Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google redirect problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google redirect problem

Unread postby bbeeboppin » January 29th, 2011, 11:01 am

Here is my hijackthis.log. I am having the redirect issue. Thank you for your assistance.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:56:52 AM, on 1/29/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\S24EvMon.exe
C:\WINDOWS\system32\ZCfgSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\1XConfig.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\WINDOWS\System32\RegSrvc.exe
C:\Program Files\PC Tools Security\pctsAuxs.exe
C:\Program Files\PC Tools Security\pctsSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Tools Security\pctsGui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:29775
R3 - URLSearchHook: (no name) - {472734EA-242A-422b-ADF8-83D1E48CC825} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coIEPlg.dll
O4 - HKLM\..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcjxksxw] C:\Documents and Settings\admin\Local Settings\Application Data\swacwyxat\aodffesshdw.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\PC Tools Security\pctsGui.exe" /hideGUI
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [gcjxksxw] C:\Documents and Settings\admin\Local Settings\Application Data\swacwyxat\aodffesshdw.exe
O4 - Startup: Microsoft Office Groove.lnk = C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... oader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 7996646235
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} (get_atlcom Class) - http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{25ADADED-9B3B-420D-AEB3-D3F73D476828}: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CCS\Services\Tcpip\..\{756AE104-891A-42EB-B841-D84F154A54A7}: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CS1\Services\Tcpip\..\{25ADADED-9B3B-420D-AEB3-D3F73D476828}: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CS2\Services\Tcpip\..\{25ADADED-9B3B-420D-AEB3-D3F73D476828}: NameServer = 93.188.163.70,93.188.166.9
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.70,93.188.166.9
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\System32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\System32\S24EvMon.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\PC Tools Security\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\PC Tools Security\pctsSvc.exe

--
End of file - 9929 bytes
bbeeboppin
Active Member
 
Posts: 5
Joined: January 28th, 2011, 10:22 pm
Advertisement
Register to Remove

Re: google redirect problem

Unread postby deltalima » January 30th, 2011, 9:03 am

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google redirect problem

Unread postby deltalima » January 30th, 2011, 9:18 am

Hi bbeeboppin,

Welcome to the forum.

My nickname is deltalima and I will be helping you with your malware issue.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Uninstall List
  • Open HijackThis.
  • Click on Open the Misc tools section.
  • Click on the Open Uninstall Manager... button.
  • Click on the Save list... button.
  • It will prompt you to save. Save this log in a convenient location. By default it's named uninstall_list.txt.
  • Notepad will open. Please copy and paste the contents of this log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google redirect problem

Unread postby bbeeboppin » January 30th, 2011, 5:14 pm

Below is the requested information. Thank You

Acrobat.com
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader 9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Auction Flex
Bonjour
Broadcom Gigabit Integrated Controller
Citrix Presentation Server Client
Conexant D480 MDC V.9x Modem
Deed Plotter+ for Windows
Dell ResourceCD
Easy CD Creator 5 Basic
getPlus(R) for Adobe
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
Intel(R) PROSet
InterActual Player
InterVideo WinDVD
InterVideo WinDVD
iTunes
LiveUpdate 2.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Norton 360
O2Micro Smartcard Driver
QuickSet
QuickTime
SigmaTel AC97 Audio Drivers
Spyware Doctor 8.0
Windows Internet Explorer 8
Windows XP Service Pack 3
bbeeboppin
Active Member
 
Posts: 5
Joined: January 28th, 2011, 10:22 pm

Re: google redirect problem

Unread postby deltalima » January 30th, 2011, 5:18 pm

Hi bbeeboppin,

Download and run OTL
Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened
    • Extras.txt <-- Will be minimized
  • Please post the contents of these 2 Notepad files in your next reply.

Please download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Run Gmer again and click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE
Important! Please do not select the "Show all" checkbox during the scan..

Please post the GMER log along with OTL.txt and Extras.txt from the OTL scan into your next reply.

Please let me know if the computer is used for home or for business use.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: google redirect problem

Unread postby bbeeboppin » January 30th, 2011, 5:45 pm

This computer was primarily work. Currently primarily home. In the future will most likely be primarily work again.

OTL logfile created on: 1/30/2011 4:23:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 380.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 18.04 Gb Free Space | 64.54% Space Free | Partition Type: NTFS

Computer Name: DELL-D600 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
PRC - C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
PRC - C:\Program Files\Norton 360\Engine\4.3.0.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\dwwin.exe (Microsoft Corporation)
PRC - C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
PRC - C:\Program Files\Dell\QuickSet\quickset.exe ()
PRC - C:\WINDOWS\system32\ZCfgSvc.exe (Intel Corporation)
PRC - C:\WINDOWS\system32\1XConfig.exe (Intel)
PRC - C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
PRC - C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)
PRC - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
PRC - C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
PRC - C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe (Roxio)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\admin\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\PC Tools Security\PCTGMhk.dll (PC Tools)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton 360\Engine\4.3.0.5\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- File not found
SRV - (NetSvc) -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe (Intel(R) Corporation)
SRV - (sdCoreService) -- C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (sdAuxService) -- C:\Program Files\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (N360) -- C:\Program Files\Norton 360\Engine\4.3.0.5\ccSvcHst.exe (Symantec Corporation)
SRV - (getPlus(R) Helper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (S24EventMonitor) -- C:\WINDOWS\system32\S24EvMon.exe (Intel Corporation )
SRV - (RegSrvc) -- C:\WINDOWS\system32\RegSrvc.exe (Intel Corporation)


========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110130.001\NAVEX15.SYS (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110130.001\NAVENG.SYS (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110128.003\IDSXpx86.sys (Symantec Corporation)
DRV - (PCTCore) -- C:\WINDOWS\system32\drivers\PCTCore.sys (PC Tools)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110114.001\BHDrvx86.sys (Symantec Corporation)
DRV - (pctEFA) -- C:\WINDOWS\system32\drivers\pctEFA.sys (PC Tools)
DRV - (pctDS) -- C:\WINDOWS\system32\drivers\pctDS.sys (PC Tools)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS (Symantec Corporation)
DRV - (ccHP) -- C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS (Symantec Corporation)
DRV - (UdfReadr_xp) -- C:\WINDOWS\System32\drivers\udfreadr_xp.sys (Roxio)
DRV - (pwd_2k) -- C:\WINDOWS\System32\drivers\pwd_2K.sys (Roxio)
DRV - (mmc_2K) -- C:\WINDOWS\System32\drivers\Mmc_2k.sys (Roxio)
DRV - (dvd_2K) -- C:\WINDOWS\System32\drivers\Dvd_2k.sys (Roxio)
DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)
DRV - (STAC97) Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\stac97.sys (SigmaTel, Inc.)
DRV - (OMCI) -- C:\WINDOWS\system32\drivers\omci.sys (Dell Inc)
DRV - (w70n51) Intel(R) -- C:\WINDOWS\system32\drivers\w70n51.sys (Intel® Corporation)
DRV - (s24trans) -- C:\WINDOWS\system32\drivers\s24trans.sys (Intel Corporation)
DRV - (O2SCBUS) -- C:\WINDOWS\system32\drivers\ozscr.sys (O2Micro)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Roxio)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Roxio)
DRV - (cdudf_xp) -- C:\WINDOWS\System32\drivers\cdudf_xp.sys (Roxio)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1409082233-436374069-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com/av ... x_homepage
IE - HKU\S-1-5-21-1409082233-436374069-839522115-1003\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-1409082233-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1409082233-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\S-1-5-21-1409082233-436374069-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:29775

FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/01/09 13:53:10 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\ [2011/01/08 10:47:40 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2003/07/16 11:23:48 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1409082233-436374069-839522115-1003\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-1409082233-436374069-839522115-1003\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\4.3.0.5\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [AdaptecDirectCD] C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe (Roxio)
O4 - HKLM..\Run: [ATIModeChange] C:\WINDOWS\System32\Ati2mdxx.exe (ATI Technologies, Inc.)
O4 - HKLM..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe ()
O4 - HKLM..\Run: [gcjxksxw] File not found
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [PRONoMgr.exe] C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [SigmaTel StacMon] C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe (SigmaTel Inc.)
O4 - HKU\S-1-5-21-1409082233-436374069-839522115-1003..\Run: [gcjxksxw] File not found
O4 - HKU\S-1-5-21-1409082233-436374069-839522115-1003..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe (InterVideo Inc.)
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1409082233-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\S-1-5-21-1409082233-436374069-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: _NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/200 ... oader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windows ... 7996646235 (WUWebControl Class)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.co ... nos/gp.cab (get_atlcom Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shoc ... wflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 93.188.163.70,93.188.166.9
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll ()
O20 - Winlogon\Notify\NavLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\Sebring: DllName - C:\WINDOWS\System32\LgNotify.dll - C:\WINDOWS\system32\LgNotify.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\admin\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/10/17 00:53:22 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{649f22e0-64e4-11df-8bf5-000cf14c2522}\Shell - "" = AutoRun
O33 - MountPoints2\{649f22e0-64e4-11df-8bf5-000cf14c2522}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{649f22e0-64e4-11df-8bf5-000cf14c2522}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/30 16:22:12 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2011/01/29 09:55:54 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/01/29 09:55:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Start Menu\Programs\HiJackThis
[2011/01/26 21:57:44 | 000,656,320 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2011/01/26 21:57:44 | 000,338,880 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/01/26 21:57:42 | 000,249,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/01/26 21:57:34 | 000,239,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/01/26 21:57:34 | 000,160,448 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/01/26 21:57:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/01/26 21:57:12 | 000,070,536 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/01/26 21:56:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/01/26 21:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/01/26 21:56:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/01/26 21:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2011/01/26 21:56:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\Application Data\PC Tools
[2011/01/26 21:51:43 | 038,357,320 | ---- | C] (PC Tools ) -- C:\Documents and Settings\admin\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/01/22 07:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2011/01/09 14:10:49 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/01/09 14:10:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/09 14:10:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/01/09 14:10:43 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/01/09 14:10:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/09 13:54:39 | 000,361,904 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdi.sys
[2011/01/09 13:54:39 | 000,339,504 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symtdiv.sys
[2011/01/09 13:54:38 | 000,328,752 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.sys
[2011/01/09 13:54:38 | 000,325,680 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.sys
[2011/01/09 13:54:38 | 000,173,104 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.sys
[2011/01/09 13:54:38 | 000,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.sys
[2011/01/09 13:54:37 | 000,501,888 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.sys
[2011/01/09 13:54:37 | 000,116,784 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\N360\0403000.005\ironx86.sys
[2011/01/09 13:53:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360\0403000.005
[2011/01/08 10:48:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\admin\My Documents\Symantec
[2011/01/08 10:46:20 | 000,124,976 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/08 10:46:20 | 000,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/08 10:45:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\N360
[2011/01/08 10:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2011/01/08 10:44:56 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
[2011/01/08 10:44:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
[2011/01/08 10:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Norton
[2011/01/08 10:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/30 16:22:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\admin\Desktop\OTL.exe
[2011/01/30 16:12:20 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2011/01/30 09:31:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/29 09:53:51 | 001,402,880 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.msi
[2011/01/29 09:43:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/29 09:41:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/28 23:01:49 | 000,015,386 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\ductwork.xlsx
[2011/01/28 22:37:22 | 000,008,619 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\attorney fee.xlsx
[2011/01/28 22:36:22 | 000,008,496 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\jobs.xlsx
[2011/01/26 21:57:53 | 000,562,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/26 21:57:31 | 000,001,664 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/26 21:53:32 | 000,048,640 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\My computer caught this redirect virus infection via a fake music website and even I consider myself a geek.doc
[2011/01/26 21:51:49 | 038,357,320 | ---- | M] (PC Tools ) -- C:\Documents and Settings\admin\Desktop\8.0.0.623j-SDAFFsetup_en-RevenueWire(207).exe
[2011/01/25 19:41:55 | 000,003,584 | ---- | M] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/22 07:05:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/20 20:47:30 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\admin\My Documents\BrianProfessionalResume[1][1].doc
[2011/01/14 23:50:43 | 015,955,546 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\House Pictures.zip
[2011/01/09 14:21:40 | 000,001,889 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2011/01/09 14:20:57 | 000,562,414 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/01/09 14:10:51 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 13:03:13 | 000,000,016 | ---- | M] () -- C:\WINDOWS\System32\dmlconf.dat
[2011/01/08 10:46:19 | 000,124,976 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/01/08 10:46:19 | 000,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/01/08 10:46:19 | 000,007,443 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/08 10:46:19 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/06 20:22:41 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\admin\Desktop\BrianProfessionalResume.doc
[2011/01/02 18:50:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/29 09:55:55 | 000,002,447 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.lnk
[2011/01/29 09:53:50 | 001,402,880 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\HiJackThis.msi
[2011/01/28 22:37:09 | 000,008,619 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\attorney fee.xlsx
[2011/01/28 22:36:21 | 000,008,496 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\jobs.xlsx
[2011/01/28 20:37:39 | 000,015,386 | ---- | C] () -- C:\Documents and Settings\admin\My Documents\ductwork.xlsx
[2011/01/26 21:57:47 | 000,562,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2011/01/26 21:57:31 | 000,001,664 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Spyware Doctor.lnk
[2011/01/26 21:53:31 | 000,048,640 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\My computer caught this redirect virus infection via a fake music website and even I consider myself a geek.doc
[2011/01/25 19:41:19 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\admin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/01/14 23:50:28 | 015,955,546 | ---- | C] () -- C:\Documents and Settings\admin\Desktop\House Pictures.zip
[2011/01/09 14:20:45 | 000,562,414 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\Cat.DB
[2011/01/09 14:10:50 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/09 13:54:39 | 000,007,787 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.cat
[2011/01/09 13:54:39 | 000,001,473 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnetv.inf
[2011/01/09 13:54:38 | 000,007,873 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.cat
[2011/01/09 13:54:38 | 000,007,442 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.cat
[2011/01/09 13:54:38 | 000,007,425 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.cat
[2011/01/09 13:54:38 | 000,007,368 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.cat
[2011/01/09 13:54:38 | 000,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symefa.inf
[2011/01/09 13:54:38 | 000,002,793 | R--- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symds.inf
[2011/01/09 13:54:38 | 000,001,445 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\symnet.inf
[2011/01/09 13:54:38 | 000,001,388 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtspx.inf
[2011/01/09 13:54:38 | 000,001,382 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.inf
[2011/01/09 13:54:37 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\srtsp.cat
[2011/01/09 13:54:37 | 000,007,438 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.cat
[2011/01/09 13:54:37 | 000,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.cat
[2011/01/09 13:54:37 | 000,001,754 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\cchpx86.inf
[2011/01/09 13:54:37 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\iron.inf
[2011/01/09 13:53:16 | 000,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\N360\0403000.005\isolate.ini
[2011/01/08 10:46:20 | 000,007,443 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/01/08 10:46:20 | 000,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/01/08 10:45:56 | 000,001,889 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360.LNK
[2010/06/11 15:11:04 | 000,000,410 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2010/01/09 14:43:51 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2008/09/24 08:45:07 | 000,000,359 | ---- | C] () -- C:\WINDOWS\Map98.ini
[2008/09/12 13:44:53 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/10/17 01:11:54 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2004/10/16 20:39:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/09 09:10:48 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\C1XStngs.dll
[2003/09/10 01:17:24 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2003/09/10 01:17:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >


OTL Extras logfile created on: 1/30/2011 4:23:27 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\admin\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,023.00 Mb Total Physical Memory | 380.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 27.95 Gb Total Space | 18.04 Gb Free Space | 64.54% Space Free | Partition Type: NTFS

Computer Name: DELL-D600 | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Intel\NCS\PROSet\PROSet.exe" = C:\Program Files\Intel\NCS\PROSet\PROSet.exe:*:Enabled:Intel(R) PROSet -- (Intel(R) Corporation)
"C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe" = C:\Program Files\Common Files\Adaptec Shared\CreateCD\CreateCD50.exe:*:Enabled:Burn CD & DVDs with Roxio -- (Roxio)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2C351DB8-E088-41A2-9BF0-113727FBB697}" = Intel(R) PROSet
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{609F7AC8-C510-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Basic
"{6A473C30-0F08-4E14-964E-6317BB9F1458}" = Auction Flex
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7959721D-8268-4565-9E0E-C41A9F4848A9}" = SigmaTel AC97 Audio Drivers
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{30BF33E6-32BF-415A-8AB9-8056D94F1818}" =
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A90000000001}" = Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"{C1939820-A945-11D4-86F6-0001031E5712}" = InterVideo WinDVD
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CCBD5E26-37F6-11D1-883A-3C8B00C10000}" = Deed Plotter+ for Windows
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D78653C3-A8FF-415F-92E6-D774E634FF2D}" = Dell ResourceCD
"{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"{E89956F9-5B89-470E-818D-BD46102D0A01}" = Citrix Presentation Server Client
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"CNXT_MODEM_PCI_VEN_8086&DEV_24x6&SUBSYS_542214F1" = Conexant D480 MDC V.9x Modem
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ie8" = Windows Internet Explorer 8
"InstallShield_{BE6890C7-31EF-478C-812E-1E2899ABFCA9}" = Broadcom Gigabit Integrated Controller
"InstallShield_{E1547FCE-F5DD-4D77-8C71-13B6A2B8F527}" = O2Micro Smartcard Driver
"InterActual Player" = InterActual Player
"LiveUpdate" = LiveUpdate 2.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"N360" = Norton 360
"Spyware Doctor" = Spyware Doctor 8.0
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/29/2011 8:01:23 PM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12118

Error - 1/29/2011 8:01:23 PM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12118

Error - 1/29/2011 11:21:38 PM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/29/2011 11:21:38 PM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 12027084

Error - 1/29/2011 11:21:38 PM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 12027084

Error - 1/30/2011 10:21:29 AM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 1/30/2011 10:21:29 AM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 37050256

Error - 1/30/2011 10:21:29 AM | Computer Name = DELL-D600 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 37050256

Error - 1/30/2011 10:22:11 AM | Computer Name = DELL-D600 | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a633b.

Error - 1/30/2011 5:02:20 PM | Computer Name = DELL-D600 | Source = Application Error | ID = 1000
Description = Faulting application spoolsv.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x001a633b.

[ OSession Events ]
Error - 9/22/2010 7:09:05 AM | Computer Name = DELL-D600 | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 16, Application Name: Microsoft Office Groove, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 59
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 1/26/2011 11:19:04 PM | Computer Name = DELL-D600 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/26/2011 11:23:39 PM | Computer Name = DELL-D600 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.124. The machine with the IP address 192.168.1.125 did
not allow the name to be claimed by this machine.

Error - 1/26/2011 11:28:49 PM | Computer Name = DELL-D600 | Source = NetBT | ID = 4321
Description = The name "WORKGROUP :1d" could not be registered on the Interface
with IP address 192.168.1.124. The machine with the IP address 192.168.1.125 did
not allow the name to be claimed by this machine.

Error - 1/27/2011 8:36:21 PM | Computer Name = DELL-D600 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/28/2011 9:53:39 PM | Computer Name = DELL-D600 | Source = Ftdisk | ID = 262189
Description = The system could not sucessfully load the crash dump driver.

Error - 1/28/2011 9:53:39 PM | Computer Name = DELL-D600 | Source = Ftdisk | ID = 262193
Description = Configuring the Page file for crash dump failed. Make sure there is
a page file on the boot partition and that is large enough to contain all physical
memory.

Error - 1/29/2011 11:23:25 PM | Computer Name = DELL-D600 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 1/30/2011 10:22:03 AM | Computer Name = DELL-D600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.

Error - 1/30/2011 10:22:21 AM | Computer Name = DELL-D600 | Source = Service Control Manager | ID = 7031
Description = The Print Spooler service terminated unexpectedly. It has done this
1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 1/30/2011 5:02:14 PM | Computer Name = DELL-D600 | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the Spooler service.


< End of report >


GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-30 16:44:13
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC25N030ATMR04-0 rev.MOAOAD0A
Running: xu0246ht.exe; Driver: C:\DOCUME~1\admin\LOCALS~1\Temp\kwliypod.sys


---- System - GMER 1.0.15 ----

SSDT 85E8D050 ZwAlertResumeThread
SSDT 85E46050 ZwAlertThread
SSDT 85E85A60 ZwAllocateVirtualMemory
SSDT 85E4C050 ZwAssignProcessToJobObject
SSDT 85EF15F0 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF76E46FA]
SSDT 85E85360 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF76C2F68]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF76C3230]
SSDT 85EC7680 ZwCreateSymbolicLinkObject
SSDT 86505798 ZwCreateThread
SSDT 85DF1050 ZwDebugActiveProcess
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF76E50B4]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF76E543E]
SSDT 85D61AE0 ZwDuplicateObject
SSDT 85D73EF8 ZwFreeVirtualMemory
SSDT 85DF4050 ZwImpersonateAnonymousToken
SSDT 85E6E050 ZwImpersonateThread
SSDT 85EF6B90 ZwLoadDriver
SSDT 86694C48 ZwMapViewOfSection
SSDT 85E6C050 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF76E3938]
SSDT 85E78D08 ZwOpenProcess
SSDT 85E48050 ZwOpenProcessToken
SSDT 85EB4BD0 ZwOpenSection
SSDT 85EB6098 ZwOpenThread
SSDT 85EC7750 ZwProtectVirtualMemory
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF76E5982]
SSDT 85DBD050 ZwResumeThread
SSDT 85ECFE08 ZwSetContextThread
SSDT 85E78330 ZwSetInformationProcess
SSDT 85E3F050 ZwSetSystemInformation
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF76E4AB8]
SSDT 85E95050 ZwSuspendProcess
SSDT 85E47050 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF76C29D8]
SSDT 85E4D050 ZwTerminateThread
SSDT 85DA0050 ZwUnmapViewOfSection
SSDT 85D58278 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 7C 804E26D8 8 Bytes CALL 64AE7762
.text ntoskrnl.exe!_abnormal_termination + 15D 804E27B9 3 Bytes [1A, D6, 85]
.text ntoskrnl.exe!_abnormal_termination + 440 804E2A9C 8 Bytes JMP 64BE7B26
? SYMDS.SYS The system cannot find the file specified. !
? SYMEFA.SYS The system cannot find the file specified. !
.rsrc C:\WINDOWS\system32\drivers\agp440.sys entry point in ".rsrc" section [0xF7888814]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\1XConfig.exe[300] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01720001
.text C:\WINDOWS\System32\1XConfig.exe[300] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\WINDOWS\System32\1XConfig.exe[300] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\System32\1XConfig.exe[300] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\System32\1XConfig.exe[300] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\WINDOWS\System32\1XConfig.exe[300] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Program Files\PC Tools Security\pctsGui.exe[492] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044BB9D C:\Program Files\PC Tools Security\pctsGui.exe (PC Tools GUI Application/PC Tools)
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F40001
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] user32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] user32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] user32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] user32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[508] user32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00D59315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00E34832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00F4E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00F4DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00F4DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00F4DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00F4DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00F4E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[764] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00F4DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\WINDOWS\system32\Ati2evxx.exe[804] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01150001
.text C:\WINDOWS\system32\Ati2evxx.exe[804] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[804] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\Ati2evxx.exe[804] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\Ati2evxx.exe[804] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\Ati2evxx.exe[804] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\PC Tools Security\pctsSvc.exe[944] kernel32.dll!CreateThread + 1A 7C8106E1 4 Bytes CALL 0044BEE1 C:\Program Files\PC Tools Security\pctsSvc.exe (PC Tools Security Service/PC Tools)
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01C50001
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\ZCfgSvc.exe[1708] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\Messenger\msmsgs.exe[1732] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00FD0001
.text C:\Program Files\Messenger\msmsgs.exe[1732] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A10F5A
.text C:\Program Files\Messenger\msmsgs.exe[1732] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Messenger\msmsgs.exe[1732] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Messenger\msmsgs.exe[1732] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A3, 71]
.text C:\Program Files\Messenger\msmsgs.exe[1732] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719E0F5A
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\admin\Desktop\OTL.exe[1852] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe[2672] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 047F0001
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] kernel32.dll!SetUnhandledExceptionFilter 7C8449FD 5 Bytes JMP 32605629 C:\Program Files\Common Files\Microsoft Shared\office12\mso.dll (2007 Microsoft Office component/Microsoft Corporation)
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 719C0F5A
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [9E, 71]
.text C:\Program Files\Microsoft Office\Office12\GROOVE.EXE[2808] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71990F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00EA0001
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE[2892] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01920001
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Intel\NCS\PROSet\PRONoMgr.exe[3008] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01420001
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[3288] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01380001
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe[3352] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01620001
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A20F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A4, 71]
.text C:\Program Files\Dell\QuickSet\quickset.exe[3416] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 719F0F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 01390001
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe[3484] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00F10001
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe[3612] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 04DF0001
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 719C0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [9E, 71]
.text C:\Program Files\iTunes\iTunesHelper.exe[3864] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71990F5A
.text C:\WINDOWS\system32\ctfmon.exe[3964] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00D20001
.text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A50F5A
.text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AE0F5A
.text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A7, 71]
.text C:\WINDOWS\system32\ctfmon.exe[3964] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A20F5A
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 003F0001
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\Documents and Settings\admin\Desktop\xu0246ht.exe[4560] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A
.text C:\WINDOWS\notepad.exe[4800] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\WINDOWS\notepad.exe[4800] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\WINDOWS\notepad.exe[4800] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\notepad.exe[4800] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[4800] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\notepad.exe[4800] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] ntdll.dll!RtlValidateUnicodeString + 554 7C91639E 10 Bytes JMP 0677003A
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!DialogBoxParamW 7E4247AB 5 Bytes JMP 00D59315 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!SetWindowsHookExW 7E42820F 5 Bytes JMP 00E2DBCB C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!CallNextHookEx 7E42B3C6 5 Bytes JMP 00E2DD81 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!CreateWindowExW 7E42D0A3 5 Bytes JMP 00E34832 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!UnhookWindowsHookEx 7E42D5F3 5 Bytes JMP 00D91CA2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!DialogBoxIndirectParamW 7E432072 5 Bytes JMP 00F4E021 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!MessageBoxIndirectA 7E43A082 5 Bytes JMP 00F4DF51 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!DialogBoxParamA 7E43B144 5 Bytes JMP 00F4DFBE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!MessageBoxExW 7E450838 5 Bytes JMP 00F4DE22 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!MessageBoxExA 7E45085C 5 Bytes JMP 00F4DE84 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!DialogBoxIndirectParamA 7E456D7D 5 Bytes JMP 00F4E084 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] USER32.dll!MessageBoxIndirectW 7E4664D5 5 Bytes JMP 00F4DEE6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] ole32.dll!OleInitialize + E37 77500521 7 Bytes JMP 06770326
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00E3488E C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[5092] ole32.dll!CoImpersonateClient + 51 775156C0 7 Bytes JMP 067703DC
.text C:\WINDOWS\notepad.exe[5704] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 00AF0001
.text C:\WINDOWS\notepad.exe[5704] USER32.dll!ChangeDisplaySettingsExA 7E42384E 6 Bytes JMP 71A60F5A
.text C:\WINDOWS\notepad.exe[5704] USER32.dll!SetForegroundWindow 7E4242ED 6 Bytes JMP 71AF0F5A
.text C:\WINDOWS\notepad.exe[5704] USER32.dll!SetWindowPos 7E4299F3 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\notepad.exe[5704] USER32.dll!SetWindowPos + 4 7E4299F7 2 Bytes [A8, 71] {TEST AL, 0x71}
.text C:\WINDOWS\notepad.exe[5704] USER32.dll!ChangeDisplaySettingsExW 7E4595BD 6 Bytes JMP 71A30F5A

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Internet Explorer\iexplore.exe[5092] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [018F18FD] C:\Program Files\Internet Explorer\xpshims.dll (Internet Explorer Compatibility Shims for XP/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)
Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 866AFAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 866AFAEA
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 866AFAEA
Device \Driver\PCTSDInjDriver32 \Device\PCTSDInjDriver32 PCTSDInj32.sys (UM Injection Driver/PC Tools)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskIC25N030ATMR04-0________________________MOAOAD0A#5&2b81b351&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS@StateIndex 0

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 sectors 58604864 (+255): rootkit-like behavior;

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\agp440.sys suspicious modification; TDL3 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
bbeeboppin
Active Member
 
Posts: 5
Joined: January 28th, 2011, 10:22 pm

Re: google redirect problem

Unread postby Gary R » January 31st, 2011, 3:00 am

This computer was primarily work. Currently primarily home. In the future will most likely be primarily work again.



I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The sections ....
.... explain why we do not offer help for such computers.

This topic is now closed
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware