Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google chrome redirecting


  • This topic is locked This topic is locked
22 replies to this topic

#1 Layla Marie

Layla Marie

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 09 January 2012 - 11:57 AM

I have an Inspiron 1525 with windows vista and have Norton 360. I use google chrome and it has been redirecting me to different sites such as Shopica, yellow pages, search it simple.com and so on. However it doesn't always redirect me. Please help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 12:17 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 January 2012 - 10:36 AM

Thank you Gringo for the fast reply. I did not have any problems running the DDS. But I thought I would mention one other problem that recently started happening...I get a blue screen that pops up very fast and does a memory dump then restarts my computer. Not sure if it's related or not. Here are the logs you requested.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 6/19/2008 11:50:15 AM
System Uptime: 1/10/2012 8:14:08 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0U990C
Processor: Intel® Pentium® Dual CPU T2370 @ 1.73GHz | Microprocessor | 1733/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 99 GiB total, 54.514 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 6.196 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
.
ABBYY FineReader 6.0 Sprint
Adobe Flash Player 11 ActiveX
Adobe Reader 8.1.0
Adobe Shockwave Player 11.5
AnswerWorks 5.0 English Runtime
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Ask.com Toolbar
Bing Bar
Bing Rewards Client Installer
Bonjour
Browser Address Error Redirector
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HDA D330 MDC V.92 Modem
Dell DataSafe Online
Dell Getting Started Guide
Dell Support Center
Dell Touchpad
Dell V305
Dell Wireless WLAN Card
Digital Line Detect
EDocs
Games_Bar_1 Toolbar
Google Chrome
Google Desktop
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Intel® Matrix Storage Manager
iTunes
Java™ 6 Update 20
Java™ 6 Update 5
MediaDirect
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft UI Engine
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
Modem Diagnostic Tool
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
Music, Photos & Videos Launcher
NetWaiting
Norton 360
OutlookAddinSetup
Play_Mario Toolbar
Product Documentation Launcher
QuickSet
QuickTime
Roxio Creator Audio
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler 3
Roxio Update Manager
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Symantec Technical Support Web Controls
TurboTax 2008
TurboTax 2008 WinPerFedFormset
TurboTax 2008 WinPerProgramHelp
TurboTax 2008 WinPerReleaseEngine
TurboTax 2008 WinPerTaxSupport
TurboTax 2008 WinPerUserEducation
TurboTax 2008 wrapper
TurboTax 2008 wwiiper
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Windows Live ID Sign-in Assistant
Yahoo! Toolbar
.
==== End Of File ===========================

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.19170
Run by Terra at 8:59:55 on 2012-01-10
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2037.483 [GMT -6:00]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 Premier Edition *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 Premier Edition *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\dldtcoms.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Dell V305\dldtmon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Users\Terra\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Dell V305\dldtMsdMon.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Users\Terra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Users\Terra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Terra\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\System32\ping.exe
C:\Users\Terra\Downloads\Defogger.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2504482
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080620
uInternet Settings,ProxyServer = http=localhost:7171
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: Play Mario Toolbar: {61a58fc8-def1-4521-93b2-85c81404839a} - c:\program files\play_mario\tbPlay.dll
mURLSearchHooks: H - No File
mURLSearchHooks: Play Mario Toolbar: {61a58fc8-def1-4521-93b2-85c81404839a} - c:\program files\play_mario\tbPlay.dll
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
BHO: Play Mario Toolbar: {61a58fc8-def1-4521-93b2-85c81404839a} - c:\program files\play_mario\tbPlay.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\5.1.0.29\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\5.1.0.29\coIEPlg.dll
TB: Play Mario Toolbar: {61a58fc8-def1-4521-93b2-85c81404839a} - c:\program files\play_mario\tbPlay.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\terra\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Apoint] "c:\program files\delltpad\Apoint.exe"
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Persistence] "c:\windows\system32\igfxpers.exe"
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [Broadcom Wireless Manager UI] "c:\windows\system32\WLTRAY.exe"
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [dldtmon.exe] "c:\program files\dell v305\dldtmon.exe"
mRun: [dldtamon] "c:\program files\dell v305\dldtamon.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
LSP: mswsock.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: microsoft.com\*.update
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/WebfettiInitialSetup1.0.1.1.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6FA34926-5C45-4148-826E-982CEF307BEA} : DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{CFCE973D-9C96-414C-9B11-057DDF84C60F} : DhcpNameServer = 172.168.1.161
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0501000.01d\symds.sys [2011-5-9 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0501000.01d\symefa.sys [2011-5-9 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\bashdefs\20111223.001\BHDrvx86.sys [2011-11-30 820344]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.0.0.125\definitions\ipsdefs\20120107.001\IDSvix86.sys [2012-1-9 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0501000.01d\ironx86.sys [2011-5-9 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0501000.01d\symtdiv.sys [2011-5-9 331384]
R2 dldt_device;dldt_device;c:\windows\system32\dldtcoms.exe -service --> c:\windows\system32\dldtcoms.exe -service [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
R2 N360;Norton 360;c:\program files\norton 360\engine\5.1.0.29\ccsvchst.exe [2011-5-9 130008]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-9 106104]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-19 111616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 dsiarhwprog;dsiarhwprog;c:\windows\system32\drivers\dsiarhwprog.sys [2011-12-27 29184]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-4-30 136176]
S4 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2008-6-19 73728]
.
=============== Created Last 30 ================
.
2012-01-08 04:15:18 -------- d-----w- c:\users\terra\appdata\roaming\Walgreens
2012-01-01 20:12:02 79872 ----a-w- c:\windows\system32\ri637mg.com_
2011-12-27 22:14:40 29184 ----a-w- c:\windows\system32\drivers\dsiarhwprog.sys
2011-12-26 01:06:11 79872 ----a-w- c:\programdata\CO7XIjym.exe_
2011-12-26 01:06:11 79872 ----a-w- c:\programdata\CO7XIjym.exe
2011-12-18 20:36:47 7680 ----a-w- c:\windows\system\svchost.exe
2011-12-14 15:49:57 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-12-14 15:49:57 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-12-14 15:49:54 429056 ----a-w- c:\windows\system32\EncDec.dll
2011-12-14 15:49:48 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-14 15:49:43 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-12-14 15:49:37 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-14 15:49:01 2048 ----a-w- c:\windows\system32\tzres.dll
.
==================== Find3M ====================
.
2011-12-06 13:32:54 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 06:22:04 916992 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 06:17:38 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-11-03 06:17:23 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 06:17:08 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-11-03 06:17:08 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-11-03 05:22:43 385024 ----a-w- c:\windows\system32\html.iec
2011-11-03 04:45:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-11-03 04:43:59 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 9:02:36.95 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 12:17 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 January 2012 - 03:10 PM

I turned off my security settings but combofix is warning me that they are still active and combofix will continue to run at my own risk. Should I hit OK? I double checked and Norton is disabled for 5 hours. Thanks

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 06:40 PM

go ahead and run combofix


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 January 2012 - 08:41 PM

I have the blue scan window open and it says it's scanning. But it has been running for an hour and nothing is happening. It just says the scan may take several minutes. What would you like me to do? I'm assuming something isn't working. Thanks

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 08:53 PM

Hello

go ahead and stop it

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 January 2012 - 09:36 PM

20:27:12.0107 2312 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
20:27:12.0481 2312 ============================================================
20:27:12.0481 2312 Current date / time: 2012/01/10 20:27:12.0481
20:27:12.0481 2312 SystemInfo:
20:27:12.0481 2312
20:27:12.0481 2312 OS Version: 6.0.6002 ServicePack: 2.0
20:27:12.0481 2312 Product type: Workstation
20:27:12.0481 2312 ComputerName: TERRA-PC
20:27:12.0481 2312 UserName: Terra
20:27:12.0481 2312 Windows directory: C:\Windows
20:27:12.0481 2312 System windows directory: C:\Windows
20:27:12.0481 2312 Processor architecture: Intel x86
20:27:12.0481 2312 Number of processors: 2
20:27:12.0481 2312 Page size: 0x1000
20:27:12.0481 2312 Boot type: Normal boot
20:27:12.0481 2312 ============================================================
20:27:13.0261 2312 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000, SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000050
20:27:13.0589 2312 Initialize success
20:27:16.0413 0916 ============================================================
20:27:16.0413 0916 Scan started
20:27:16.0413 0916 Mode: Manual;
20:27:16.0413 0916 ============================================================
20:27:19.0283 0916 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
20:27:19.0299 0916 ACPI - ok
20:27:19.0470 0916 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
20:27:19.0470 0916 adp94xx - ok
20:27:19.0689 0916 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
20:27:19.0689 0916 adpahci - ok
20:27:19.0782 0916 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
20:27:19.0782 0916 adpu160m - ok
20:27:19.0907 0916 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
20:27:19.0907 0916 adpu320 - ok
20:27:20.0063 0916 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
20:27:20.0079 0916 AFD - ok
20:27:20.0188 0916 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
20:27:20.0188 0916 agp440 - ok
20:27:20.0313 0916 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
20:27:20.0313 0916 aic78xx - ok
20:27:20.0375 0916 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
20:27:20.0391 0916 aliide - ok
20:27:20.0437 0916 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
20:27:20.0437 0916 amdagp - ok
20:27:20.0500 0916 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
20:27:20.0500 0916 amdide - ok
20:27:20.0609 0916 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
20:27:20.0609 0916 AmdK7 - ok
20:27:20.0703 0916 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
20:27:20.0718 0916 AmdK8 - ok
20:27:20.0812 0916 ApfiltrService (350f19eb5fe4ec37a2414df56cde1aa8) C:\Windows\system32\DRIVERS\Apfiltr.sys
20:27:20.0827 0916 ApfiltrService - ok
20:27:20.0968 0916 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
20:27:20.0968 0916 arc - ok
20:27:21.0108 0916 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
20:27:21.0108 0916 arcsas - ok
20:27:21.0155 0916 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
20:27:21.0155 0916 AsyncMac - ok
20:27:21.0217 0916 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
20:27:21.0217 0916 atapi - ok
20:27:21.0358 0916 BCM42RLY - ok
20:27:21.0514 0916 BCM43XX (cdf7f28ffd693b1b4137845dd1ef1ccc) C:\Windows\system32\DRIVERS\bcmwl6.sys
20:27:21.0545 0916 BCM43XX - ok
20:27:21.0670 0916 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
20:27:21.0670 0916 Beep - ok
20:27:21.0904 0916 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys
20:27:21.0951 0916 BHDrvx86 - ok
20:27:22.0122 0916 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
20:27:22.0122 0916 blbdrive - ok
20:27:22.0231 0916 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
20:27:22.0231 0916 bowser - ok
20:27:22.0341 0916 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
20:27:22.0341 0916 BrFiltLo - ok
20:27:22.0403 0916 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
20:27:22.0403 0916 BrFiltUp - ok
20:27:22.0528 0916 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
20:27:22.0528 0916 Brserid - ok
20:27:22.0590 0916 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
20:27:22.0590 0916 BrSerWdm - ok
20:27:22.0668 0916 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
20:27:22.0668 0916 BrUsbMdm - ok
20:27:22.0746 0916 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
20:27:22.0746 0916 BrUsbSer - ok
20:27:22.0871 0916 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
20:27:22.0871 0916 BTHMODEM - ok
20:27:23.0011 0916 catchme - ok
20:27:23.0074 0916 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
20:27:23.0074 0916 cdfs - ok
20:27:23.0214 0916 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
20:27:23.0230 0916 cdrom - ok
20:27:23.0277 0916 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
20:27:23.0277 0916 circlass - ok
20:27:23.0339 0916 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
20:27:23.0355 0916 CLFS - ok
20:27:23.0511 0916 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
20:27:23.0511 0916 CmBatt - ok
20:27:23.0620 0916 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
20:27:23.0620 0916 cmdide - ok
20:27:23.0667 0916 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
20:27:23.0667 0916 Compbatt - ok
20:27:23.0698 0916 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
20:27:23.0698 0916 crcdisk - ok
20:27:23.0760 0916 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
20:27:23.0760 0916 Crusoe - ok
20:27:23.0916 0916 DfsC (5597d4a904e993e5e276a676cefe799b) C:\Windows\system32\Drivers\dfsc.sys
20:27:23.0916 0916 DfsC ( Rootkit.Win32.ZAccess.h ) - infected
20:27:23.0916 0916 DfsC - detected Rootkit.Win32.ZAccess.h (0)
20:27:24.0057 0916 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
20:27:24.0057 0916 disk - ok
20:27:24.0447 0916 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
20:27:24.0447 0916 drmkaud - ok
20:27:24.0571 0916 dsiarhwprog (f35b5d0cc142b87e687fc504baa69d82) C:\Windows\system32\Drivers\dsiarhwprog.sys
20:27:24.0571 0916 dsiarhwprog - ok
20:27:24.0634 0916 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
20:27:24.0665 0916 DXGKrnl - ok
20:27:24.0790 0916 e1express (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
20:27:24.0790 0916 e1express - ok
20:27:24.0930 0916 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
20:27:24.0946 0916 E1G60 - ok
20:27:25.0055 0916 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
20:27:25.0071 0916 Ecache - ok
20:27:25.0180 0916 eeCtrl (75e8b69f28c813675b16db357f20720f) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
20:27:25.0195 0916 eeCtrl - ok
20:27:25.0367 0916 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
20:27:25.0383 0916 elxstor - ok
20:27:25.0585 0916 EraserUtilRebootDrv (720b18d76de9e603b626dfcd6f1fca7c) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
20:27:25.0585 0916 EraserUtilRebootDrv - ok
20:27:25.0632 0916 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
20:27:25.0632 0916 ErrDev - ok
20:27:25.0929 0916 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
20:27:25.0929 0916 exfat - ok
20:27:26.0007 0916 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
20:27:26.0022 0916 fastfat - ok
20:27:26.0131 0916 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
20:27:26.0131 0916 fdc - ok
20:27:26.0256 0916 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
20:27:26.0256 0916 FileInfo - ok
20:27:26.0287 0916 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
20:27:26.0287 0916 Filetrace - ok
20:27:26.0365 0916 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
20:27:26.0365 0916 flpydisk - ok
20:27:26.0459 0916 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
20:27:26.0459 0916 FltMgr - ok
20:27:26.0631 0916 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
20:27:26.0631 0916 Fs_Rec - ok
20:27:26.0724 0916 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
20:27:26.0724 0916 gagp30kx - ok
20:27:26.0787 0916 GEARAspiWDM (5ae3a887ece5bbb72cfab273c2fd1cfa) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
20:27:26.0787 0916 GEARAspiWDM - ok
20:27:27.0052 0916 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
20:27:27.0099 0916 HDAudBus - ok
20:27:27.0317 0916 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
20:27:27.0457 0916 HidBth - ok
20:27:27.0520 0916 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
20:27:27.0520 0916 HidIr - ok
20:27:27.0629 0916 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
20:27:27.0629 0916 HidUsb - ok
20:27:27.0738 0916 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
20:27:27.0754 0916 HpCISSs - ok
20:27:27.0879 0916 HSF_DPV (e9e589c9ab799f52e18f057635a2b362) C:\Windows\system32\DRIVERS\HSX_DPV.sys
20:27:27.0910 0916 HSF_DPV - ok
20:27:27.0957 0916 HSXHWAZL (7845d2385f4dc7dfb3ccaf0c2fa4948e) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
20:27:27.0972 0916 HSXHWAZL - ok
20:27:28.0081 0916 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
20:27:28.0097 0916 HTTP - ok
20:27:28.0222 0916 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
20:27:28.0222 0916 i2omp - ok
20:27:28.0315 0916 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
20:27:28.0315 0916 i8042prt - ok
20:27:28.0440 0916 iaStor (997e8f5939f2d12cd9f2e6b395724c16) C:\Windows\system32\drivers\iastor.sys
20:27:28.0456 0916 iaStor - ok
20:27:28.0503 0916 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
20:27:28.0518 0916 iaStorV - ok
20:27:28.0752 0916 IDSVix86 (9bc8840de4140e8e2a6fc3192e054a8c) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120107.001\IDSvix86.sys
20:27:28.0768 0916 IDSVix86 - ok
20:27:28.0986 0916 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
20:27:29.0064 0916 igfx - ok
20:27:29.0127 0916 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
20:27:29.0127 0916 iirsp - ok
20:27:29.0251 0916 IntcHdmiAddService (98d303ccb3415e9202e82043b37d66dc) C:\Windows\system32\drivers\IntcHdmi.sys
20:27:29.0251 0916 IntcHdmiAddService - ok
20:27:29.0345 0916 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys
20:27:29.0345 0916 intelide - ok
20:27:29.0392 0916 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
20:27:29.0392 0916 intelppm - ok
20:27:29.0501 0916 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:27:29.0517 0916 IpFilterDriver - ok
20:27:29.0548 0916 IpInIp - ok
20:27:29.0610 0916 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
20:27:29.0610 0916 IPMIDRV - ok
20:27:29.0751 0916 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
20:27:29.0751 0916 IPNAT - ok
20:27:29.0907 0916 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
20:27:29.0907 0916 IRENUM - ok
20:27:29.0969 0916 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
20:27:29.0969 0916 isapnp - ok
20:27:30.0031 0916 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
20:27:30.0031 0916 iScsiPrt - ok
20:27:30.0078 0916 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
20:27:30.0078 0916 iteatapi - ok
20:27:30.0187 0916 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
20:27:30.0187 0916 iteraid - ok
20:27:30.0250 0916 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
20:27:30.0250 0916 kbdclass - ok
20:27:30.0343 0916 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
20:27:30.0343 0916 kbdhid - ok
20:27:30.0421 0916 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
20:27:30.0453 0916 KSecDD - ok
20:27:30.0499 0916 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
20:27:30.0499 0916 lltdio - ok
20:27:30.0624 0916 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
20:27:30.0640 0916 LSI_FC - ok
20:27:30.0702 0916 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
20:27:30.0702 0916 LSI_SAS - ok
20:27:30.0765 0916 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
20:27:30.0765 0916 LSI_SCSI - ok
20:27:30.0811 0916 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
20:27:30.0811 0916 luafv - ok
20:27:30.0921 0916 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
20:27:30.0921 0916 mdmxsdk - ok
20:27:31.0092 0916 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
20:27:31.0092 0916 megasas - ok
20:27:31.0155 0916 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
20:27:31.0170 0916 MegaSR - ok
20:27:31.0217 0916 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
20:27:31.0217 0916 Modem - ok
20:27:31.0264 0916 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
20:27:31.0264 0916 monitor - ok
20:27:31.0295 0916 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
20:27:31.0311 0916 mouclass - ok
20:27:31.0357 0916 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
20:27:31.0357 0916 mouhid - ok
20:27:31.0467 0916 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
20:27:31.0482 0916 MountMgr - ok
20:27:31.0545 0916 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
20:27:31.0545 0916 mpio - ok
20:27:31.0591 0916 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
20:27:31.0607 0916 mpsdrv - ok
20:27:31.0701 0916 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
20:27:31.0701 0916 Mraid35x - ok
20:27:31.0794 0916 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
20:27:31.0794 0916 MRxDAV - ok
20:27:31.0903 0916 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
20:27:31.0919 0916 mrxsmb - ok
20:27:31.0997 0916 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:27:32.0013 0916 mrxsmb10 - ok
20:27:32.0044 0916 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:27:32.0044 0916 mrxsmb20 - ok
20:27:32.0106 0916 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
20:27:32.0106 0916 msahci - ok
20:27:32.0215 0916 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
20:27:32.0215 0916 msdsm - ok
20:27:32.0278 0916 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
20:27:32.0278 0916 Msfs - ok
20:27:32.0371 0916 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
20:27:32.0371 0916 msisadrv - ok
20:27:32.0496 0916 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
20:27:32.0496 0916 MSKSSRV - ok
20:27:32.0559 0916 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
20:27:32.0559 0916 MSPCLOCK - ok
20:27:32.0637 0916 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
20:27:32.0637 0916 MSPQM - ok
20:27:32.0777 0916 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
20:27:32.0777 0916 MsRPC - ok
20:27:32.0839 0916 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
20:27:32.0839 0916 mssmbios - ok
20:27:32.0886 0916 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
20:27:32.0886 0916 MSTEE - ok
20:27:32.0933 0916 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
20:27:32.0933 0916 Mup - ok
20:27:33.0089 0916 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
20:27:33.0089 0916 NativeWifiP - ok
20:27:33.0245 0916 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.033\NAVENG.SYS
20:27:33.0261 0916 NAVENG - ok
20:27:33.0385 0916 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.033\NAVEX15.SYS
20:27:33.0432 0916 NAVEX15 - ok
20:27:33.0588 0916 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
20:27:33.0604 0916 NDIS - ok
20:27:33.0713 0916 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
20:27:33.0713 0916 NdisTapi - ok
20:27:33.0744 0916 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
20:27:33.0744 0916 Ndisuio - ok
20:27:33.0807 0916 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
20:27:33.0822 0916 NdisWan - ok
20:27:33.0900 0916 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
20:27:33.0900 0916 NDProxy - ok
20:27:33.0947 0916 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
20:27:33.0947 0916 NetBIOS - ok
20:27:34.0009 0916 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
20:27:34.0009 0916 netbt - ok
20:27:34.0087 0916 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
20:27:34.0103 0916 nfrd960 - ok
20:27:34.0150 0916 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
20:27:34.0150 0916 Npfs - ok
20:27:34.0197 0916 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
20:27:34.0197 0916 nsiproxy - ok
20:27:34.0337 0916 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
20:27:34.0368 0916 Ntfs - ok
20:27:34.0415 0916 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
20:27:34.0415 0916 ntrigdigi - ok
20:27:34.0477 0916 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
20:27:34.0477 0916 Null - ok
20:27:34.0540 0916 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
20:27:34.0540 0916 nvraid - ok
20:27:34.0602 0916 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
20:27:34.0602 0916 nvstor - ok
20:27:34.0711 0916 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
20:27:34.0727 0916 nv_agp - ok
20:27:34.0758 0916 NwlnkFlt - ok
20:27:34.0821 0916 NwlnkFwd - ok
20:27:34.0914 0916 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
20:27:34.0930 0916 ohci1394 - ok
20:27:35.0023 0916 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
20:27:35.0023 0916 Parport - ok
20:27:35.0133 0916 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
20:27:35.0133 0916 partmgr - ok
20:27:35.0195 0916 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
20:27:35.0211 0916 Parvdm - ok
20:27:35.0289 0916 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
20:27:35.0304 0916 pci - ok
20:27:35.0398 0916 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
20:27:35.0398 0916 pciide - ok
20:27:35.0460 0916 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
20:27:35.0476 0916 pcmcia - ok
20:27:35.0647 0916 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
20:27:35.0803 0916 PEAUTH - ok
20:27:35.0944 0916 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
20:27:35.0959 0916 PptpMiniport - ok
20:27:36.0006 0916 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
20:27:36.0006 0916 Processor - ok
20:27:36.0162 0916 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
20:27:36.0162 0916 PSched - ok
20:27:36.0256 0916 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
20:27:36.0256 0916 PxHelp20 - ok
20:27:36.0381 0916 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
20:27:36.0427 0916 ql2300 - ok
20:27:36.0599 0916 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
20:27:36.0661 0916 ql40xx - ok
20:27:37.0207 0916 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
20:27:37.0207 0916 QWAVEdrv - ok
20:27:38.0580 0916 R300 (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
20:27:39.0376 0916 R300 - ok
20:27:39.0750 0916 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
20:27:39.0750 0916 RasAcd - ok
20:27:39.0813 0916 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
20:27:39.0828 0916 Rasl2tp - ok
20:27:40.0265 0916 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
20:27:40.0281 0916 RasPppoe - ok
20:27:40.0343 0916 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
20:27:40.0359 0916 RasSstp - ok
20:27:40.0421 0916 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
20:27:40.0437 0916 rdbss - ok
20:27:40.0577 0916 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
20:27:40.0577 0916 RDPCDD - ok
20:27:40.0749 0916 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
20:27:40.0764 0916 rdpdr - ok
20:27:40.0858 0916 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
20:27:40.0858 0916 RDPENCDD - ok
20:27:41.0107 0916 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
20:27:41.0139 0916 RDPWD - ok
20:27:41.0419 0916 rimmptsk (355aac141b214bef1dbc1483afd9bd50) C:\Windows\system32\DRIVERS\rimmptsk.sys
20:27:41.0419 0916 rimmptsk - ok
20:27:41.0466 0916 rimsptsk (a4216c71dd4f60b26418ccfd99cd0815) C:\Windows\system32\DRIVERS\rimsptsk.sys
20:27:41.0466 0916 rimsptsk - ok
20:27:41.0497 0916 rismxdp (d231b577024aa324af13a42f3a807d10) C:\Windows\system32\DRIVERS\rixdptsk.sys
20:27:41.0497 0916 rismxdp - ok
20:27:41.0622 0916 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
20:27:41.0622 0916 rspndr - ok
20:27:41.0887 0916 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
20:27:41.0887 0916 sbp2port - ok
20:27:42.0059 0916 sdbus (8f36b54688c31eed4580129040c6a3d3) C:\Windows\system32\DRIVERS\sdbus.sys
20:27:42.0059 0916 sdbus - ok
20:27:42.0277 0916 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
20:27:42.0277 0916 secdrv - ok
20:27:42.0371 0916 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
20:27:42.0371 0916 Serenum - ok
20:27:42.0449 0916 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
20:27:42.0449 0916 Serial - ok
20:27:42.0605 0916 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
20:27:42.0621 0916 sermouse - ok
20:27:42.0745 0916 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
20:27:42.0745 0916 sffdisk - ok
20:27:42.0839 0916 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
20:27:42.0839 0916 sffp_mmc - ok
20:27:42.0917 0916 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
20:27:42.0917 0916 sffp_sd - ok
20:27:43.0104 0916 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
20:27:43.0104 0916 sfloppy - ok
20:27:43.0245 0916 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
20:27:43.0245 0916 sisagp - ok
20:27:43.0354 0916 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
20:27:43.0354 0916 SiSRaid2 - ok
20:27:43.0432 0916 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
20:27:43.0432 0916 SiSRaid4 - ok
20:27:43.0588 0916 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
20:27:43.0588 0916 Smb - ok
20:27:43.0666 0916 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
20:27:43.0666 0916 spldr - ok
20:27:43.0806 0916 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS
20:27:43.0822 0916 SRTSP - ok
20:27:43.0884 0916 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS
20:27:43.0884 0916 SRTSPX - ok
20:27:43.0993 0916 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
20:27:43.0993 0916 srv - ok
20:27:44.0071 0916 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
20:27:44.0071 0916 srv2 - ok
20:27:44.0103 0916 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
20:27:44.0103 0916 srvnet - ok
20:27:44.0196 0916 STHDA (6a2a5e809c2c0178326d92b19ee4aad3) C:\Windows\system32\drivers\stwrt.sys
20:27:44.0212 0916 STHDA - ok
20:27:44.0290 0916 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
20:27:44.0290 0916 swenum - ok
20:27:44.0383 0916 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
20:27:44.0383 0916 Symc8xx - ok
20:27:44.0555 0916 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS
20:27:44.0571 0916 SymDS - ok
20:27:44.0695 0916 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS
20:27:44.0727 0916 SymEFA - ok
20:27:44.0883 0916 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
20:27:44.0883 0916 SymEvent - ok
20:27:45.0007 0916 SYMFW - ok
20:27:45.0117 0916 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS
20:27:45.0117 0916 SymIRON - ok
20:27:45.0195 0916 SYMNDISV - ok
20:27:45.0257 0916 SYMTDIv (5136f99a60ddbdeb1f6fd1eefc44407f) C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS
20:27:45.0273 0916 SYMTDIv - ok
20:27:45.0335 0916 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
20:27:45.0335 0916 Sym_hi - ok
20:27:45.0429 0916 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
20:27:45.0429 0916 Sym_u3 - ok
20:27:45.0553 0916 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
20:27:45.0585 0916 Tcpip - ok
20:27:45.0694 0916 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
20:27:45.0709 0916 Tcpip6 - ok
20:27:45.0772 0916 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
20:27:45.0787 0916 tcpipreg - ok
20:27:45.0865 0916 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
20:27:45.0865 0916 TDPIPE - ok
20:27:45.0912 0916 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
20:27:45.0912 0916 TDTCP - ok
20:27:45.0975 0916 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
20:27:45.0990 0916 tdx - ok
20:27:46.0068 0916 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
20:27:46.0068 0916 TermDD - ok
20:27:46.0162 0916 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
20:27:46.0162 0916 tssecsrv - ok
20:27:46.0287 0916 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
20:27:46.0287 0916 tunmp - ok
20:27:46.0411 0916 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
20:27:46.0411 0916 tunnel - ok
20:27:46.0505 0916 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
20:27:46.0505 0916 uagp35 - ok
20:27:46.0614 0916 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
20:27:46.0614 0916 udfs - ok
20:27:46.0692 0916 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
20:27:46.0708 0916 uliagpkx - ok
20:27:46.0755 0916 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
20:27:46.0770 0916 uliahci - ok
20:27:46.0833 0916 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
20:27:46.0833 0916 UlSata - ok
20:27:46.0957 0916 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
20:27:46.0973 0916 ulsata2 - ok
20:27:47.0035 0916 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
20:27:47.0035 0916 umbus - ok
20:27:47.0191 0916 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys
20:27:47.0191 0916 USBAAPL - ok
20:27:47.0285 0916 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
20:27:47.0285 0916 usbccgp - ok
20:27:47.0363 0916 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
20:27:47.0363 0916 usbcir - ok
20:27:47.0503 0916 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
20:27:47.0503 0916 usbehci - ok
20:27:47.0535 0916 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
20:27:47.0535 0916 usbhub - ok
20:27:47.0628 0916 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
20:27:47.0628 0916 usbohci - ok
20:27:47.0675 0916 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
20:27:47.0691 0916 usbprint - ok
20:27:47.0784 0916 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
20:27:47.0784 0916 usbscan - ok
20:27:47.0862 0916 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:27:47.0862 0916 USBSTOR - ok
20:27:47.0956 0916 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
20:27:47.0956 0916 usbuhci - ok
20:27:48.0034 0916 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
20:27:48.0049 0916 vga - ok
20:27:48.0143 0916 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
20:27:48.0143 0916 VgaSave - ok
20:27:48.0237 0916 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
20:27:48.0237 0916 viaagp - ok
20:27:48.0315 0916 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
20:27:48.0315 0916 ViaC7 - ok
20:27:48.0393 0916 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
20:27:48.0393 0916 viaide - ok
20:27:48.0502 0916 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
20:27:48.0502 0916 volmgr - ok
20:27:48.0595 0916 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
20:27:48.0595 0916 volmgrx - ok
20:27:48.0705 0916 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
20:27:48.0720 0916 volsnap - ok
20:27:48.0814 0916 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
20:27:48.0829 0916 vsmraid - ok
20:27:48.0907 0916 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
20:27:48.0923 0916 WacomPen - ok
20:27:49.0017 0916 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:49.0032 0916 Wanarp - ok
20:27:49.0032 0916 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
20:27:49.0032 0916 Wanarpv6 - ok
20:27:49.0126 0916 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
20:27:49.0126 0916 Wd - ok
20:27:49.0219 0916 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
20:27:49.0251 0916 Wdf01000 - ok
20:27:49.0375 0916 winachsf (4daca8f07537d4d7e3534bb99294aa26) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
20:27:49.0391 0916 winachsf - ok
20:27:49.0563 0916 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
20:27:49.0563 0916 WmiAcpi - ok
20:27:49.0656 0916 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
20:27:49.0672 0916 WpdUsb - ok
20:27:49.0734 0916 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
20:27:49.0734 0916 ws2ifsl - ok
20:27:49.0859 0916 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
20:27:49.0859 0916 WUDFRd - ok
20:27:49.0921 0916 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
20:27:49.0921 0916 XAudio - ok
20:27:50.0015 0916 yukonwlh (a4822191c7cea271903c2a4fb6d9809d) C:\Windows\system32\DRIVERS\yk60x86.sys
20:27:50.0015 0916 yukonwlh - ok
20:27:50.0093 0916 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
20:27:50.0171 0916 \Device\Harddisk0\DR0 - ok
20:27:50.0187 0916 Boot (0x1200) (1c87bb41b794aa77b498067de1159056) \Device\Harddisk0\DR0\Partition0
20:27:50.0187 0916 \Device\Harddisk0\DR0\Partition0 - ok
20:27:50.0202 0916 Boot (0x1200) (8f2fe67835e80a77034675a7001fcff0) \Device\Harddisk0\DR0\Partition1
20:27:50.0202 0916 \Device\Harddisk0\DR0\Partition1 - ok
20:27:50.0202 0916 ============================================================
20:27:50.0202 0916 Scan finished
20:27:50.0202 0916 ============================================================
20:27:50.0233 4328 Detected object count: 1
20:27:50.0233 4328 Actual detected object count: 1
20:28:12.0853 4328 VerifyFileNameVersionInfo: GetFileVersionInfoSizeW(C:\Windows\system32\drivers\dfsc.sys) error 1813
20:28:13.0805 4328 Backup copy not found, trying to cure infected file..
20:28:13.0836 4328 Cure success, using it..
20:28:13.0930 4328 C:\Windows\system32\Drivers\dfsc.sys - will be cured on reboot
20:28:22.0385 4328 DfsC ( Rootkit.Win32.ZAccess.h ) - User select action: Cure
20:28:34.0288 4764 Deinitialize success

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 09:42 PM

Hello

Ok lets try this, I want you to run combofix in safe mode but it is very important that when combofix reboots the computer for you to direct it back into safe mode so it can finish the scan.

Boot into Safe Mode

Reboot your computer in Safe Mode.
  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

after combofix has finished its scan please post the report back here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 10 January 2012 - 11:17 PM

ok I did it in safe mode and it still is not working. The blue screen says scanning may take several minutes but nothing happens. It's been an hour again. Thanks

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 10 January 2012 - 11:30 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 11 January 2012 - 09:35 AM

OTL logfile created on: 1/11/2012 8:28:49 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Terra\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19170)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.03 Gb Available Physical Memory | 52.01% Memory free
4.21 Gb Paging File | 3.17 Gb Available in Paging File | 75.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 99.48 Gb Total Space | 57.52 Gb Free Space | 57.82% Space Free | Partition Type: NTFS
Drive D: | 9.77 Gb Total Space | 6.20 Gb Free Space | 63.45% Space Free | Partition Type: NTFS

Computer Name: TERRA-PC | User Name: Terra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Terra\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\System32\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe ()
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Dell V305\dldtmsdmon.exe ()
PRC - C:\Program Files\Dell V305\dldtmon.exe ()
PRC - C:\Windows\System32\dldtcoms.exe ( )
PRC - C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Windows\System32\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\DellTPad\hidfind.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApMsgFwd.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\DellTPad\ApntEx.exe (Alps Electric Co., Ltd.)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\fecd1103dd16dc1192402770caf56575\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\311bc26c3ed83409589eb6bae0eeb86e\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\40da9084d0863e07d7ce55953833b8b0\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\c1c06a392871267db27f7cbc40e1c4fb\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1363115565fff5a641243a48f396f107\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\367c4043efc2f32d843cb588b0dc97fc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f9c36ea806e77872dce891c77b68fac3\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b6632a8b2f276a8e31f5b0f6b2006cd1\mscorlib.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Google\Google Toolbar\GoogleToolbarUser.exe ()
MOD - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
MOD - C:\Program Files\Dell V305\dldtmsdmon.exe ()
MOD - C:\Program Files\Dell V305\dldtmon.exe ()
MOD - C:\Program Files\Dell V305\app4r.monitor.core.dll ()
MOD - C:\Program Files\Dell V305\app4r.monitor.common.dll ()
MOD - C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.dll ()
MOD - C:\Program Files\Dell V305\dldtdrs.dll ()
MOD - C:\Program Files\Dell V305\dldtscw.dll ()
MOD - C:\Program Files\Dell V305\dldtcaps.dll ()
MOD - C:\Program Files\Dell V305\dldtmonr.dll ()
MOD - C:\Program Files\Dell V305\DLDTcfg.dll ()
MOD - C:\Windows\System32\bcmwlrmt.dll ()
MOD - C:\Program Files\Dell V305\app4r.devmons.mcmdevmon.autoplayutil.dll ()
MOD - C:\Program Files\Dell V305\dldtcnv4.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\dldtdatr.dll ()
MOD - C:\Windows\System32\spool\drivers\w32x86\3\dldtcats.dll ()


========== Win32 Services (SafeList) ==========

SRV - (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter) -- File not found
SRV - (N360) -- C:\Program Files\Norton 360\Engine\5.1.0.29\ccSvcHst.exe (Symantec Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (dldt_device) -- C:\Windows\System32\dldtcoms.exe ( )
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (STacSV) -- C:\Windows\System32\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Windows\System32\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.033\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs\20120109.033\NAVENG.SYS (Symantec Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\20111223.001\BHDrvx86.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\20120107.001\IDSvix86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\system32\drivers\N360\0501000.01D\SRTSPX.SYS (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\Drivers\N360\0501000.01D\SYMTDIV.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\system32\drivers\N360\0501000.01D\SYMDS.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\system32\drivers\N360\0501000.01D\Ironx86.SYS (Symantec Corporation)
DRV - (IntcHdmiAddService) Intel® -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (e1express) Intel® -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (ApfiltrService) -- C:\Windows\System32\drivers\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (dsiarhwprog) -- C:\Windows\System32\drivers\dsiarhwprog.sys (Thesycon GmbH, Germany)
DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - No CLSID value found
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171


IE - HKU\.DEFAULT\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKU\S-1-5-18\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171



IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=1080620
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.msn.com/ [binary data]
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2504482
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\URLSearchHook: {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - No CLSID value found
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Terra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Terra\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/10/28 02:06:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\ [2011/09/27 21:32:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3 [2012/01/11 08:16:06 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Terra\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.200.2 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U20 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Terra\AppData\Local\Google\Chrome\Application\16.0.912.75\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Terra\AppData\Local\Google\Chrome\Application\16.0.912.75\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Terra\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\
CHR - Extension: Google Search = C:\Users\Terra\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\
CHR - Extension: Gmail = C:\Users\Terra\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

Hosts file not found
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O2 - BHO: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (&Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O4 - HKLM..\Run: [dldtamon] C:\Program Files\Dell V305\dldtamon.exe ()
O4 - HKLM..\Run: [dldtmon.exe] C:\Program Files\Dell V305\dldtmon.exe ()
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - %SystemRoot%\System32\winrnr.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - %SystemRoot%\System32\winrnr.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O15 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FA34926-5C45-4148-826E-982CEF307BEA}: DhcpNameServer = 209.18.47.61 209.18.47.62
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFCE973D-9C96-414C-9B11-057DDF84C60F}: DhcpNameServer = 172.168.1.161
O20 - AppInit_DLLs: (c:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) -c:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O30 - LSA: Authentication Packages - (ows\s) - File not found
O30 - LSA: Security Packages - (2061-905701160-1000) - File not found
O30 - LSA: Security Packages - (脵&) - File not found
O30 - LSA: Security Packages - (烓) - File not found
O30 - LSA: Security Packages - (f) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 15:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/01/11 08:25:31 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Terra\Desktop\OTL.exe
[2012/01/10 23:14:55 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012/01/10 20:26:16 | 001,972,528 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Terra\Desktop\tdsskiller.exe
[2012/01/10 18:20:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/01/10 18:20:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/01/10 18:20:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/01/10 18:20:25 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/01/10 13:52:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/01/07 22:15:18 | 000,000,000 | ---D | C] -- C:\Users\Terra\AppData\Roaming\Walgreens
[2012/01/01 14:12:02 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\Windows\System32\ri637mg.com_
[2011/12/27 16:14:40 | 000,029,184 | ---- | C] (Thesycon GmbH, Germany) -- C:\Windows\System32\drivers\dsiarhwprog.sys
[2011/12/25 19:06:11 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe_
[2011/12/25 19:06:11 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe
[2011/12/14 09:49:57 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2011/12/14 09:49:57 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2011/12/14 09:49:54 | 000,429,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDec.dll
[2011/12/14 09:49:48 | 002,043,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2011/12/14 09:49:37 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2011/12/14 09:49:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2011/12/14 09:48:34 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2011/12/14 09:48:33 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2011/12/14 09:48:30 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2011/12/14 09:48:29 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2011/12/14 09:48:29 | 000,602,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2011/12/14 09:48:29 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2011/12/14 09:48:29 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2011/12/14 09:48:29 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2011/12/14 09:48:29 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2011/12/14 09:48:29 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2011/12/14 09:48:28 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2011/12/14 09:48:28 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2011/12/14 09:48:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2011/12/14 09:48:28 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2011/12/14 09:48:28 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2011/12/14 09:48:28 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2011/12/14 09:48:28 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2011/12/14 09:48:27 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2009/07/21 21:00:10 | 000,438,272 | ---- | C] ( ) -- C:\Windows\System32\DLDThcp.dll
[2009/07/21 21:00:10 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\dldtinpa.dll
[2009/07/21 21:00:09 | 001,105,920 | ---- | C] ( ) -- C:\Windows\System32\dldtserv.dll
[2009/07/21 21:00:09 | 000,843,776 | ---- | C] ( ) -- C:\Windows\System32\dldtusb1.dll
[2009/07/21 21:00:09 | 000,647,168 | ---- | C] ( ) -- C:\Windows\System32\dldtpmui.dll
[2009/07/21 21:00:09 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\dldtiesc.dll
[2009/07/21 21:00:09 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\dldtprox.dll
[2009/07/21 21:00:08 | 000,663,552 | ---- | C] ( ) -- C:\Windows\System32\dldthbn3.dll
[2009/07/21 21:00:08 | 000,569,344 | ---- | C] ( ) -- C:\Windows\System32\dldtlmpm.dll
[2009/07/21 21:00:08 | 000,320,752 | ---- | C] ( ) -- C:\Windows\System32\dldtih.exe
[2009/07/21 21:00:07 | 000,595,184 | ---- | C] ( ) -- C:\Windows\System32\dldtcoms.exe
[2009/07/21 21:00:06 | 000,851,968 | ---- | C] ( ) -- C:\Windows\System32\dldtcomc.dll
[2009/07/21 21:00:06 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\dldtcomm.dll
[2009/07/21 21:00:06 | 000,365,808 | ---- | C] ( ) -- C:\Windows\System32\dldtcfg.exe

========== Files - Modified Within 30 Days ==========

[2012/01/11 08:25:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Terra\Desktop\OTL.exe
[2012/01/11 08:15:23 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/11 08:15:09 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 08:15:08 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/11 08:15:03 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\iMeshNAG.job
[2012/01/11 08:14:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/11 08:14:57 | 2134,986,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/10 21:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At43.job
[2012/01/10 21:02:12 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1136793905-2991362061-905701160-1000UA.job
[2012/01/10 21:00:10 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/10 20:26:16 | 001,972,528 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Terra\Desktop\tdsskiller.exe
[2012/01/10 17:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At35.job
[2012/01/10 16:11:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At33.job
[2012/01/10 15:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At31.job
[2012/01/10 14:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At29.job
[2012/01/10 13:51:07 | 000,001,223 | ---- | M] () -- C:\Users\Terra\Desktop\ComboFix - Shortcut.lnk
[2012/01/10 13:12:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At27.job
[2012/01/10 12:41:13 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At25.job
[2012/01/10 11:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At23.job
[2012/01/10 10:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At21.job
[2012/01/10 09:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At19.job
[2012/01/10 08:55:32 | 000,000,000 | ---- | M] () -- C:\Users\Terra\defogger_reenable
[2012/01/10 08:31:04 | 000,608,644 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/01/10 08:31:04 | 000,106,114 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/01/09 20:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At41.job
[2012/01/09 19:11:59 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At39.job
[2012/01/09 19:02:01 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1136793905-2991362061-905701160-1000Core.job
[2012/01/09 18:56:09 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At37.job
[2012/01/08 14:12:42 | 224,422,174 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/01/08 03:12:02 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At7.job
[2012/01/08 02:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At5.job
[2012/01/08 01:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At3.job
[2012/01/08 00:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At1.job
[2012/01/07 23:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At47.job
[2012/01/07 22:12:00 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At45.job
[2012/01/06 22:08:30 | 000,002,006 | ---- | M] () -- C:\Users\Terra\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/01/06 22:08:21 | 000,002,044 | ---- | M] () -- C:\Users\Terra\Desktop\Google Chrome.lnk
[2012/01/05 08:18:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At17.job
[2012/01/05 08:18:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At15.job
[2012/01/05 08:18:50 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At13.job
[2012/01/05 08:18:49 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At9.job
[2012/01/05 08:18:49 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\At11.job
[2012/01/03 10:17:36 | 000,000,564 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2011/12/25 19:06:10 | 000,000,000 | ---- | M] () -- C:\ProgramData\CO7XIjym.exe.b
[2011/12/24 11:24:21 | 000,000,112 | ---- | M] () -- C:\ProgramData\gBT5M47n.dat
[2011/12/24 11:24:11 | 000,000,000 | ---- | M] () -- C:\Windows\System32\ri637mg.com.b
[2011/12/24 11:24:06 | 000,079,872 | ---- | M] (TWX Corp.) -- C:\Windows\System32\ri637mg.com_
[2011/12/24 11:24:06 | 000,079,872 | ---- | M] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe_
[2011/12/24 11:24:06 | 000,079,872 | ---- | M] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe
[2011/12/19 07:33:19 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
[2011/12/18 22:03:29 | 000,006,144 | ---- | M] () -- C:\Users\Terra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/18 14:36:47 | 000,103,365 | ---- | M] () -- C:\Windows\System32\itusbcore.dat
[2011/12/18 14:36:47 | 000,000,197 | ---- | M] () -- C:\Windows\System32\itlsvc.dat
[2011/12/15 05:42:00 | 000,288,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2012/01/11 08:14:57 | 2134,986,752 | -HS- | C] () -- C:\hiberfil.sys
[2012/01/10 18:20:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/01/10 18:20:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/01/10 18:20:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/01/10 18:20:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/01/10 18:20:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/01/10 13:50:54 | 000,001,223 | ---- | C] () -- C:\Users\Terra\Desktop\ComboFix - Shortcut.lnk
[2012/01/10 08:55:32 | 000,000,000 | ---- | C] () -- C:\Users\Terra\defogger_reenable
[2011/12/25 19:06:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\CO7XIjym.exe.b
[2011/12/24 11:24:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ri637mg.com.b
[2011/12/24 09:26:07 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At47.job
[2011/12/24 09:26:07 | 000,000,112 | ---- | C] () -- C:\ProgramData\gBT5M47n.dat
[2011/12/24 09:26:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At45.job
[2011/12/24 09:26:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At43.job
[2011/12/24 09:26:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At41.job
[2011/12/24 09:26:06 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At39.job
[2011/12/24 09:26:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At37.job
[2011/12/24 09:26:05 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At35.job
[2011/12/24 09:26:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At33.job
[2011/12/24 09:26:04 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At31.job
[2011/12/24 09:26:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At29.job
[2011/12/24 09:26:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At27.job
[2011/12/24 09:26:03 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At25.job
[2011/12/24 09:26:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At23.job
[2011/12/24 09:26:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At21.job
[2011/12/24 09:26:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At19.job
[2011/12/24 09:26:02 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At17.job
[2011/12/24 09:26:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At9.job
[2011/12/24 09:26:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At15.job
[2011/12/24 09:26:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At13.job
[2011/12/24 09:26:01 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At11.job
[2011/12/24 09:26:00 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At7.job
[2011/12/24 09:25:59 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At5.job
[2011/12/24 09:25:58 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At3.job
[2011/12/24 09:25:57 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\At1.job
[2011/12/18 14:36:47 | 000,103,365 | ---- | C] () -- C:\Windows\System32\itusbcore.dat
[2011/12/18 14:36:47 | 000,007,680 | ---- | C] () -- C:\Windows\System\svchost.exe
[2011/12/18 14:36:47 | 000,000,197 | ---- | C] () -- C:\Windows\System32\itlsvc.dat
[2010/02/18 08:44:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/02/18 08:44:36 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/01/09 14:24:24 | 000,003,596 | ---- | C] () -- C:\Users\Terra\AppData\Roaming\wklnhst.dat
[2009/07/22 12:46:10 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2009/07/21 21:04:20 | 000,360,448 | ---- | C] () -- C:\Windows\System32\dldtcoin.dll
[2009/07/21 21:00:26 | 000,102,400 | ---- | C] () -- C:\Windows\System32\dldtwupd.dll
[2009/07/21 21:00:26 | 000,017,648 | ---- | C] () -- C:\Windows\System32\dldtwupd.exe
[2009/07/21 21:00:10 | 000,348,160 | ---- | C] () -- C:\Windows\System32\DLDTinst.dll
[2009/07/21 21:00:09 | 000,520,192 | ---- | C] () -- C:\Windows\System32\dldtutil.dll
[2009/07/21 21:00:08 | 000,180,224 | ---- | C] () -- C:\Windows\System32\dldtinsb.dll
[2009/07/21 21:00:08 | 000,176,128 | ---- | C] () -- C:\Windows\System32\dldtins.dll
[2009/07/21 21:00:08 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dldtjswr.dll
[2009/07/21 21:00:08 | 000,106,496 | ---- | C] () -- C:\Windows\System32\dldtinsr.dll
[2009/07/21 21:00:07 | 000,208,896 | ---- | C] () -- C:\Windows\System32\dldtgrd.dll
[2009/07/21 21:00:07 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dldtcub.dll
[2009/07/21 21:00:07 | 000,077,824 | ---- | C] () -- C:\Windows\System32\dldtcu.dll
[2009/07/21 21:00:07 | 000,036,864 | ---- | C] () -- C:\Windows\System32\dldtcur.dll
[2009/07/21 21:00:06 | 000,077,906 | ---- | C] () -- C:\Windows\System32\DLDTcfg.dll
[2009/04/01 07:42:59 | 000,000,002 | -H-- | C] () -- C:\Windows\t55ft2809f44.dat
[2009/01/25 21:18:38 | 000,006,144 | ---- | C] () -- C:\Users\Terra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/22 15:34:03 | 000,005,972 | ---- | C] () -- C:\Users\Terra\AppData\Local\d3d9caps.dat
[2009/01/12 18:17:39 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2008/06/19 18:44:19 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
[2008/06/19 18:44:19 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
[2008/06/19 18:44:19 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
[2008/06/19 18:44:19 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
[2008/06/19 18:44:19 | 000,004,608 | ---- | C] () -- C:\Windows\System32\HdmiCoin.dll
[2008/06/19 18:44:15 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2008/06/19 16:07:09 | 000,054,784 | ---- | C] () -- C:\Windows\System32\bcmwlrmt.dll
[2008/06/19 16:07:09 | 000,024,064 | ---- | C] () -- C:\Windows\System32\WLTRYSVC.EXE
[2008/02/21 14:41:23 | 000,782,336 | ---- | C] () -- C:\Windows\System32\dldtdrs.dll
[2008/02/19 16:25:56 | 000,081,920 | ---- | C] () -- C:\Windows\System32\dldtcaps.dll
[2008/02/03 17:37:35 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2007/11/13 13:13:09 | 000,069,632 | ---- | C] () -- C:\Windows\System32\dldtcnv4.dll
[2007/04/28 08:41:49 | 000,040,960 | ---- | C] () -- C:\Windows\System32\dldtvs.dll
[2006/11/02 06:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 06:44:53 | 000,288,120 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 04:33:01 | 000,608,644 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 04:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 04:33:01 | 000,106,114 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 04:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 04:25:44 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 04:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 02:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 02:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 01:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 01:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:38 AM

Posted 11 January 2012 - 10:11 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :otl
    IE - HKLM\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - No CLSID value found
    IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\URLSearchHook: {bc04b34e-5dd8-465a-a5e0-86f7c11bc009} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
    O4 - HKLM..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O4 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O30 - LSA: Authentication Packages - (ows\s) - File not found
    O30 - LSA: Security Packages - (2061-905701160-1000) - File not found
    O30 - LSA: Security Packages - (?&) - File not found
    O30 - LSA: Security Packages - (?) - File not found
    O30 - LSA: Security Packages - (f) - File not found
    IE - HKLM\..\URLSearchHook: {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
    IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2504482
    IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\URLSearchHook: {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    IE - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
    O2 - BHO: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    O2 - BHO: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKLM\..\Toolbar: (Play Mario Toolbar) - {61a58fc8-def1-4521-93b2-85c81404839a} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    O3 - HKLM\..\Toolbar: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (Play Mario Toolbar) - {61A58FC8-DEF1-4521-93B2-85C81404839A} - C:\Program Files\Play_Mario\tbPlay.dll (Conduit Ltd.)
    O3 - HKU\S-1-5-21-1136793905-2991362061-905701160-1000\..\Toolbar\WebBrowser: (Ask.com Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
    [2012/01/01 14:12:02 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\Windows\System32\ri637mg.com_
    [2011/12/25 19:06:11 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe_
    [2011/12/25 19:06:11 | 000,079,872 | ---- | C] (TWX Corp.) -- C:\ProgramData\CO7XIjym.exe
    [2011/12/19 07:33:19 | 000,007,680 | ---- | M] () -- C:\Windows\System\svchost.exe
    [2011/12/25 19:06:10 | 000,000,000 | ---- | C] () -- C:\ProgramData\CO7XIjym.exe.b
    [2011/12/24 11:24:11 | 000,000,000 | ---- | C] () -- C:\Windows\System32\ri637mg.com.b
      
    :files
    C:\windows\tasks\At*.job
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Layla Marie

Layla Marie
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:07:38 AM

Posted 11 January 2012 - 10:44 AM

I went on google and searched a few things and was not redirected:) Everything seems to be working fine. Here is the log.

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
Registry value HKEY_USERS\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bc04b34e-5dd8-465a-a5e0-86f7c11bc009}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0BF43445-2F28-4351-9252-17FE6E806AA0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0BF43445-2F28-4351-9252-17FE6E806AA0}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupportCenter deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupportCenter deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\s deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:2061-905701160-1000 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:?& deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:? deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Security Packages:f deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{61a58fc8-def1-4521-93b2-85c81404839a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a58fc8-def1-4521-93b2-85c81404839a}\ deleted successfully.
C:\Program Files\Play_Mario\tbPlay.dll moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1136793905-2991362061-905701160-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\StartPageCache| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{61a58fc8-def1-4521-93b2-85c81404839a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a58fc8-def1-4521-93b2-85c81404839a}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
HKU\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61a58fc8-def1-4521-93b2-85c81404839a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a58fc8-def1-4521-93b2-85c81404839a}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{61a58fc8-def1-4521-93b2-85c81404839a} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61a58fc8-def1-4521-93b2-85c81404839a}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61A58FC8-DEF1-4521-93B2-85C81404839A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A58FC8-DEF1-4521-93B2-85C81404839A}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61A58FC8-DEF1-4521-93B2-85C81404839A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A58FC8-DEF1-4521-93B2-85C81404839A}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
Registry value HKEY_USERS\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{61A58FC8-DEF1-4521-93B2-85C81404839A} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{61A58FC8-DEF1-4521-93B2-85C81404839A}\ not found.
File C:\Program Files\Play_Mario\tbPlay.dll not found.
Registry value HKEY_USERS\S-1-5-21-1136793905-2991362061-905701160-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.
C:\Windows\System32\ri637mg.com_ moved successfully.
C:\ProgramData\CO7XIjym.exe_ moved successfully.
C:\ProgramData\CO7XIjym.exe moved successfully.
C:\Windows\system\svchost.exe moved successfully.
C:\ProgramData\CO7XIjym.exe.b moved successfully.
C:\Windows\System32\ri637mg.com.b moved successfully.
========== FILES ==========
C:\windows\tasks\At1.job moved successfully.
C:\windows\tasks\At11.job moved successfully.
C:\windows\tasks\At13.job moved successfully.
C:\windows\tasks\At15.job moved successfully.
C:\windows\tasks\At17.job moved successfully.
C:\windows\tasks\At19.job moved successfully.
C:\windows\tasks\At21.job moved successfully.
C:\windows\tasks\At23.job moved successfully.
C:\windows\tasks\At25.job moved successfully.
C:\windows\tasks\At27.job moved successfully.
C:\windows\tasks\At29.job moved successfully.
C:\windows\tasks\At3.job moved successfully.
C:\windows\tasks\At31.job moved successfully.
C:\windows\tasks\At33.job moved successfully.
C:\windows\tasks\At35.job moved successfully.
C:\windows\tasks\At37.job moved successfully.
C:\windows\tasks\At39.job moved successfully.
C:\windows\tasks\At41.job moved successfully.
C:\windows\tasks\At43.job moved successfully.
C:\windows\tasks\At45.job moved successfully.
C:\windows\tasks\At47.job moved successfully.
C:\windows\tasks\At5.job moved successfully.
C:\windows\tasks\At7.job moved successfully.
C:\windows\tasks\At9.job moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Terra\Desktop\cmd.bat deleted successfully.
C:\Users\Terra\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: Terra
->Temp folder emptied: 8460870 bytes
->Temporary Internet Files folder emptied: 42104176 bytes
->Java cache emptied: 4555 bytes
->Google Chrome cache emptied: 381452152 bytes
->Flash cache emptied: 6646 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1982944 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 414.00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Public

User: Terra
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Terra
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.31.0 log created on 01112012_092549

Files\Folders moved on Reboot...
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFA19C.tmp not found!
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFA246.tmp not found!
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFA4F4.tmp not found!
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFB23D.tmp not found!
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFB277.tmp not found!
File\Folder C:\Users\Terra\AppData\Local\Temp\~DFC9DE.tmp not found!
C:\Users\Terra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\KRZE9KSV\page__p__2545655__fromsearch__1[1].htm moved successfully.
C:\Users\Terra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users