18 replies to this topic

[grey74]

Anyone come across this: http://partner12.myd....com/search.php

When using google chrome for the past 3 days I get an error message saying google can't be found, and I am redirected to this particular website. It happens when I'm on youtube as well, and sporadically going through other sites as well. Any ideas on what to do?

[grey74]

 grey74, on 14 May 2011 - 10:40 PM, said:

Anyone come across this: http://partner12.myd....com/search.php

When using google chrome for the past 3 days I get an error message saying google can't be found, and I am redirected to this particular website. It happens when I'm on youtube as well, and sporadically going through other sites as well. Any ideas on what to do?

Bumping this thread so it doesn't get lost in the shuffle

[screen317]

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

[grey74]

 screen317, on 15 May 2011 - 01:16 PM, said:

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Thanks for your reply:

This is what I have for as per request:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4842

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/15/2011 1:44:34 PM
mbam-log-2011-05-15 (13-44-34).txt

Scan type: Quick scan
Objects scanned: 141676
Time elapsed: 5 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jon at 13:45:45.22 on Sun 05/15/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1380 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Windows\system32\lxbtcoms.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TRENDM~1\INTERN~1\PcSSEItf.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\PccGuide.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\DVD Flick\dvdflick.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe
C:\Windows\splwow64.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Jon\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uWindow Title = Internet Explorer
uDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\DealioToolbarIE.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - C:\Program Files (x86)\Dealio Toolbar\SearchSettings.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\DealioToolbarIE.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [bootstartx.exe] C:\bootstartx.exe\bootstartx.exe
uRun: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [CPN Notifier] C:\Program Files (x86)\Cake Poker 2.0\PokerNotifier.exe
uRun: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeDTV 6.5Pro\MediaDetector.exe"
uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Google Update] "C:\Users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
uPolicies-explorer: DisallowRun = 0 (0x0)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to Mp3 Converter - C:\Users\Jon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Silver Sands Poker\GameClient.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: everestpoker.com\account
Trusted Zone: homeoffun.com\account
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Texas%20Holdem%20Poker/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Texas%20Holdem%20Poker/Images/armhelper.ocx
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - hxxp://www.clickteam.com/vitalize3/vitalize.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
IFEO: image file execution options - svchost.exe
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll,RunDLLEntry
mRun-x64: [lxbtmon.exe] "C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe"
IE-X64: {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\goldentigerMPP\MPPoker.exe
IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
IE-X64: {17236448-c0c3-4840-b834-96d7ed4acc21} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenArchPoker\GoldenArchPoker.lnk
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {3497d1fd-bd47-4046-b167-4e4382228237} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spin32\Spin32.lnk
IE-X64: {3B501CBC-D009-4DAB-ADAF-B882F2F0A447} - C:\Users\Jon\Desktop\VIP Casino.lnk
IE-X64: {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDC Poker\PDC Poker.lnk
IE-X64: {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walker Poker\Walker Poker.lnk
IE-X64: {7ecccf90-ae7b-44ea-884e-201d1d84736e} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GR88\GR88.lnk
IE-X64: {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Users\Jon\Desktop\DTD Casino GBP.lnk
IE-X64: {a6090802-f053-454f-85af-43d606dbe92a} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Chip Poker\Black Chip Poker.lnk
IE-X64: {badbdc32-2a0c-49b3-894b-519434e38bf8} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerCity\PokerCity.lnk
IE-X64: {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
IE-X64: {F5241C4B-C9B4-4C04-B987-0CB190D093A4} - http://www.cscasino.com
IE-X64: {fbd780d2-c26b-46dd-9002-fdf30465c9d2} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeltStars\FeltStars.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com\components\SearchSettingsFF.dll
FF - component: c:\program files\real\realplayer\browserrecord\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npcnc32.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPDARTS.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPPIRATE.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPSOCCER.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\Netscape6\nprpjplug.dll
FF - plugin: C:\Users\Jon\AppData\Local\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\extensions\firefox@tvunetworks.com\plugins\npTVUAx.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: SearchSettings Plugin: search@searchsettings.com - C:\Program Files (x86)\Mozilla Firefox\extensions\search@searchsettings.com
FF - Ext: DealioToolbar Plugin: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Mozilla Firefox\extensions\{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\program files\real\realplayer\browserrecord\firefox\ext
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: TVU Web Player: firefox@tvunetworks.com - %profile%\extensions\firefox@tvunetworks.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Comcast Toolbar: {4E77EDAD-9566-4089-88D1-C81498CEE770} - %profile%\extensions\{4E77EDAD-9566-4089-88D1-C81498CEE770}
FF - Ext: vShare Plugin: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Wikipedia Toolbar: wikipediatoolbar@wikipedia.org - %profile%\extensions\wikipediatoolbar@wikipedia.org
FF - Ext: Indianapolis Colts 2010 Interactive Theme: colts2010boom@colts.com - %profile%\extensions\colts2010boom@colts.com
FF - Ext: YouTube mp3: info@youtube-mp3.org - %profile%\extensions\info@youtube-mp3.org
FF - Ext: KeepTube Downloader: webmaster@keep-tube.com - %profile%\extensions\webmaster@keep-tube.com
FF - Ext: MegaUpload DownloadHelper: mgDownloadHelper@yevgenyandrov.net - %profile%\extensions\mgDownloadHelper@yevgenyandrov.net
FF - Ext: Go To Google: {BCC877E7-7F3F-4632-8338-DAEE4475DE35} - %profile%\extensions\{BCC877E7-7F3F-4632-8338-DAEE4475DE35}
FF - Ext: NewTabURL: newtaburl@sogame.cat - %profile%\extensions\newtaburl@sogame.cat
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-9-2 53488]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Tmntsrv;Trend Micro Real-time Service;C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2008-9-2 43336]
R2 tmproxy;Trend Micro Proxy Service;C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe [2007-8-27 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-9-27 24652]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-9-2 403456]
R3 tmcfw;Trend Micro Common Firewall Service;C:\Windows\System32\drivers\TM_CFW.sys [2008-9-2 358728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-14 1153368]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== Created Last 30 ================
.
2011-05-15 03:09:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-15 03:09:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-05-13 06:49:02 8802128 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{3CD163E8-9755-4682-803F-BCE114239FFA}\mpengine.dll
2011-05-11 16:21:24 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-11 16:21:24 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-09 00:31:56 -------- d-----w- C:\Users\Jon\Shared
2011-05-09 00:30:55 -------- d-----w- C:\Users\Jon\AppData\Local\adrevmedia
2011-05-09 00:30:53 -------- d-----w- C:\PROGRA~3\Anti-phishing Domain Advisor
2011-05-09 00:30:31 -------- d-----w- C:\Users\Jon\AppData\Roaming\ZiggyTV
2011-05-09 00:30:29 -------- d-----w- C:\Program Files (x86)\ZiggyTV
2011-04-27 18:34:33 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 18:34:32 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 18:34:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 18:34:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-27 18:34:08 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-27 18:34:08 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
2011-04-19 23:18:51 -------- d-----w- C:\Windows\Lhsp
2011-04-19 23:18:38 -------- d-----w- C:\KARI3
2011-04-17 02:19:44 -------- d-----w- C:\Users\Jon\AppData\Local\FullTiltPoker.NET
2011-04-17 02:18:53 -------- d-----w- C:\Program Files (x86)\Full Tilt Poker.Net
.
==================== Find3M ====================
.
2011-04-04 06:29:07 237568 ----a-w- C:\Windows\SysWow64\rmc_rtspdl.dll
2011-04-04 06:29:07 156672 ----a-w- C:\Windows\SysWow64\rmc_fixasf.exe
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 16:12:21 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 14:47:08 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 14:13:01 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-22 13:53:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2011-02-18 16:50:48 1032192 ----a-w- C:\Windows\System32\wininet.dll
2011-02-18 16:38:42 834048 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-02-18 15:55:33 86528 ----a-w- C:\Windows\System32\ieencode.dll
2011-02-18 15:45:02 78336 ----a-w- C:\Windows\SysWow64\ieencode.dll
2011-02-18 15:19:20 485376 ----a-w- C:\Windows\System32\html.iec
2011-02-18 14:49:21 389632 ----a-w- C:\Windows\SysWow64\html.iec
2011-02-18 14:18:15 450560 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-02-18 14:17:59 176128 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-02-18 14:17:57 145920 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-02-18 14:16:30 274432 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-02-18 14:16:29 135680 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-02-18 14:16:27 106496 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-02-18 14:16:16 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-02-16 16:43:31 603136 ----a-w- C:\Windows\System32\vbscript.dll
2011-02-16 16:37:47 48128 ----a-w- C:\Windows\System32\atmlib.dll
2011-02-16 16:21:07 430080 ----a-w- C:\Windows\SysWow64\vbscript.dll
2011-02-16 16:16:37 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-02-16 14:15:24 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-02-16 14:02:23 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
.
============= FINISH: 13:46:41.70 ===============

[grey74]

bump so it doesn't get lost

[grey74]

Bumping again

[grey74]

I was hoping someone would take a look at this. I have done as instructed.

[screen317]

Hi,

My apologies for the delay.


When you bump your topic, you go to the bottom of my reply list. Your repeated bumping made me miss your response multiple times. Please don't bump in the future.


Please visit this webpage for instructions for running ComboFix:
http://www.bleepingc...to-use-combofix

• When the tool is finished, it will produce a report for you.
  
• Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

[grey74]

sorry for that, I didn't know bumping was bad. Won't do it in the future



ComboFix 11-05-19.02 - Jon 05/20/2011 22:45:40.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1451 [GMT -5:00]
Running from: c:\users\Jon\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bootstartx.exe
c:\bootstartx.exe\bootstartx.exe
c:\bootstartx.exe\config.bin
C:\Install.exe
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\config.ini
c:\program files (x86)\Dealio Toolbar\DealioToolbarIE.dll
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\separator.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\SeARchsettings.dll
c:\program files (x86)\Dealio Toolbar\SearchSettings.exe
c:\program files (x86)\Dealio Toolbar\SearchSettingsRes409.dll
c:\program files (x86)\Dealio Toolbar\sscfg.ini
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\program files (x86)\Mozilla Firefox\searchplugins\search.xml
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Jon\AppData\Roaming\FFSJ
c:\users\Jon\AppData\Roaming\FFSJ\FFSJ.cfg
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\cb.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\cid.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\eb.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\fan.drv
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\FW.sys
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\grid.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\hymt.tmp
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\John Abercrombie, Jazz Guitarist.url
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\kernel32.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.dll
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Recent\tempdoc.tmp
c:\users\Jon\xxtcgujs.exe
c:\windows\system32\drivers\etc\host_new
.
.
((((((((((((((((((((((((( Files Created from 2011-04-21 to 2011-05-21 )))))))))))))))))))))))))))))))
.
.
2011-05-21 03:56 . 2011-05-21 03:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-20 06:50 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DB84903D-9289-42FA-A4A8-658313BB0248}\mpengine.dll
2011-05-16 18:53 . 2011-04-14 16:26 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-16 18:53 . 2011-04-14 16:25 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-05-16 18:53 . 2011-04-14 16:25 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-16 18:53 . 2011-04-14 16:25 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-05-16 18:53 . 2011-04-14 16:25 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-05-16 18:53 . 2011-04-14 16:25 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-16 18:53 . 2011-04-14 16:25 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-16 18:53 . 2011-04-14 16:25 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-05-16 18:53 . 2010-01-01 08:00 1974616 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-16 18:53 . 2010-01-01 08:00 1892184 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-15 03:09 . 2011-05-15 03:47 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-05-15 03:09 . 2011-05-15 03:10 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-05-11 16:21 . 2011-04-07 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-11 16:21 . 2011-04-07 12:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-05-09 00:31 . 2011-05-09 00:32 -------- d-----w- c:\users\Jon\Shared
2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\users\Jon\AppData\Local\adrevmedia
2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2011-05-09 00:30 . 2011-05-09 02:29 -------- d-----w- c:\users\Jon\AppData\Roaming\ZiggyTV
2011-05-09 00:30 . 2011-05-09 00:31 -------- d-----w- c:\program files (x86)\ZiggyTV
2011-04-27 18:34 . 2011-03-12 22:52 1653760 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-27 18:34 . 2011-03-12 21:55 876032 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-04-27 18:34 . 2011-03-03 15:59 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 18:34 . 2011-03-03 15:40 28672 ----a-w- c:\windows\SysWow64\Apphlpdm.dll
2011-04-27 18:34 . 2011-03-03 14:00 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 18:34 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\SysWow64\GameUXLegacyGDFs.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-04 06:29 . 2010-07-02 16:30 156672 ----a-w- c:\windows\SysWow64\rmc_fixasf.exe
2011-04-04 06:29 . 2010-07-02 16:30 237568 ----a-w- c:\windows\SysWow64\rmc_rtspdl.dll
2011-03-10 17:18 . 2011-04-14 22:16 1360384 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:18 . 2011-04-14 22:16 1398784 ----a-w- c:\windows\system32\mfc42.dll
2011-03-10 17:03 . 2011-04-14 22:16 1162240 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-10 17:03 . 2011-04-14 22:16 1136640 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-03 16:02 . 2011-04-14 22:18 975872 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:59 . 2011-04-27 18:34 100352 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59 . 2011-04-27 18:34 331776 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59 . 2011-04-27 18:34 284672 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42 . 2011-04-14 22:18 739328 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-03-03 15:40 . 2011-04-27 18:34 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 18:34 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 18:34 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 18:34 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:46 . 2011-04-14 22:17 2762240 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 16:12 . 2011-04-14 22:16 117760 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-02-24 16:38 . 2011-04-14 22:20 991104 ----a-w- c:\windows\system32\winresume.efi
2011-02-24 16:38 . 2011-04-14 22:20 979840 ----a-w- c:\windows\system32\winresume.exe
2011-02-24 16:37 . 2011-04-14 22:20 1076608 ----a-w- c:\windows\system32\winload.efi
2011-02-24 16:37 . 2011-04-14 22:20 1063296 ----a-w- c:\windows\system32\winload.exe
2011-02-24 16:37 . 2011-04-14 22:20 20864 ----a-w- c:\windows\system32\kdusb.dll
2011-02-24 16:37 . 2011-04-14 22:20 18816 ----a-w- c:\windows\system32\kd1394.dll
2011-02-24 16:37 . 2011-04-14 22:20 17792 ----a-w- c:\windows\system32\kdcom.dll
2011-02-22 14:47 . 2011-03-22 18:35 479744 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 14:13 . 2011-03-22 18:35 288768 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53 . 2011-03-22 18:35 1555968 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:53 . 2011-03-22 18:35 1149440 ----a-w- c:\windows\system32\FntCache.dll
2011-02-22 13:33 . 2011-03-22 18:35 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2010-04-27 15:08 2393184 ----a-w- c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files (x86)\DVDVideoSoftTB\tbDVDV.dll" [2010-04-27 2393184]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-12-22 39408]
"Weather"="c:\program files (x86)\AWS\WeatherBug\Weather.exe" [2010-10-28 1652736]
"Aim6"="c:\program files (x86)\AIM6\aim6.exe" [2009-05-19 49968]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Anti-phishing Domain Advisor"="c:\programdata\Anti-phishing Domain Advisor\visicom_antiphishing.exe" [2011-04-08 231592]
.
c:\users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ZooskMessenger.lnk - c:\program files (x86)\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files (x86)\Digital Line Detect\DLG.exe [2008-9-2 50688]
PalTalk.lnk - c:\program files (x86)\Paltalk Messenger\paltalk.exe [2010-12-15 13596424]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\42]
FriendlyName= Pond Aquarium Standard v1.0 Active Desktop
Source= c:\program files (x86)\Pond Aquarium 3D Standard\Active Desktop\Pond_Aquarium_Std_Active_DT.html
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R1 SASDIFSV;SASDIFSV;c:\users\Jon\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV64.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\Jon\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL64.SYS [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 135664]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 27648]
S2 AntiSpywareService;Comcast AntiSpyware;c:\program files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-06-17 616408]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Tmntsrv;Trend Micro Real-time Service;c:\progra~2\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
S2 TmPfw;Trend Micro Personal Firewall;c:\progra~2\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
S2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [x]
S2 tmproxy;Trend Micro Proxy Service;c:\progra~2\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 CAXHWBS2;CAXHWBS2;c:\windows\system32\DRIVERS\CAXHWBS2.sys [x]
S3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 20:25]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-15 20:25]
.
2011-05-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2925761819-2875814959-2940701459-1000Core.job
- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-03 06:31]
.
2011-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2925761819-2875814959-2940701459-1000UA.job
- c:\users\Jon\AppData\Local\Google\Update\GoogleUpdate.exe [2009-07-03 06:31]
.
2011-05-20 c:\windows\Tasks\User_Feed_Synchronization-{C4917C45-7705-478C-940A-A08092AD0C05}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-01-15 5641728]
"Skytel"="Skytel.exe" [2007-11-21 1826816]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-12 138264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-12 203800]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-12 168472]
"LXBTCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll" [2007-05-03 28672]
"lxbtmon.exe"="c:\program files (x86)\Lexmark 5200 Series\lxbtmon.exe" [2007-05-03 230320]
"EzPrint"="c:\program files (x86)\Lexmark 5200 Series\ezprint.exe" [2007-05-03 103344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mStart Page = hxxp://www.comcast.net/
mLocal Page = %SystemRoot%\system32\blank.htm
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to Mp3 Converter - c:\users\Jon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: everestpoker.com\account
Trusted Zone: homeoffun.com\account
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
FF - ProfilePath - c:\users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-bootstartx.exe - c:\bootstartx.exe\bootstartx.exe
Wow6432Node-HKCU-Run-DW6 - c:\program files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
Wow6432Node-HKCU-Run-CPN Notifier - c:\program files (x86)\Cake Poker 2.0\PokerNotifier.exe
Wow6432Node-HKCU-Run-BlazeServoTool - c:\program files (x86)\BlazeVideo\BlazeDTV 6.5Pro\MediaDetector.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Casino Extreme - c:\program files (x86)\Casino Extreme\Install.exe
AddRemove-Cherry Red Casino - c:\program files (x86)\Cherry Red Casino\Install.exe
AddRemove-Cool Cat Casino - c:\program files (x86)\Cool Cat Casino\Install.exe
AddRemove-CoreAAC Audio Decoder - c:\windows\system32\CoreAAC-uninstall.exe
AddRemove-DTDCASINOV8ENGGBP - c:\windows\system32\UnCasino5.exe
AddRemove-HijackThis - c:\users\Jon\Downloads\HijackThis.exe
AddRemove-Intertops Casino - c:\program files (x86)\Intertops Casino\Install.exe
AddRemove-Lucky18 Casino - c:\program files (x86)\Lucky18 Casino\Install.exe
AddRemove-PondAquariumSS_std - c:\windows\system32\PondAquariumSS_std.scr
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-Silver Sands Casino - c:\program files (x86)\Silver Sands Casino\Install.exe
AddRemove-VIPCasinoV8 - c:\windows\system32\UnCasino5.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10i.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\CA\PPRT\bin\ITMRTSVC.exe
c:\progra~2\TRENDM~1\INTERN~1\PcCtlCom.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\progra~2\TRENDM~1\INTERN~1\PccGuide.exe
c:\program files (x86)\WinRAR\RarExtLoader.exe
.
**************************************************************************
.
Completion time: 2011-05-20 23:07:54 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-21 04:07
.
Pre-Run: 166,476,451,840 bytes free
Post-Run: 166,891,945,984 bytes free
.
- - End Of File - - 4E6D7107DDBEE4D4915BA1E2A58BF890



.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by Jon at 0:12:40.86 on Sat 05/21/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_24
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4084.1933 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe
C:\Program Files (x86)\CA\PPRT\bin\ITMRTSVC.exe
C:\Windows\system32\lxbtcoms.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\PROGRA~2\TRENDM~1\INTERN~1\PcSSEItf.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\PROGRA~2\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RAVCpl64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe
C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\AWS\WeatherBug\Weather.exe
C:\Program Files (x86)\Digital Line Detect\DLG.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\notepad.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Jon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Jon\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mStart Page = hxxp://www.comcast.net/
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = <local>
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - C:\Program Files (x86)\comcasttb\comcastdx.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\tbDVDV.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Weather] C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
uRun: [Aim6] "C:\Program Files (x86)\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
StartupFolder: C:\Users\Jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ZOOSKM~1.LNK - C:\Program Files (x86)\ZooskMessenger\ZooskMessenger.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PalTalk.lnk - C:\Program Files (x86)\Paltalk Messenger\paltalk.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 2 (0x2)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Free YouTube to Mp3 Converter - C:\Users\Jon\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files (x86)\Silver Sands Poker\GameClient.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: everestpoker.com\account
Trusted Zone: homeoffun.com\account
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files%20(x86)/Texas%20Holdem%20Poker/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files%20(x86)/Texas%20Holdem%20Poker/Images/armhelper.ocx
DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} - hxxps://signin3.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {EB6D7E70-AAA9-40D9-BA05-F214089F2275} - hxxp://www.clickteam.com/vitalize3/vitalize.cab
DPF: {F7EDBBEA-1AD2-4EBF-AA07-D453CC29EE65} - hxxps://plugins.valueactive.eu/flashax/iefax.cab
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg64.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
TB-X64: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
TB-X64: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [LXBTCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXBTtime.dll,RunDLLEntry
mRun-x64: [lxbtmon.exe] "C:\Program Files (x86)\Lexmark 5200 Series\lxbtmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86)\Lexmark 5200 Series\ezprint.exe"
IE-X64: {00000000-0000-0000-0000-000000000000} - C:\MicroGaming\Poker\goldentigerMPP\MPPoker.exe
IE-X64: {00710644-edb6-40fb-b3e2-51b615e97d5a} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RPM Poker\RPM Poker.lnk
IE-X64: {17236448-c0c3-4840-b834-96d7ed4acc21} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GoldenArchPoker\GoldenArchPoker.lnk
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk
IE-X64: {3497d1fd-bd47-4046-b167-4e4382228237} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spin32\Spin32.lnk
IE-X64: {3B501CBC-D009-4DAB-ADAF-B882F2F0A447} - C:\Users\Jon\Desktop\VIP Casino.lnk
IE-X64: {4f34c291-5837-4f45-ade1-da5502c69fef} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDC Poker\PDC Poker.lnk
IE-X64: {533caed3-32dd-436e-9e56-27e70d5190bb} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Walker Poker\Walker Poker.lnk
IE-X64: {7ecccf90-ae7b-44ea-884e-201d1d84736e} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GR88\GR88.lnk
IE-X64: {909AAEB6-C2CB-4AB5-A7BB-C33B72AB4BFB} - C:\Users\Jon\Desktop\DTD Casino GBP.lnk
IE-X64: {a6090802-f053-454f-85af-43d606dbe92a} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Black Chip Poker\Black Chip Poker.lnk
IE-X64: {badbdc32-2a0c-49b3-894b-519434e38bf8} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerCity\PokerCity.lnk
IE-X64: {bdb825fa-7a98-498f-b101-45a8f268a1ff} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aced.com\Aced.com.lnk
IE-X64: {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk
IE-X64: {F5241C4B-C9B4-4C04-B987-0CB190D093A4} - http://www.cscasino.com
IE-X64: {fbd780d2-c26b-46dd-9002-fdf30465c9d2} - C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FeltStars\FeltStars.lnk
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\8yusfkip.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=15627
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2008-9-2 53488]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2008-1-20 27648]
R2 AntiSpywareService;Comcast AntiSpyware;C:\Program Files (x86)\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [2009-6-17 616408]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-5-14 1153368]
R2 Tmntsrv;Trend Micro Real-time Service;C:\PROGRA~2\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-8-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;C:\PROGRA~2\TRENDM~1\INTERN~1\TmPfw.exe [2007-8-27 923216]
R2 tmpreflt;tmpreflt;C:\Windows\System32\drivers\tmpreflt.sys [2008-9-2 43336]
R2 tmproxy;Trend Micro Proxy Service;C:\PROGRA~2\TRENDM~1\INTERN~1\tmproxy.exe [2007-8-27 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-9-27 24652]
R3 CAXHWBS2;CAXHWBS2;C:\Windows\System32\drivers\CAXHWBS2.sys [2008-9-2 403456]
R3 tmcfw;Trend Micro Common Firewall Service;C:\Windows\System32\drivers\TM_CFW.sys [2008-9-2 358728]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-15 135664]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-18 89920]
.
=============== Created Last 30 ================
.
2011-05-21 04:07:56 -------- d-----w- C:\Users\Jon\AppData\Local\temp
2011-05-21 03:58:29 -------- d-----w- C:\$RECYCLE.BIN
2011-05-21 03:42:39 89088 ----a-w- C:\Windows\MBR.exe
2011-05-21 03:42:38 98816 ----a-w- C:\Windows\sed.exe
2011-05-21 03:42:38 256512 ----a-w- C:\Windows\PEV.exe
2011-05-21 03:42:38 161792 ----a-w- C:\Windows\SWREG.exe
2011-05-20 06:50:36 8718160 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{DB84903D-9289-42FA-A4A8-658313BB0248}\mpengine.dll
2011-05-16 18:53:29 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-05-16 18:53:28 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-05-16 18:53:27 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-05-16 18:53:27 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-05-16 18:53:26 89048 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-05-16 18:53:26 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-05-16 18:53:26 465880 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-05-16 18:53:26 1974616 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-05-16 18:53:26 1892184 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-05-16 18:53:26 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-05-15 03:09:55 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-05-15 03:09:55 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
2011-05-11 16:21:24 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-05-11 16:21:24 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-05-09 00:31:56 -------- d-----w- C:\Users\Jon\Shared
2011-05-09 00:30:55 -------- d-----w- C:\Users\Jon\AppData\Local\adrevmedia
2011-05-09 00:30:53 -------- d-----w- C:\PROGRA~3\Anti-phishing Domain Advisor
2011-05-09 00:30:31 -------- d-----w- C:\Users\Jon\AppData\Roaming\ZiggyTV
2011-05-09 00:30:29 -------- d-----w- C:\Program Files (x86)\ZiggyTV
2011-04-27 18:34:33 1653760 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-04-27 18:34:32 876032 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-04-27 18:34:08 4240384 ----a-w- C:\Windows\SysWow64\GameUXLegacyGDFs.dll
2011-04-27 18:34:08 4240384 ----a-w- C:\Windows\System32\GameUXLegacyGDFs.dll
2011-04-27 18:34:08 32256 ----a-w- C:\Windows\System32\Apphlpdm.dll
2011-04-27 18:34:08 28672 ----a-w- C:\Windows\SysWow64\Apphlpdm.dll
.
==================== Find3M ====================
.
2011-04-04 06:29:07 237568 ----a-w- C:\Windows\SysWow64\rmc_rtspdl.dll
2011-04-04 06:29:07 156672 ----a-w- C:\Windows\SysWow64\rmc_fixasf.exe
2011-03-10 17:18:03 1360384 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-10 17:18:02 1398784 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-10 17:03:51 1162240 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-10 17:03:51 1136640 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-03 16:02:50 975872 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-03 15:59:37 100352 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2011-03-03 15:59:36 331776 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2011-03-03 15:59:36 284672 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2011-03-03 15:42:03 739328 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-03-03 15:40:07 173056 ----a-w- C:\Windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- C:\Windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- C:\Windows\apppatch\AcGenral.dll
2011-03-03 13:46:31 2762240 ----a-w- C:\Windows\System32\win32k.sys
2011-03-02 16:12:21 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-02-24 16:38:07 991104 ----a-w- C:\Windows\System32\winresume.efi
2011-02-24 16:38:07 979840 ----a-w- C:\Windows\System32\winresume.exe
2011-02-24 16:37:57 1076608 ----a-w- C:\Windows\System32\winload.efi
2011-02-24 16:37:57 1063296 ----a-w- C:\Windows\System32\winload.exe
2011-02-24 16:37:53 20864 ----a-w- C:\Windows\System32\kdusb.dll
2011-02-24 16:37:53 18816 ----a-w- C:\Windows\System32\kd1394.dll
2011-02-24 16:37:53 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-02-22 14:47:08 479744 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-02-22 14:13:01 288768 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-02-22 13:53:33 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2011-02-22 13:53:27 1149440 ----a-w- C:\Windows\System32\FntCache.dll
2011-02-22 13:33:12 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
.
============= FINISH: 0:13:14.29 ===============

[screen317]

Next, please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.

• Tick the box next to YES, I accept the Terms of Use.
  
• Click Start
  
• When asked, allow the ActiveX control to install
  
• Click Start
  
• Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  
• Click Scan
  Wait for the scan to finish
  
• Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  
• Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

[grey74]

Thanks again for getting back to me. Much appreciated. I did as you suggested.

First log:


ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Seems kind of a small log to me, did I do something wrong?


Results of screen317's Security Check version 0.99.11
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
ESET Online Scanner v3
McAfee Security Scan
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
HijackThis 2.0.2
Java™ 6 Update 24
Java™ 6 Update 5
Java™ 6 Update 7
Out of date Java installed!
Adobe Flash Player 10.0.45.2
Adobe Reader X (10.0.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
TRENDM~1 INTERN~1 PccGuide.exe
``````````End of Log````````````

[grey74]

I am still infected with this redirect virus as of right now. Was what you told me to do last night supposed to get rid of the virus, or is it just another step, and you have more things I need to do. Seems as if the infection keeps getting worse. Right now I basically have to keep cleaning out my browser history and cache every time I search for a new website etc. It's a time killer and a complete pain in the ass. I'm getting close to reformatting my hard drive. I just can't believe this thing doesn't have a fix, there has got to be others out there suffering my same problem.

[screen317]

Hi,

• Download the file TDSSKiller.zip and extract it into a folder on the infected PC.
  
• Execute the file TDSSKiller.exe by double-clicking on it.
  
• Wait for the scan and disinfection process to be over.
  
• When its work is over, the utility prompts for a reboot to complete the disinfection.

By default, the utility outputs runtime log into the system disk root directory (the disk where the operating system is installed, C:\ as a rule).
The log is like UtilityName.Version_Date_Time_log.txt.
for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt.

Please post that log here.



Then grab a fresh copy of ComboFix, run it, and post its log.

[grey74]

2011/05/27 12:38:16.0540 5160 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/05/27 12:38:16.0949 5160 ================================================================================
2011/05/27 12:38:16.0950 5160 SystemInfo:
2011/05/27 12:38:16.0950 5160
2011/05/27 12:38:16.0950 5160 OS Version: 6.0.6002 ServicePack: 2.0
2011/05/27 12:38:16.0950 5160 Product type: Workstation
2011/05/27 12:38:16.0950 5160 ComputerName: JON-PC
2011/05/27 12:38:16.0950 5160 UserName: Jon
2011/05/27 12:38:16.0950 5160 Windows directory: C:\Windows
2011/05/27 12:38:16.0950 5160 System windows directory: C:\Windows
2011/05/27 12:38:16.0950 5160 Running under WOW64
2011/05/27 12:38:16.0950 5160 Processor architecture: Intel x64
2011/05/27 12:38:16.0950 5160 Number of processors: 2
2011/05/27 12:38:16.0950 5160 Page size: 0x1000
2011/05/27 12:38:16.0950 5160 Boot type: Normal boot
2011/05/27 12:38:16.0950 5160 ================================================================================
2011/05/27 12:38:18.0291 5160 Initialize success
2011/05/27 12:38:45.0380 5520 ================================================================================
2011/05/27 12:38:45.0380 5520 Scan started
2011/05/27 12:38:45.0380 5520 Mode: Manual;
2011/05/27 12:38:45.0380 5520 ================================================================================
2011/05/27 12:38:45.0970 5520 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/05/27 12:38:46.0035 5520 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/05/27 12:38:46.0097 5520 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/05/27 12:38:46.0141 5520 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/05/27 12:38:46.0188 5520 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/05/27 12:38:46.0276 5520 AFD (12415ccfd3e7cec55b5184e67b039fe4) C:\Windows\system32\drivers\afd.sys
2011/05/27 12:38:46.0338 5520 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/05/27 12:38:46.0372 5520 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/05/27 12:38:46.0425 5520 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
2011/05/27 12:38:46.0453 5520 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/05/27 12:38:46.0478 5520 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/05/27 12:38:46.0540 5520 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/05/27 12:38:46.0574 5520 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/05/27 12:38:46.0626 5520 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/05/27 12:38:46.0658 5520 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
2011/05/27 12:38:46.0762 5520 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/05/27 12:38:46.0826 5520 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/05/27 12:38:46.0863 5520 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/05/27 12:38:46.0893 5520 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/05/27 12:38:46.0932 5520 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/05/27 12:38:46.0965 5520 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/05/27 12:38:46.0995 5520 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/05/27 12:38:47.0023 5520 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/05/27 12:38:47.0060 5520 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/05/27 12:38:47.0145 5520 CAXHWBS2 (84e556e7f7c00c22e300d78200fc6c44) C:\Windows\system32\DRIVERS\CAXHWBS2.sys
2011/05/27 12:38:47.0195 5520 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/05/27 12:38:47.0237 5520 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/05/27 12:38:47.0271 5520 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/05/27 12:38:47.0317 5520 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/05/27 12:38:47.0378 5520 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/05/27 12:38:47.0412 5520 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/05/27 12:38:47.0442 5520 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/05/27 12:38:47.0495 5520 DfsC (36cd31121f228e7e79bae60aa45764c6) C:\Windows\system32\Drivers\dfsc.sys
2011/05/27 12:38:47.0540 5520 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/05/27 12:38:47.0598 5520 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/05/27 12:38:47.0644 5520 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/05/27 12:38:47.0748 5520 e1express (a458e7d986f51c827640f5d1f1e886e4) C:\Windows\system32\DRIVERS\e1e6032e.sys
2011/05/27 12:38:47.0794 5520 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/05/27 12:38:47.0860 5520 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/05/27 12:38:47.0932 5520 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/05/27 12:38:47.0996 5520 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/05/27 12:38:48.0063 5520 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/05/27 12:38:48.0113 5520 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/05/27 12:38:48.0169 5520 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/05/27 12:38:48.0221 5520 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/05/27 12:38:48.0248 5520 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/05/27 12:38:48.0283 5520 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/05/27 12:38:48.0328 5520 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/05/27 12:38:48.0394 5520 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/05/27 12:38:48.0428 5520 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/05/27 12:38:48.0529 5520 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/05/27 12:38:48.0584 5520 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/05/27 12:38:48.0611 5520 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/05/27 12:38:48.0657 5520 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/05/27 12:38:48.0715 5520 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/05/27 12:38:48.0788 5520 HSF_DPV (8774d021a3fffe44150f8510381deee6) C:\Windows\system32\DRIVERS\CAX_DPV.sys
2011/05/27 12:38:48.0916 5520 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/05/27 12:38:48.0967 5520 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/05/27 12:38:49.0005 5520 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/05/27 12:38:49.0061 5520 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/05/27 12:38:49.0234 5520 igfx (df87170ec724080676c18d5a0af87fc5) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/05/27 12:38:49.0466 5520 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/05/27 12:38:49.0543 5520 IntcAzAudAddService (04c6489a44e340574daae64a6062541c) C:\Windows\system32\drivers\RTKVHD64.sys
2011/05/27 12:38:49.0621 5520 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/05/27 12:38:49.0654 5520 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/05/27 12:38:49.0717 5520 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/05/27 12:38:49.0778 5520 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/05/27 12:38:49.0810 5520 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/05/27 12:38:49.0843 5520 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/05/27 12:38:49.0880 5520 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/05/27 12:38:49.0921 5520 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/05/27 12:38:49.0967 5520 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/05/27 12:38:50.0102 5520 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/05/27 12:38:50.0170 5520 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/05/27 12:38:50.0208 5520 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/05/27 12:38:50.0260 5520 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/05/27 12:38:50.0295 5520 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/05/27 12:38:50.0347 5520 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/05/27 12:38:50.0404 5520 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/05/27 12:38:50.0448 5520 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/05/27 12:38:50.0508 5520 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/05/27 12:38:50.0537 5520 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/05/27 12:38:50.0608 5520 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
2011/05/27 12:38:50.0639 5520 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/05/27 12:38:50.0683 5520 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/05/27 12:38:50.0747 5520 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/05/27 12:38:50.0774 5520 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/05/27 12:38:50.0807 5520 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/05/27 12:38:50.0853 5520 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/05/27 12:38:50.0878 5520 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/05/27 12:38:50.0914 5520 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/05/27 12:38:50.0948 5520 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/05/27 12:38:50.0990 5520 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/05/27 12:38:51.0036 5520 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/05/27 12:38:51.0097 5520 mrxsmb (dc434b4769e18da09ce1b7755d4c64e9) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/05/27 12:38:51.0165 5520 mrxsmb10 (64713fcfe3de8881d62f8f3f2f794241) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/05/27 12:38:51.0196 5520 mrxsmb20 (0005c599a2abf767a815afcd32e523e3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/05/27 12:38:51.0234 5520 msahci (730b784962d22d2c6481eae2370e7c8c) C:\Windows\system32\drivers\msahci.sys
2011/05/27 12:38:51.0273 5520 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/05/27 12:38:51.0327 5520 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/05/27 12:38:51.0349 5520 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/05/27 12:38:51.0390 5520 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/05/27 12:38:51.0420 5520 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/05/27 12:38:51.0455 5520 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/05/27 12:38:51.0497 5520 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/05/27 12:38:51.0554 5520 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/05/27 12:38:51.0577 5520 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/05/27 12:38:51.0611 5520 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/05/27 12:38:51.0681 5520 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/05/27 12:38:51.0738 5520 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/05/27 12:38:51.0778 5520 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/05/27 12:38:51.0813 5520 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/05/27 12:38:51.0849 5520 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/05/27 12:38:51.0883 5520 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/05/27 12:38:51.0914 5520 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/05/27 12:38:51.0962 5520 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/05/27 12:38:52.0038 5520 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/05/27 12:38:52.0086 5520 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/05/27 12:38:52.0125 5520 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/05/27 12:38:52.0194 5520 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/05/27 12:38:52.0271 5520 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/05/27 12:38:52.0308 5520 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/05/27 12:38:52.0339 5520 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/05/27 12:38:52.0378 5520 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/05/27 12:38:52.0463 5520 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
2011/05/27 12:38:52.0503 5520 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/05/27 12:38:52.0538 5520 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/05/27 12:38:52.0595 5520 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/05/27 12:38:52.0645 5520 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
2011/05/27 12:38:52.0678 5520 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/05/27 12:38:52.0717 5520 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/05/27 12:38:52.0847 5520 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/05/27 12:38:52.0889 5520 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/05/27 12:38:52.0956 5520 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/05/27 12:38:53.0003 5520 PxHlpa64 (46851bc18322da70f3f2299a1007c479) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/05/27 12:38:53.0074 5520 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/05/27 12:38:53.0163 5520 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/05/27 12:38:53.0201 5520 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/05/27 12:38:53.0296 5520 R300 (2a09a6b271d1f50adf5e33b37d460de6) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/05/27 12:38:53.0390 5520 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/05/27 12:38:53.0439 5520 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/05/27 12:38:53.0494 5520 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/05/27 12:38:53.0545 5520 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/05/27 12:38:53.0596 5520 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/05/27 12:38:53.0638 5520 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/05/27 12:38:53.0686 5520 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/05/27 12:38:53.0718 5520 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/05/27 12:38:53.0765 5520 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/05/27 12:38:53.0844 5520 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/05/27 12:38:53.0981 5520 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/05/27 12:38:54.0055 5520 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/05/27 12:38:54.0108 5520 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/05/27 12:38:54.0144 5520 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/05/27 12:38:54.0176 5520 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/05/27 12:38:54.0233 5520 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/05/27 12:38:54.0278 5520 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/05/27 12:38:54.0319 5520 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/05/27 12:38:54.0349 5520 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/05/27 12:38:54.0393 5520 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/05/27 12:38:54.0425 5520 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/05/27 12:38:54.0479 5520 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/05/27 12:38:54.0544 5520 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/05/27 12:38:54.0635 5520 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/05/27 12:38:54.0711 5520 srv2 (fa36d119249bf27bc4c0079734e1f33b) C:\Windows\system32\DRIVERS\srv2.sys
2011/05/27 12:38:54.0750 5520 srvnet (cfe7bc92d52c7e79427545909a0182f8) C:\Windows\system32\DRIVERS\srvnet.sys
2011/05/27 12:38:54.0802 5520 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/05/27 12:38:54.0834 5520 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/05/27 12:38:54.0855 5520 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/05/27 12:38:54.0887 5520 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/05/27 12:38:54.0994 5520 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/05/27 12:38:55.0102 5520 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/05/27 12:38:55.0181 5520 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/05/27 12:38:55.0219 5520 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/05/27 12:38:55.0247 5520 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/05/27 12:38:55.0291 5520 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/05/27 12:38:55.0337 5520 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/05/27 12:38:55.0414 5520 tmcfw (c23888cc24f4ab8a5f5b635702b12875) C:\Windows\system32\DRIVERS\TM_CFW.sys
2011/05/27 12:38:55.0469 5520 tmpreflt (e5963107d6d25a74e37d72724e91b6de) C:\Windows\system32\DRIVERS\tmpreflt.sys
2011/05/27 12:38:55.0540 5520 tmtdi (8696c63e6b08cc0ea720dd7a15ba4eab) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/05/27 12:38:55.0574 5520 Tmxpflt (06e4f3dfeb1aafc691d225c83a3662ec) C:\Windows\system32\drivers\TmXPFlt.sys
2011/05/27 12:38:55.0652 5520 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/05/27 12:38:55.0692 5520 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/05/27 12:38:55.0754 5520 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/05/27 12:38:55.0787 5520 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/05/27 12:38:55.0834 5520 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/05/27 12:38:55.0923 5520 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/05/27 12:38:55.0963 5520 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/05/27 12:38:56.0016 5520 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/05/27 12:38:56.0065 5520 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/05/27 12:38:56.0113 5520 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/05/27 12:38:56.0174 5520 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/05/27 12:38:56.0215 5520 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/05/27 12:38:56.0257 5520 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/05/27 12:38:56.0302 5520 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/05/27 12:38:56.0353 5520 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/05/27 12:38:56.0393 5520 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/05/27 12:38:56.0463 5520 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
2011/05/27 12:38:56.0507 5520 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/05/27 12:38:56.0530 5520 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/05/27 12:38:56.0583 5520 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/05/27 12:38:56.0618 5520 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/05/27 12:38:56.0650 5520 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/05/27 12:38:56.0686 5520 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/05/27 12:38:56.0745 5520 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/05/27 12:38:56.0815 5520 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/05/27 12:38:56.0880 5520 vsapint (39e8e95ea1ed20d304ee246ab1e7d4ac) C:\Windows\system32\DRIVERS\vsapint.sys
2011/05/27 12:38:56.0981 5520 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/05/27 12:38:57.0046 5520 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/05/27 12:38:57.0090 5520 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/27 12:38:57.0115 5520 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/05/27 12:38:57.0182 5520 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/05/27 12:38:57.0233 5520 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/05/27 12:38:57.0387 5520 winachsf (47e8fe123d0a99dc0e172f89425b9342) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
2011/05/27 12:38:57.0506 5520 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/05/27 12:38:57.0586 5520 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/05/27 12:38:57.0653 5520 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/05/27 12:38:57.0688 5520 XAudio (e288fa83c178a3458bac1fa80b346c06) C:\Windows\system32\DRIVERS\xaudio64.sys
2011/05/27 12:38:57.0752 5520 MBR (0x1B8) (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
2011/05/27 12:38:57.0789 5520 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
2011/05/27 12:38:57.0798 5520 ================================================================================
2011/05/27 12:38:57.0798 5520 Scan finished
2011/05/27 12:38:57.0798 5520 ================================================================================
2011/05/27 12:38:57.0816 3748 Detected object count: 0
2011/05/27 12:38:57.0816 3748 Actual detected object count: 0

Attached Files

•  combofix 5-27 log.txt   479.16K   13 downloads

[grey74]

If you look about 25 lines down on the combofix log there is something called 2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor

Is this the root of my whole problem? If so it is obviously still there.

[screen317]

These all appear to be related:



2011-05-09 00:31 . 2011-05-09 00:32 -------- d-----w- c:\users\Jon\Shared
2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\users\Jon\AppData\Local\adrevmedia
2011-05-09 00:30 . 2011-05-09 00:30 -------- d-----w- c:\programdata\Anti-phishing Domain Advisor
2011-05-09 00:30 . 2011-05-09 02:29 -------- d-----w- c:\users\Jon\AppData\Roaming\ZiggyTV
2011-05-09 00:30 . 2011-05-09 00:31 -------- d-----w- c:\program files (x86)\ZiggyTV



Looks like ZiggyTV brought in some malware.

Uninstall ZiggyTV, and delete the above 5 folders. Reboot and see if the redirections persist.

[grey74]

Thanks for all your help. My system seems to be working smoothly again. If any issues arise I'll send a message. I appreciate the time you took to help me solve this issue. It sure was an annoying problem to say the least. There is virtually almost nothing on the web about this virus. At least now I can go around and spread the answer to this problem when and where I see it being asked. I had another tech guy said the only way I would disinfect was to reformat, and I thought that seemed like a cop out to me. I didn't believe him, and I'm glad. Thanks for sticking with me here. If I ever have an issue I can't solve again I will be back.

grey74

[screen317]

Glad to hear it!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

• Green to go
  
• Yellow for caution
  
• Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!


Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?




Safe surfing,

-screen317

[screen317]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!