Jump to content

google redirect


Recommended Posts

I have been fighting with what I believe to be a google redirect virus for a while. I was able to run defogger with no issue. Both DDS and GMER failed. DDS created a report that was unreadable and GMER would unexpectedly stop working. I have enclosed my latest full scan log from mbam (paid version, if it makes a difference) and a log from hijack this if it will be any help. Thanks

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 1:08:22 PM, on 8/16/2011

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

Running processes:

C:\Program Files\iolo\System Mechanic\SystemGuardAlerter.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Windows\RtHDVCpl.exe

C:\hp\support\hpsysdrv.exe

C:\Program Files\Portrait Displays\HP My Display\dthtml.exe

C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Windows\system32\wuauclt.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/avcenter/fix_homepage

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)

O2 - BHO: (no name) - {00EB01F4-27A7-43B8-BCB3-0BC96535BE74} - (no file)

O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll

O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll

O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide

O4 - HKLM\..\Run: [sunJavaUpdateReg] "C:\Windows\system32\jureg.exe" -delete

O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [iolo Startup] "C:\Program Files\iolo\Common\Lib\ioloLManager.exe"

O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe

O4 - HKLM\..\Run: [DT HPW] C:\Program Files\Portrait Displays\HP My Display\DTHtml.exe -startup_folder

O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe

O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe

O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'NETWORK SERVICE')

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL

O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab

O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab

O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - https://frontier.webex.com/client/T26L/support/ieatgpc1.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\system32\atashost.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe

O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iolo System Service (ioloSystemService) - iolo technologies, LLC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe

O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: ShadowExplorer Service (sesvc) - www.shadowexplorer.com - C:\Program Files\ShadowExplorer\sesvc.exe

O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--

End of file - 9535 bytes

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7479

Windows 6.0.6002 Service Pack 2

Internet Explorer 9.0.8112.16421

8/16/2011 2:00:36 PM

mbam-log-2011-08-16 (14-00-36).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 359909

Time elapsed: 1 hour(s), 8 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

:welcome:

Logs will be closed if you haven't replied within 3 days

Please don't attach the scans / logs from these scans, use "copy/paste".

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner»

Double-click ATF-Cleaner.exe to run the program.

Under Main choose: Select All

Click the Empty Selected button.

  • If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.

It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.

Next:

Note: Close all browsers before running ATF Cleaner: IE, FireFox, etc.

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Next:

Note: if the Cure option is not there, please select 'Skip'.

Please read carefully and follow these steps.

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    TDSSKillermain.png
  • If an infected file is detected, the default action will be Cure, click on Continue.
    TDSSKillerMal-1.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
    TDSSKillerSuspicious.png
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    TDSSKillerCompleted.png
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

please post the contents of that log TDSSKiller log.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Thank you for your reply. I performed the actions that you recommended. Firefox appears to be working normally. However, IE is very slow and freezes up. I ran ATF cleaner for IE and Firefox. As I said, it does appear that Firefox is no longer redirecting, I am not sure if the IE problem is related or not. Below is the log from TDSSKiller. Thanks again for you time. I will check back soon for your reply.

2011/08/21 10:16:10.0268 4176 TDSS rootkit removing tool 2.5.16.0 Aug 19 2011 17:48:17

2011/08/21 10:16:12.0280 4176 ================================================================================

2011/08/21 10:16:12.0280 4176 SystemInfo:

2011/08/21 10:16:12.0280 4176

2011/08/21 10:16:12.0280 4176 OS Version: 6.0.6002 ServicePack: 2.0

2011/08/21 10:16:12.0280 4176 Product type: Workstation

2011/08/21 10:16:12.0280 4176 ComputerName: OWNER-PC

2011/08/21 10:16:12.0280 4176 UserName: Owner

2011/08/21 10:16:12.0280 4176 Windows directory: C:\Windows

2011/08/21 10:16:12.0280 4176 System windows directory: C:\Windows

2011/08/21 10:16:12.0280 4176 Processor architecture: Intel x86

2011/08/21 10:16:12.0280 4176 Number of processors: 2

2011/08/21 10:16:12.0280 4176 Page size: 0x1000

2011/08/21 10:16:12.0280 4176 Boot type: Normal boot

2011/08/21 10:16:12.0280 4176 ================================================================================

2011/08/21 10:16:16.0102 4176 Initialize success

2011/08/21 10:16:27.0787 4692 ================================================================================

2011/08/21 10:16:27.0802 4692 Scan started

2011/08/21 10:16:27.0802 4692 Mode: Manual;

2011/08/21 10:16:27.0802 4692 ================================================================================

2011/08/21 10:16:28.0458 4692 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys

2011/08/21 10:16:28.0504 4692 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys

2011/08/21 10:16:28.0582 4692 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys

2011/08/21 10:16:28.0629 4692 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys

2011/08/21 10:16:28.0676 4692 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys

2011/08/21 10:16:28.0738 4692 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys

2011/08/21 10:16:28.0816 4692 AFS (be913403ed7219894b30e362fd8d4313) C:\Windows\system32\drivers\AFS.sys

2011/08/21 10:16:28.0863 4692 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys

2011/08/21 10:16:28.0910 4692 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys

2011/08/21 10:16:28.0957 4692 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys

2011/08/21 10:16:28.0988 4692 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys

2011/08/21 10:16:29.0019 4692 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys

2011/08/21 10:16:29.0066 4692 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys

2011/08/21 10:16:29.0113 4692 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys

2011/08/21 10:16:29.0175 4692 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys

2011/08/21 10:16:29.0222 4692 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys

2011/08/21 10:16:29.0269 4692 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys

2011/08/21 10:16:29.0331 4692 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys

2011/08/21 10:16:29.0409 4692 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys

2011/08/21 10:16:29.0581 4692 BHDrvx86 (f7ff24bb7714247f27b615b3a7d8b132) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys

2011/08/21 10:16:29.0737 4692 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys

2011/08/21 10:16:29.0752 4692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys

2011/08/21 10:16:29.0784 4692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys

2011/08/21 10:16:29.0830 4692 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys

2011/08/21 10:16:29.0877 4692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys

2011/08/21 10:16:29.0908 4692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys

2011/08/21 10:16:29.0955 4692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys

2011/08/21 10:16:29.0986 4692 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys

2011/08/21 10:16:30.0049 4692 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\Windows\system32\drivers\N360\0403000.005\ccHPx86.sys

2011/08/21 10:16:30.0142 4692 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys

2011/08/21 10:16:30.0189 4692 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys

2011/08/21 10:16:30.0220 4692 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys

2011/08/21 10:16:30.0267 4692 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys

2011/08/21 10:16:30.0298 4692 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys

2011/08/21 10:16:30.0330 4692 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys

2011/08/21 10:16:30.0361 4692 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys

2011/08/21 10:16:30.0392 4692 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys

2011/08/21 10:16:30.0454 4692 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys

2011/08/21 10:16:30.0501 4692 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys

2011/08/21 10:16:30.0579 4692 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys

2011/08/21 10:16:30.0610 4692 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys

2011/08/21 10:16:30.0642 4692 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys

2011/08/21 10:16:30.0673 4692 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys

2011/08/21 10:16:30.0751 4692 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys

2011/08/21 10:16:30.0798 4692 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys

2011/08/21 10:16:30.0844 4692 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys

2011/08/21 10:16:30.0938 4692 eeCtrl (8f7dbc4be48f5388a6fe1f285e7948ef) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/08/21 10:16:31.0016 4692 ElRawDisk (9c64c2a950195f9bc3a09a499648b01c) C:\Windows\system32\drivers\ElRawDsk.sys

2011/08/21 10:16:31.0063 4692 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys

2011/08/21 10:16:31.0156 4692 EraserUtilRebootDrv (3ee14d400e0fdd0d214275a4a20b7022) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/08/21 10:16:31.0234 4692 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys

2011/08/21 10:16:31.0312 4692 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys

2011/08/21 10:16:31.0375 4692 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys

2011/08/21 10:16:31.0453 4692 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys

2011/08/21 10:16:31.0484 4692 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys

2011/08/21 10:16:31.0515 4692 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys

2011/08/21 10:16:31.0578 4692 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys

2011/08/21 10:16:31.0640 4692 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\Windows\system32\FsUsbExDisk.SYS

2011/08/21 10:16:31.0671 4692 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys

2011/08/21 10:16:31.0702 4692 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys

2011/08/21 10:16:31.0749 4692 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys

2011/08/21 10:16:31.0827 4692 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys

2011/08/21 10:16:31.0905 4692 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys

2011/08/21 10:16:31.0952 4692 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys

2011/08/21 10:16:31.0999 4692 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys

2011/08/21 10:16:32.0030 4692 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys

2011/08/21 10:16:32.0092 4692 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys

2011/08/21 10:16:32.0170 4692 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys

2011/08/21 10:16:32.0217 4692 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys

2011/08/21 10:16:32.0311 4692 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys

2011/08/21 10:16:32.0358 4692 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys

2011/08/21 10:16:32.0420 4692 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys

2011/08/21 10:16:32.0498 4692 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys

2011/08/21 10:16:32.0670 4692 IDSVix86 (c15fcea5c150314489698b2571a5190d) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110819.030\IDSvix86.sys

2011/08/21 10:16:32.0748 4692 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys

2011/08/21 10:16:32.0919 4692 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys

2011/08/21 10:16:33.0044 4692 intelide (97469037714070e45194ed318d636401) C:\Windows\system32\drivers\intelide.sys

2011/08/21 10:16:33.0106 4692 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys

2011/08/21 10:16:33.0184 4692 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys

2011/08/21 10:16:33.0278 4692 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys

2011/08/21 10:16:33.0325 4692 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys

2011/08/21 10:16:33.0387 4692 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys

2011/08/21 10:16:33.0418 4692 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys

2011/08/21 10:16:33.0465 4692 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys

2011/08/21 10:16:33.0496 4692 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys

2011/08/21 10:16:33.0528 4692 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys

2011/08/21 10:16:33.0559 4692 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys

2011/08/21 10:16:33.0590 4692 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys

2011/08/21 10:16:33.0652 4692 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys

2011/08/21 10:16:33.0730 4692 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys

2011/08/21 10:16:33.0777 4692 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys

2011/08/21 10:16:33.0808 4692 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys

2011/08/21 10:16:33.0840 4692 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys

2011/08/21 10:16:33.0886 4692 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys

2011/08/21 10:16:33.0902 4692 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys

2011/08/21 10:16:33.0964 4692 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys

2011/08/21 10:16:33.0996 4692 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys

2011/08/21 10:16:34.0042 4692 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys

2011/08/21 10:16:34.0167 4692 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys

2011/08/21 10:16:34.0214 4692 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys

2011/08/21 10:16:34.0308 4692 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys

2011/08/21 10:16:34.0432 4692 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys

2011/08/21 10:16:34.0510 4692 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys

2011/08/21 10:16:34.0573 4692 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys

2011/08/21 10:16:34.0620 4692 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys

2011/08/21 10:16:34.0666 4692 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys

2011/08/21 10:16:34.0760 4692 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys

2011/08/21 10:16:34.0822 4692 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys

2011/08/21 10:16:34.0854 4692 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

2011/08/21 10:16:34.0885 4692 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys

2011/08/21 10:16:34.0916 4692 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys

2011/08/21 10:16:34.0978 4692 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys

2011/08/21 10:16:35.0041 4692 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys

2011/08/21 10:16:35.0103 4692 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys

2011/08/21 10:16:35.0150 4692 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys

2011/08/21 10:16:35.0197 4692 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys

2011/08/21 10:16:35.0259 4692 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys

2011/08/21 10:16:35.0306 4692 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys

2011/08/21 10:16:35.0337 4692 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys

2011/08/21 10:16:35.0353 4692 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys

2011/08/21 10:16:35.0415 4692 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys

2011/08/21 10:16:35.0556 4692 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110820.005\NAVENG.SYS

2011/08/21 10:16:35.0649 4692 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20110820.005\NAVEX15.SYS

2011/08/21 10:16:35.0727 4692 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys

2011/08/21 10:16:35.0805 4692 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys

2011/08/21 10:16:35.0836 4692 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys

2011/08/21 10:16:35.0883 4692 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys

2011/08/21 10:16:35.0946 4692 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys

2011/08/21 10:16:36.0070 4692 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys

2011/08/21 10:16:36.0133 4692 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys

2011/08/21 10:16:36.0242 4692 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys

2011/08/21 10:16:36.0273 4692 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys

2011/08/21 10:16:36.0336 4692 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys

2011/08/21 10:16:36.0429 4692 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys

2011/08/21 10:16:36.0492 4692 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys

2011/08/21 10:16:36.0538 4692 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys

2011/08/21 10:16:36.0616 4692 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys

2011/08/21 10:16:36.0913 4692 nvlddmkm (fbba09782f2fac5a57619df378ba9372) C:\Windows\system32\DRIVERS\nvlddmkm.sys

2011/08/21 10:16:37.0147 4692 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys

2011/08/21 10:16:37.0194 4692 nvsmu (be9039422a5ce976c03c5e2cf20106be) C:\Windows\system32\DRIVERS\nvsmu.sys

2011/08/21 10:16:37.0240 4692 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys

2011/08/21 10:16:37.0287 4692 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys

2011/08/21 10:16:37.0396 4692 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys

2011/08/21 10:16:37.0459 4692 PalmUSBD (dc450992eba6f914080c1f7fbeeed72c) C:\Windows\system32\drivers\PalmUSBD.sys

2011/08/21 10:16:37.0490 4692 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys

2011/08/21 10:16:37.0568 4692 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys

2011/08/21 10:16:37.0599 4692 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys

2011/08/21 10:16:37.0630 4692 pccsmcfd (175cc28dcf819f78caa3fbd44ad9e52a) C:\Windows\system32\DRIVERS\pccsmcfd.sys

2011/08/21 10:16:37.0708 4692 PCD5SRVC{BD6912E3-AC9D80E8-05040000} (0aad6f0a129ddf453b2f99ee0a495923) C:\PROGRA~1\PC-DOC~1\PCD5SRVC.pkms

2011/08/21 10:16:37.0786 4692 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys

2011/08/21 10:16:37.0818 4692 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys

2011/08/21 10:16:37.0849 4692 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys

2011/08/21 10:16:37.0896 4692 PdiPorts (18ed1d71fef6f71d38c24263500bbd01) C:\Windows\system32\Drivers\PdiPorts.sys

2011/08/21 10:16:37.0942 4692 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys

2011/08/21 10:16:38.0114 4692 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys

2011/08/21 10:16:38.0161 4692 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys

2011/08/21 10:16:38.0208 4692 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys

2011/08/21 10:16:38.0270 4692 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys

2011/08/21 10:16:38.0317 4692 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys

2011/08/21 10:16:38.0348 4692 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys

2011/08/21 10:16:38.0410 4692 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys

2011/08/21 10:16:38.0457 4692 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys

2011/08/21 10:16:38.0504 4692 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys

2011/08/21 10:16:38.0566 4692 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys

2011/08/21 10:16:38.0629 4692 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys

2011/08/21 10:16:38.0676 4692 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys

2011/08/21 10:16:38.0722 4692 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys

2011/08/21 10:16:38.0754 4692 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys

2011/08/21 10:16:38.0800 4692 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys

2011/08/21 10:16:38.0878 4692 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys

2011/08/21 10:16:38.0956 4692 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys

2011/08/21 10:16:39.0034 4692 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys

2011/08/21 10:16:39.0112 4692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

2011/08/21 10:16:39.0159 4692 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys

2011/08/21 10:16:39.0206 4692 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys

2011/08/21 10:16:39.0253 4692 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys

2011/08/21 10:16:39.0424 4692 sffdisk (51cf56aa8bcc241f134b420b8f850406) C:\Windows\system32\drivers\sffdisk.sys

2011/08/21 10:16:39.0456 4692 sffp_mmc (96ded8b20c734ac41641ce275250e55d) C:\Windows\system32\drivers\sffp_mmc.sys

2011/08/21 10:16:39.0502 4692 sffp_sd (8b08cab1267b2c377883fc9e56981f90) C:\Windows\system32\drivers\sffp_sd.sys

2011/08/21 10:16:39.0518 4692 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys

2011/08/21 10:16:39.0565 4692 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys

2011/08/21 10:16:39.0612 4692 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys

2011/08/21 10:16:39.0627 4692 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys

2011/08/21 10:16:39.0674 4692 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys

2011/08/21 10:16:39.0736 4692 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys

2011/08/21 10:16:39.0846 4692 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\Windows\System32\Drivers\N360\0403000.005\SRTSP.SYS

2011/08/21 10:16:39.0908 4692 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\Windows\system32\drivers\N360\0403000.005\SRTSPX.SYS

2011/08/21 10:16:39.0970 4692 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys

2011/08/21 10:16:40.0017 4692 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys

2011/08/21 10:16:40.0064 4692 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys

2011/08/21 10:16:40.0111 4692 sscdbus (d6870895fe46a464a19141440eb6cc1e) C:\Windows\system32\DRIVERS\sscdbus.sys

2011/08/21 10:16:40.0158 4692 sscdmdfl (0fe167362e4689b716cdc8d93adedda8) C:\Windows\system32\DRIVERS\sscdmdfl.sys

2011/08/21 10:16:40.0204 4692 sscdmdm (55a15707e32b6709242ad127e62ca55a) C:\Windows\system32\DRIVERS\sscdmdm.sys

2011/08/21 10:16:40.0282 4692 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys

2011/08/21 10:16:40.0345 4692 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys

2011/08/21 10:16:40.0376 4692 SymDS (56890bf9d9204b93042089d4b45ae671) C:\Windows\system32\drivers\N360\0403000.005\SYMDS.SYS

2011/08/21 10:16:40.0423 4692 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\Windows\system32\drivers\N360\0403000.005\SYMEFA.SYS

2011/08/21 10:16:40.0470 4692 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\Windows\system32\Drivers\SYMEVENT.SYS

2011/08/21 10:16:40.0516 4692 SymIM (b5eb73a7f72dafc6da693d1a802a057e) C:\Windows\system32\DRIVERS\SymIMv.sys

2011/08/21 10:16:40.0563 4692 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\Windows\system32\drivers\N360\0403000.005\Ironx86.SYS

2011/08/21 10:16:40.0610 4692 SYMTDIv (bf610335eda8d9026e45b4ac73d0de58) C:\Windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS

2011/08/21 10:16:40.0641 4692 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys

2011/08/21 10:16:40.0672 4692 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys

2011/08/21 10:16:40.0797 4692 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys

2011/08/21 10:16:40.0844 4692 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys

2011/08/21 10:16:40.0875 4692 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys

2011/08/21 10:16:40.0922 4692 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys

2011/08/21 10:16:40.0953 4692 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys

2011/08/21 10:16:41.0000 4692 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys

2011/08/21 10:16:41.0047 4692 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys

2011/08/21 10:16:41.0172 4692 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys

2011/08/21 10:16:41.0203 4692 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys

2011/08/21 10:16:41.0234 4692 tunnel (119b8184e106baedc83fce5ddf3950da) C:\Windows\system32\DRIVERS\tunnel.sys

2011/08/21 10:16:41.0281 4692 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys

2011/08/21 10:16:41.0343 4692 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys

2011/08/21 10:16:41.0406 4692 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys

2011/08/21 10:16:41.0437 4692 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys

2011/08/21 10:16:41.0468 4692 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys

2011/08/21 10:16:41.0515 4692 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys

2011/08/21 10:16:41.0546 4692 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys

2011/08/21 10:16:41.0608 4692 USBAAPL (5c2bdc152bbab34f36473deaf7713f22) C:\Windows\system32\Drivers\usbaapl.sys

2011/08/21 10:16:41.0655 4692 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys

2011/08/21 10:16:41.0702 4692 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys

2011/08/21 10:16:41.0764 4692 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys

2011/08/21 10:16:41.0796 4692 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys

2011/08/21 10:16:41.0842 4692 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys

2011/08/21 10:16:41.0874 4692 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys

2011/08/21 10:16:41.0920 4692 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys

2011/08/21 10:16:41.0967 4692 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS

2011/08/21 10:16:41.0983 4692 usbuhci (325dbbacb8a36af9988ccf40eac228cc) C:\Windows\system32\DRIVERS\usbuhci.sys

2011/08/21 10:16:42.0045 4692 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys

2011/08/21 10:16:42.0076 4692 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys

2011/08/21 10:16:42.0139 4692 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys

2011/08/21 10:16:42.0154 4692 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys

2011/08/21 10:16:42.0186 4692 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys

2011/08/21 10:16:42.0232 4692 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys

2011/08/21 10:16:42.0279 4692 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys

2011/08/21 10:16:42.0326 4692 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys

2011/08/21 10:16:42.0357 4692 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys

2011/08/21 10:16:42.0404 4692 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys

2011/08/21 10:16:42.0451 4692 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/21 10:16:42.0482 4692 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys

2011/08/21 10:16:42.0529 4692 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys

2011/08/21 10:16:42.0591 4692 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys

2011/08/21 10:16:42.0700 4692 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys

2011/08/21 10:16:42.0810 4692 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys

2011/08/21 10:16:42.0888 4692 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys

2011/08/21 10:16:42.0919 4692 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys

2011/08/21 10:16:42.0997 4692 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys

2011/08/21 10:16:43.0059 4692 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys

2011/08/21 10:16:43.0137 4692 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0

2011/08/21 10:16:43.0340 4692 Boot (0x1200) (2a3af46a012eb94e56369f93b8985048) \Device\Harddisk0\DR0\Partition0

2011/08/21 10:16:43.0356 4692 Boot (0x1200) (8ba489fee81e68a9c1e15839bcbb90cb) \Device\Harddisk0\DR0\Partition1

2011/08/21 10:16:43.0371 4692 ================================================================================

2011/08/21 10:16:43.0371 4692 Scan finished

2011/08/21 10:16:43.0371 4692 ================================================================================

2011/08/21 10:16:43.0387 5512 Detected object count: 0

2011/08/21 10:16:43.0387 5512 Actual detected object count: 0

2011/08/21 10:17:28.0611 5452 Deinitialize success

Link to post
Share on other sites

We can see if combofix finds anything.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Firefox is still working great. No redirect problems to speak of. IE still won't even load google. Here is the log from CF.

ComboFix 11-08-21.01 - Owner 08/21/2011 14:40:07.1.2 - x86

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{29e3b268-bc6b-4c55-95b4-66189d1d07ba}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{29e3b268-bc6b-4c55-95b4-66189d1d07ba}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{29e3b268-bc6b-4c55-95b4-66189d1d07ba}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{29e3b268-bc6b-4c55-95b4-66189d1d07ba}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{29e3b268-bc6b-4c55-95b4-66189d1d07ba}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{531417ad-e9e5-421d-815c-fd5b5945da33}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{531417ad-e9e5-421d-815c-fd5b5945da33}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{531417ad-e9e5-421d-815c-fd5b5945da33}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{531417ad-e9e5-421d-815c-fd5b5945da33}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{531417ad-e9e5-421d-815c-fd5b5945da33}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{67049f1f-f129-4dec-91ae-b48b52d7fc29}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{67049f1f-f129-4dec-91ae-b48b52d7fc29}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{67049f1f-f129-4dec-91ae-b48b52d7fc29}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{67049f1f-f129-4dec-91ae-b48b52d7fc29}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{67049f1f-f129-4dec-91ae-b48b52d7fc29}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{7c085720-6cb0-4b8a-b201-6f74379e1465}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{7c085720-6cb0-4b8a-b201-6f74379e1465}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{7c085720-6cb0-4b8a-b201-6f74379e1465}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{7c085720-6cb0-4b8a-b201-6f74379e1465}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{7c085720-6cb0-4b8a-b201-6f74379e1465}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{963a9597-25f4-4578-bc4c-7734cf65704e}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{963a9597-25f4-4578-bc4c-7734cf65704e}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{963a9597-25f4-4578-bc4c-7734cf65704e}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{963a9597-25f4-4578-bc4c-7734cf65704e}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{963a9597-25f4-4578-bc4c-7734cf65704e}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{98748a10-6053-4fac-99fe-4ad5827699cc}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{98748a10-6053-4fac-99fe-4ad5827699cc}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{98748a10-6053-4fac-99fe-4ad5827699cc}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{98748a10-6053-4fac-99fe-4ad5827699cc}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{98748a10-6053-4fac-99fe-4ad5827699cc}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{9924a740-7495-45df-83d1-e5eade89b03e}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{9924a740-7495-45df-83d1-e5eade89b03e}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{9924a740-7495-45df-83d1-e5eade89b03e}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{9924a740-7495-45df-83d1-e5eade89b03e}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{9924a740-7495-45df-83d1-e5eade89b03e}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ae7b8393-4249-45dc-ba57-b498db0b89d9}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ae7b8393-4249-45dc-ba57-b498db0b89d9}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ae7b8393-4249-45dc-ba57-b498db0b89d9}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ae7b8393-4249-45dc-ba57-b498db0b89d9}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ae7b8393-4249-45dc-ba57-b498db0b89d9}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{d2fd8867-245d-4ae5-8592-f40961eaba6f}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{d2fd8867-245d-4ae5-8592-f40961eaba6f}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{d2fd8867-245d-4ae5-8592-f40961eaba6f}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{d2fd8867-245d-4ae5-8592-f40961eaba6f}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{d2fd8867-245d-4ae5-8592-f40961eaba6f}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{e8ec7ffa-8f4e-4300-9424-a04df2fd2e56}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{e8ec7ffa-8f4e-4300-9424-a04df2fd2e56}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{e8ec7ffa-8f4e-4300-9424-a04df2fd2e56}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{e8ec7ffa-8f4e-4300-9424-a04df2fd2e56}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{e8ec7ffa-8f4e-4300-9424-a04df2fd2e56}\install.rdf

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ea27d7b6-88ff-4cff-ab4a-0956e5b403c8}

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ea27d7b6-88ff-4cff-ab4a-0956e5b403c8}\chrome.manifest

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ea27d7b6-88ff-4cff-ab4a-0956e5b403c8}\chrome\xulcache.jar

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ea27d7b6-88ff-4cff-ab4a-0956e5b403c8}\defaults\preferences\xulcache.js

c:\users\Samantha\AppData\Roaming\Mozilla\Firefox\Profiles\x3fgqqqy.default\extensions\{ea27d7b6-88ff-4cff-ab4a-0956e5b403c8}\install.rdf

c:\windows\100%_Free_Euchre_Toolbar_Uninstaller_4267.exe

c:\windows\iun6002.exe

c:\windows\system32\AutoRun.inf

.

.

((((((((((((((((((((((((( Files Created from 2011-07-21 to 2011-08-21 )))))))))))))))))))))))))))))))

.

.

2011-08-21 18:50 . 2011-08-21 18:50 -------- d-----w- c:\users\Samantha\AppData\Local\temp

2011-08-21 18:50 . 2011-08-21 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-21 14:22 . 2011-08-21 14:22 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer

2011-08-16 17:04 . 2011-08-16 17:04 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-16 17:04 . 2011-08-16 17:04 -------- d-----w- c:\program files\Trend Micro

2011-08-08 19:23 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-08-08 19:23 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-08-08 19:23 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-08-03 18:29 . 2011-08-03 18:29 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft_Corporation

2011-08-03 18:14 . 2011-08-03 18:14 -------- d-----w- c:\program files\Windows Portable Devices

2011-08-03 16:32 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2011-08-03 16:32 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2011-08-03 16:32 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-08-03 16:31 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-08-03 16:30 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-08-03 16:30 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-08-03 16:30 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-08-03 16:30 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-08-03 16:30 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-08-03 16:30 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-08-03 16:28 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-03 16:28 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2011-08-03 16:28 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-03 15:57 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-08-03 15:57 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-08-03 15:57 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-08-03 15:57 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-08-03 15:57 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-08-03 15:51 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2011-08-03 15:37 . 2011-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\ApplicationHistory

2011-08-03 15:34 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-08-03 15:34 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2011-08-03 15:34 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2011-08-03 15:15 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-08-03 15:15 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

2011-08-03 15:13 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2011-08-03 15:13 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-08-03 14:37 . 2011-08-03 14:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-08-03 14:35 . 2009-09-08 14:40 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2011-08-03 14:29 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-03 14:27 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-03 14:26 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-03 14:26 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-08-03 14:26 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-03 14:26 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-03 14:26 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll

2011-08-03 14:26 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-03 14:26 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-03 14:25 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-08-03 14:25 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-08-03 14:25 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-03 14:25 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-08-03 14:25 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2011-08-03 14:25 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2011-08-03 14:25 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-03 14:25 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-08-03 14:25 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2011-08-03 14:25 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

2011-08-03 14:24 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2011-08-03 14:24 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-03 14:24 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-08-03 14:24 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-08-03 14:24 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-08-03 14:24 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-08-03 14:24 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-08-03 14:24 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-08-03 14:23 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-08-03 14:23 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-08-03 14:22 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-03 14:22 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-08-03 14:22 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-08-03 14:22 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-08-03 14:22 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-03 14:22 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-08-03 14:22 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2011-08-03 14:22 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll

2011-08-03 14:21 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2011-08-03 14:21 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-03 14:21 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-08-03 14:21 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-03 14:21 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-08-03 14:21 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2011-08-03 14:21 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-08-03 14:21 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-08-03 14:21 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-08-03 14:18 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-08-03 13:59 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-07-29 19:21 . 2011-07-29 19:21 -------- d-----w- c:\users\Owner\AppData\Local\Immunet

2011-07-29 19:15 . 2011-07-29 19:15 -------- d-----w- c:\program files\AVAST Software

2011-07-24 19:10 . 2011-07-24 19:10 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-07-24 19:10 . 2011-07-24 19:10 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-07-24 16:14 . 2011-07-25 20:12 -------- d-----w- c:\program files\ParetoLogic

2011-07-23 15:48 . 2011-07-23 15:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2011-07-23 15:48 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-23 15:48 . 2011-07-23 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-23 15:48 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-07-23 14:39 . 2011-07-23 14:39 -------- d-----w- c:\users\Owner\AppData\Roaming\Microsoft Games

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 18:24 . 2011-05-19 17:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 19:01 . 2008-10-11 01:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01 . 2008-10-11 01:16 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-08-08 18:18 . 2011-06-15 22:56 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-07-08 07:16 . 2011-07-23 15:05 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-04-01 02:47 . 2009-01-21 23:05 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-08-21 55072]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]

R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 nenum13E;nenum13E;c:\users\Owner\AppData\Local\Temp\nenum13E.sys [x]

R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]

R3 TAPBIND;TAPBIND;e:\release\TAPBIND1.SYS [x]

S0 AFS;AFS; [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 20392]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110819.030\IDSvix86.sys [2011-08-02 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-06-07 43904]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-02-19 233472]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-02-11 300400]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2011-01-03 9216]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-19 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

.

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - ioloSGuardDriver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:26]

.

2011-08-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:26]

.

2010-10-19 c:\windows\Tasks\HPCeeScheduleForSamantha.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-11 23:34]

.

2011-08-21 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vucd2uga.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

- - - - ORPHANS REMOVED - - - -

.

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

AddRemove-smARTupdate - c:\windows\iun6002.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-21 14:50

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2570302985-1980279383-1430084365-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&12345678&00&10\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&12345678&00&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Device Parameters\MODES]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0191\4&185a6dd6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0191\4&185a6dd6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

Completion time: 2011-08-21 14:54:17

ComboFix-quarantined-files.txt 2011-08-21 18:54

.

Pre-Run: 357,190,496,256 bytes free

Post-Run: 357,098,176,512 bytes free

.

- - End Of File - - 229873974861737AC7B374ACEA0DFBA5

Link to post
Share on other sites

Copy/paste the text in the Codebox below into notepad:

Here's how to do that:

Click Start > Run type Notepad click OK.

This will open an empty notepad file:

Take your mouse, and place your cursor at the beginning of the text in the box below, then click and hold the left mouse button, while pulling your mouse over the text. This should highlight the text. Now release the left mouse button. Now, with the cursor over the highlighted text, right click the mouse for options, and select 'copy'. Now over the empty Notepad box, right click your mouse again, and select 'paste' and you will have copied and pasted the text.

KillAll::

DDS::
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;

2.Click Save As... Change the directory to your desktop;

3.Change the Save as type to "All Files";

4.Type in the file name: CFScript

5.Click Save ...

CFScriptB-4.gif

Drag CFScript.txt into ComboFix.exe

Then post the results log using Copy / Paste

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Everything is still good except for IE, it tries to load and within 5 seconds the program is not responding. If I removed IE and then reinstalled would it make a difference? Here is the new log from CF.

ComboFix 11-08-22.03 - Owner 08/22/2011 11:16:14.2.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1916.975 [GMT -4:00]

Running from: c:\users\Owner\Desktop\ComboFix.exe

AV: Norton 360 *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

FW: Norton 360 *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}

SP: Norton 360 *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((( Files Created from 2011-07-22 to 2011-08-22 )))))))))))))))))))))))))))))))

.

.

2011-08-22 15:25 . 2011-08-22 15:25 -------- d-----w- c:\users\Samantha\AppData\Local\temp

2011-08-22 15:25 . 2011-08-22 15:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-21 14:22 . 2011-08-21 14:22 -------- d-----w- c:\users\Owner\AppData\Local\Apple Computer

2011-08-16 17:04 . 2011-08-16 17:04 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2011-08-16 17:04 . 2011-08-16 17:04 -------- d-----w- c:\program files\Trend Micro

2011-08-08 19:23 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll

2011-08-08 19:23 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll

2011-08-08 19:23 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll

2011-08-03 18:29 . 2011-08-03 18:29 -------- d-----w- c:\users\Owner\AppData\Local\Microsoft_Corporation

2011-08-03 18:14 . 2011-08-03 18:14 -------- d-----w- c:\program files\Windows Portable Devices

2011-08-03 16:32 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll

2011-08-03 16:32 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll

2011-08-03 16:32 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll

2011-08-03 16:31 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll

2011-08-03 16:30 . 2009-09-25 02:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll

2011-08-03 16:30 . 2009-09-25 02:07 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2011-08-03 16:30 . 2009-09-25 02:04 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll

2011-08-03 16:30 . 2009-09-25 01:33 195584 ----a-w- c:\windows\system32\dxdiagn.dll

2011-08-03 16:30 . 2009-09-25 01:32 252928 ----a-w- c:\windows\system32\dxdiag.exe

2011-08-03 16:30 . 2009-09-25 01:31 519680 ----a-w- c:\windows\system32\d3d11.dll

2011-08-03 16:28 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll

2011-08-03 16:28 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll

2011-08-03 16:28 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll

2011-08-03 15:57 . 2009-11-08 14:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-08-03 15:57 . 2009-11-08 14:55 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-08-03 15:57 . 2009-11-08 14:55 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-08-03 15:57 . 2009-11-08 14:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-08-03 15:57 . 2009-11-08 14:55 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-08-03 15:51 . 2010-05-06 04:01 44080 ----a-r- c:\windows\system32\drivers\SymIMV.sys

2011-08-03 15:37 . 2011-08-08 19:27 -------- d-----w- c:\users\Owner\AppData\Local\ApplicationHistory

2011-08-03 15:34 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll

2011-08-03 15:34 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll

2011-08-03 15:34 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys

2011-08-03 15:15 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll

2011-08-03 15:15 . 2010-05-04 19:13 231424 ----a-w- c:\windows\system32\msshsq.dll

2011-08-03 15:13 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe

2011-08-03 15:13 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL

2011-08-03 14:37 . 2011-08-03 14:37 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help

2011-08-03 14:35 . 2009-09-08 14:40 20392 ----a-w- c:\windows\system32\drivers\ElRawDsk.sys

2011-08-03 14:29 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys

2011-08-03 14:27 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat

2011-08-03 14:26 . 2010-10-15 14:08 3602320 ----a-w- c:\windows\system32\ntkrnlpa.exe

2011-08-03 14:26 . 2010-10-15 13:48 1205080 ----a-w- c:\windows\system32\ntdll.dll

2011-08-03 14:26 . 2010-10-15 14:08 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe

2011-08-03 14:26 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll

2011-08-03 14:26 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll

2011-08-03 14:26 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll

2011-08-03 14:26 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe

2011-08-03 14:25 . 2010-12-29 18:28 322560 ----a-w- c:\windows\system32\sbe.dll

2011-08-03 14:25 . 2010-12-29 18:28 429056 ----a-w- c:\windows\system32\EncDec.dll

2011-08-03 14:25 . 2010-12-29 18:26 177664 ----a-w- c:\windows\system32\mpg2splt.ax

2011-08-03 14:25 . 2010-12-29 18:28 153088 ----a-w- c:\windows\system32\sbeio.dll

2011-08-03 14:25 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll

2011-08-03 14:25 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll

2011-08-03 14:25 . 2010-06-16 16:04 905088 ----a-w- c:\windows\system32\drivers\tcpip.sys

2011-08-03 14:25 . 2009-12-08 17:26 30720 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2011-08-03 14:25 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

2011-08-03 14:25 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll

2011-08-03 14:24 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll

2011-08-03 14:24 . 2010-10-28 13:20 2048 ----a-w- c:\windows\system32\tzres.dll

2011-08-03 14:24 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll

2011-08-03 14:24 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll

2011-08-03 14:24 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll

2011-08-03 14:24 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2011-08-03 14:24 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll

2011-08-03 14:24 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll

2011-08-03 14:23 . 2009-09-10 14:58 1418752 ----a-w- c:\program files\Windows Media Player\setup_wm.exe

2011-08-03 14:23 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe

2011-08-03 14:22 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll

2011-08-03 14:22 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll

2011-08-03 14:22 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll

2011-08-03 14:22 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll

2011-08-03 14:22 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll

2011-08-03 14:22 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll

2011-08-03 14:22 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll

2011-08-03 14:22 . 2010-04-05 17:01 67072 ----a-w- c:\windows\system32\asycfilt.dll

2011-08-03 14:21 . 2010-01-13 17:34 98304 ----a-w- c:\windows\system32\cabview.dll

2011-08-03 14:21 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys

2011-08-03 14:21 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll

2011-08-03 14:21 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll

2011-08-03 14:21 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll

2011-08-03 14:21 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL

2011-08-03 14:21 . 2009-10-23 17:10 714240 ----a-w- c:\windows\system32\timedate.cpl

2011-08-03 14:21 . 2010-05-27 20:08 81920 ----a-w- c:\windows\system32\iccvid.dll

2011-08-03 14:21 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll

2011-08-03 14:18 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

2011-08-03 13:59 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll

2011-07-29 19:21 . 2011-07-29 19:21 -------- d-----w- c:\users\Owner\AppData\Local\Immunet

2011-07-29 19:15 . 2011-07-29 19:15 -------- d-----w- c:\program files\AVAST Software

2011-07-24 19:10 . 2011-07-24 19:10 115369 ----a-w- c:\windows\system32\drivers\klin.dat

2011-07-24 19:10 . 2011-07-24 19:10 97859 ----a-w- c:\windows\system32\drivers\klick.dat

2011-07-24 16:14 . 2011-07-25 20:12 -------- d-----w- c:\program files\ParetoLogic

2011-07-23 15:48 . 2011-07-23 15:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes

2011-07-23 15:48 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-07-23 15:48 . 2011-07-23 15:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-07-23 15:48 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-08-21 18:24 . 2011-05-19 17:32 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-08-08 19:01 . 2008-10-11 01:16 11776 ----a-w- c:\windows\system32\smrgdf.exe

2011-08-08 19:01 . 2008-10-11 01:16 29696 ----a-w- c:\windows\system32\iolobtdfg.exe

2011-08-08 18:18 . 2011-06-15 22:56 2083464 ----a-w- c:\windows\system32\Incinerator32.dll

2011-08-21 19:14 . 2011-07-23 15:05 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2009-04-01 02:47 . 2009-01-21 23:05 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateReg"="c:\windows\system32\jureg.exe" [2009-08-21 55072]

"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]

"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2011-08-08 606392]

"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]

"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]

"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-10-10 203264]

"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]

"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]

"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2010-09-02 1638400]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

.

c:\users\Samantha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoRealMode"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ioloSystemService]

@="Service"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]

.

[HKLM\~\startupfolder\C:^Users^Owner^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2008-10-25 15:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

2006-12-08 16:16 65536 ----a-w- c:\hp\KBD\KbdStub.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2570302985-1980279383-1430084365-1000]

"EnableNotificationsRef"=dword:00000001

.

R1 ImmunetProtectDriver;ImmunetProtectDriver;c:\windows\system32\DRIVERS\ImmunetProtect.sys [x]

R1 ImmunetSelfProtectDriver;ImmunetSelfProtectDriver;c:\windows\system32\DRIVERS\ImmunetSelfProtect.sys [x]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 135664]

R3 nenum13E;nenum13E;c:\users\Owner\AppData\Local\Temp\nenum13E.sys [x]

R3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [2007-09-13 25760]

R3 TAPBIND;TAPBIND;e:\release\TAPBIND1.SYS [x]

S0 AFS;AFS; [x]

S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\SYMDS.SYS [2010-02-04 328752]

S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\SYMEFA.SYS [2010-04-22 173104]

S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20110812.001\BHDrvx86.sys [2011-07-23 815736]

S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\ccHPx86.sys [2010-02-26 501888]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\ElRawDsk.sys [2009-09-08 20392]

S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20110819.030\IDSvix86.sys [2011-08-02 367736]

S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\Ironx86.SYS [2010-04-29 116784]

S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\N360\0403000.005\SYMTDIV.SYS [2010-05-06 339504]

S2 atashost;WebEx Service Host for Support Center;c:\windows\system32\atashost.exe [2010-06-07 43904]

S2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-02-19 233472]

S2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [2011-08-08 722616]

S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [2010-02-11 300400]

S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]

S2 N360;Norton 360;c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe [2010-02-26 126392]

S2 sesvc;ShadowExplorer Service;c:\program files\ShadowExplorer\sesvc.exe [2011-01-03 9216]

S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-07-28 105592]

S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.SYS [2009-02-19 36608]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - FSUSBEXDISK

*Deregistered* - ioloSGuardDriver

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Contents of the 'Scheduled Tasks' folder

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:26]

.

2011-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-30 17:26]

.

2010-10-19 c:\windows\Tasks\HPCeeScheduleForSamantha.job

- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-11 23:34]

.

2011-08-21 c:\windows\Tasks\ParetoLogic Update Version2.job

- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2008-02-22 16:25]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.254.254 192.168.254.254

FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vucd2uga.default\

FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

.

.

------- File Associations -------

.

JSEFile=NOTEPAD.EXE %1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-08-22 11:25

Windows 6.0.6002 Service Pack 2 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\N360]

"ImagePath"="\"c:\program files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]

"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-2570302985-1980279383-1430084365-1000\Software\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Common Client\ccIPC]

@Denied: (C D) (Everyone)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&12345678&00&10\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&12345678&00&10\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\Default_Monitor\4&185a6dd6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Device Parameters\MODES]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\HWP26A3\4&185a6dd6&0&UID272\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0191\4&185a6dd6&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]

@DACL=(02 0000)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\DISPLAY\SAM0191\4&185a6dd6&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]

@DACL=(02 0000)

.

Completion time: 2011-08-22 11:28:10

ComboFix-quarantined-files.txt 2011-08-22 15:28

ComboFix2.txt 2011-08-21 18:54

.

Pre-Run: 356,064,206,848 bytes free

Post-Run: 356,038,045,696 bytes free

.

- - End Of File - - 322725A3076859D42320491D1A7D9138

Link to post
Share on other sites

Do the below and then uninstall IE and re-install it.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

If you used DeFogger

To re-enable your Emulation drivers, double click DeFogger to run the tool.

  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

Here's my usual all clean post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
    5. Change the Download signed ActiveX controls to Prompt
    6. Change the Download unsigned ActiveX controls to Disable
    7. Change the Initialize and script ActiveX controls not marked as safe to Disable
    8. Change the Installation of desktop items to Prompt
    9. Change the Launching programs and files in an IFRAME to Prompt
    10. Change the Navigate sub-frames across different domains to Prompt
    11. When all these settings have been made, click on the OK button.
    12. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    13. Next press the Apply button and then the OK to exit the Internet Properties page.

    [*]Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week

    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

    [*]Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.

    Without a firewall your computer is succeptible to being hacked and taken over.

    I am very serious about this and see it happen almost every day with my clients.

    Simply using a Firewall in its default configuration can lower your risk greatly.

    [*]Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.

    •Free browser plug-in for Internet Explorer and Firefox

    •Real-time safety ratings

    •Ideal for Facebook, Twitter and LinkedIn

    [*] JAVA Click this link and click on the Free JAVA Download

    [*]Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.

    This will ensure your computer has always the latest security updates available installed on your computer.

    If there are new updates to install, install them immediately, reboot your computer, and revisit the site

    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

One other thing I would like your advice on. I did figure out that iexplore keeps trying to change my homepage. What is this all about? I have it permanently blocked with one of my antivirus programs. I will wait to hear from you before I do the final steps in the last post. Thank you again for your time and knowledge.

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.