsed: 10 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 41

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Users\Shante\AppData\Local\acxmapusb\usrcommssupport.dll (Trojan.Blueinit.SGen) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{7952f465-ac46-4a82-b383-870f3784d1cd} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d09094b3-b426-4f16-a6d9-e211fe222127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7895609d-c8b4-4cf5-a2c7-28223d0c3d92} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\usrCommsSupport (Trojan.Blueinit.SGen) -> Value: usrCommsSupport -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\Windows\$BLSTUN$ (Adware.AdRotator) -> Quarantined and deleted successfully.

Files Infected:
c:\Users\Shante\AppData\Local\acxmapusb\usrcommssupport.dll (Trojan.Blueinit.SGen) -> Quarantined and deleted successfully.
c:\Users\Shante\AppData\Local\Temp\pgwneulcsj (Trojan.Exploit.Drop) -> Quarantined and deleted successfully.
c:\Users\Shante\AppData\Local\Temp\udltcksbjr (Rootkit.0Access) -> Quarantined and deleted successfully.
c:\Users\Shante\AppData\Local\Temp\icreinstall\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1152.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\1363E8.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\15B6.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\24E2.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\2649.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\568D.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\5956.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\67BB.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\7208.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\754.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\7C93.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\7FC.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\86EE.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\8CC4.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\9CCF.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\9EF.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\A141.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ADCF.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\B177.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\FA88.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\FC3C.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\gdfstr.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Temp\intrau3.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\javaw.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\kjghsad.exe (Trojan.Downloader.adb) -> Quarantined and deleted successfully.
c:\Windows\Temp\ldr12b9.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ldr6a69.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ldra3d0.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ldrb51f.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\ldrfdb3.tmp (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
c:\Windows\Temp\p5tm1qbi6dss92.exe.tmp (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Temp\nshCC48.tmp\si.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Shante\downloads\flvplayersetup.exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Shante\downloads\ilividsetupv1.exe (Affiliate.Downloader) -> Quarantined and deleted successfully.
c:\Users\Shante\downloads\televisionfanatic.exe (Adware.FunWeb) -> Quarantined and deleted successfully.
c:\Users\Shante\downloads\xvidsetup(4).exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Shante\downloads\xvidsetup(5).exe (Adware.Agent) -> Quarantined and deleted successfully.



01:57:06 Shante MESSAGE Protection started successfully
01:57:13 Shante MESSAGE IP Protection started successfully
02:12:43 Shante MESSAGE Protection started successfully
02:12:51 Shante MESSAGE IP Protection started successfully

#8 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 30 October 2011 - 06:29 AM

Well done. :thumbup2:

The OTL log is not there but I think it did the job.

Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 07 November 2011 - 02:00 AM

Are you still there?

#10 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,708 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:13 AM

Posted 09 November 2011 - 09:09 AM

This thread will now be closed since the issue seems to be resolved.

If you need this topic reopened, please send me a Private Message and I will reopen it for you. If you should have a new issue, please start a new topic.

Every one else should start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users