Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirection to random sites using google and other sites

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirection to random sites using google and other sites

Unread postby bubkwa » March 19th, 2011, 1:38 pm

Hi,

My computer whether chrome or firefox keeps redirecting me to different sites when i google. Symmantec Endpoint is not updating properly, and malewarebytes anti-malware scan comes out clean.

Note: if i paste either dds.txt and attach.txt, it's too large of a file for this forum (ie 735,235 characters), i also (realizing that it's a forum no-no) tried attaching either of these scans, but they were too large as well. Please don't close this topic!

Help!
bubkwa
Active Member
 
Posts: 4
Joined: March 19th, 2011, 10:25 am
Advertisement
Register to Remove

Re: Redirection to random sites using google and other sites

Unread postby askey127 » March 21st, 2011, 6:49 am

Hi bubkwa,
Let's try this:
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    (Vista - W7 users: Right-click and select "Run As Administrator")
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss in the filename is the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.
---------------------------------------------
Run a Short Scan with OTL
  • Download OTL to your desktop.
  • Double click the OTL icon to run it.
    (For Vista or Win7, Right click the OTL icon and choose "Run as administrator". Allow the UAC if it asks.)
  • In the Modules frame, check None
  • In The Drivers Frame, check None
  • In The Extra Registry Frame, check None
  • In the Frame labeled "Files Created Within", check None
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan won't take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location
    as OTL (should be on your desktop).
  • Please copy the contents of each of these files, one at a time, and post them in your next reply. Use two replies if you wish.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirection to random sites using google and other sites

Unread postby bubkwa » March 21st, 2011, 11:58 pm

Hi askey127,

There were three files from the tdss rootkit removing tool. Also, I ran the otl scan twice, but did not get a the second notepad window "extra.txt" you mentioned. I'm not quite sure what i'm doing wrong. I ran it previously on saturday, and the extra.txt did appear. I can paste it on if you like, but it would not have taken the rootkit removing tool into account.

1)
2011/03/21 23:22:58.0109 1232 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/21 23:22:58.0203 1232 ================================================================================
2011/03/21 23:22:58.0203 1232 SystemInfo:
2011/03/21 23:22:58.0203 1232
2011/03/21 23:22:58.0203 1232 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/21 23:22:58.0203 1232 Product type: Workstation
2011/03/21 23:22:58.0203 1232 ComputerName: MIMSERS
2011/03/21 23:22:58.0203 1232 UserName: thea
2011/03/21 23:22:58.0203 1232 Windows directory: C:\WINDOWS
2011/03/21 23:22:58.0203 1232 System windows directory: C:\WINDOWS
2011/03/21 23:22:58.0203 1232 Processor architecture: Intel x86
2011/03/21 23:22:58.0203 1232 Number of processors: 2
2011/03/21 23:22:58.0203 1232 Page size: 0x1000
2011/03/21 23:22:58.0203 1232 Boot type: Normal boot
2011/03/21 23:22:58.0203 1232 ================================================================================
2011/03/21 23:22:58.0968 1232 Initialize success
2011/03/21 23:32:10.0234 5200 Deinitialize success

2)
2011/03/21 23:32:17.0031 5624 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/21 23:32:17.0250 5624 ================================================================================
2011/03/21 23:32:17.0250 5624 SystemInfo:
2011/03/21 23:32:17.0250 5624
2011/03/21 23:32:17.0250 5624 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/21 23:32:17.0250 5624 Product type: Workstation
2011/03/21 23:32:17.0250 5624 ComputerName: MIMSERS
2011/03/21 23:32:17.0250 5624 UserName: thea
2011/03/21 23:32:17.0250 5624 Windows directory: C:\WINDOWS
2011/03/21 23:32:17.0250 5624 System windows directory: C:\WINDOWS
2011/03/21 23:32:17.0250 5624 Processor architecture: Intel x86
2011/03/21 23:32:17.0250 5624 Number of processors: 2
2011/03/21 23:32:17.0250 5624 Page size: 0x1000
2011/03/21 23:32:17.0250 5624 Boot type: Normal boot
2011/03/21 23:32:17.0250 5624 ================================================================================
2011/03/21 23:32:17.0421 5624 Initialize success
2011/03/21 23:32:43.0812 4136 Deinitialize success

3)
2011/03/21 23:34:26.0312 5980 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/03/21 23:34:26.0515 5980 ================================================================================
2011/03/21 23:34:26.0515 5980 SystemInfo:
2011/03/21 23:34:26.0515 5980
2011/03/21 23:34:26.0515 5980 OS Version: 5.1.2600 ServicePack: 3.0
2011/03/21 23:34:26.0515 5980 Product type: Workstation
2011/03/21 23:34:26.0515 5980 ComputerName: MIMSERS
2011/03/21 23:34:26.0515 5980 UserName: thea
2011/03/21 23:34:26.0515 5980 Windows directory: C:\WINDOWS
2011/03/21 23:34:26.0515 5980 System windows directory: C:\WINDOWS
2011/03/21 23:34:26.0515 5980 Processor architecture: Intel x86
2011/03/21 23:34:26.0515 5980 Number of processors: 2
2011/03/21 23:34:26.0515 5980 Page size: 0x1000
2011/03/21 23:34:26.0515 5980 Boot type: Normal boot
2011/03/21 23:34:26.0515 5980 ================================================================================
2011/03/21 23:34:26.0734 5980 Initialize success
2011/03/21 23:35:02.0375 3952 ================================================================================
2011/03/21 23:35:02.0375 3952 Scan started
2011/03/21 23:35:02.0375 3952 Mode: Manual;
2011/03/21 23:35:02.0375 3952 ================================================================================
2011/03/21 23:35:03.0578 3952 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/03/21 23:35:03.0593 3952 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/03/21 23:35:03.0671 3952 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/03/21 23:35:03.0718 3952 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys
2011/03/21 23:35:03.0968 3952 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/03/21 23:35:04.0046 3952 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/03/21 23:35:04.0078 3952 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/03/21 23:35:04.0125 3952 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/03/21 23:35:04.0296 3952 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/03/21 23:35:04.0328 3952 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/03/21 23:35:04.0406 3952 BoiHwsetup (141befbd4f2a84a66e2f54b9e32e40d1) C:\WINDOWS\system32\drivers\BoiHwSetup.sys
2011/03/21 23:35:04.0500 3952 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/03/21 23:35:04.0593 3952 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/03/21 23:35:04.0640 3952 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/03/21 23:35:04.0671 3952 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/03/21 23:35:04.0765 3952 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/03/21 23:35:04.0890 3952 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/03/21 23:35:04.0937 3952 CnxtHdAudAddService (2d783d33cd64ddbb2171ecfa56249c50) C:\WINDOWS\system32\drivers\CHDAud.sys
2011/03/21 23:35:05.0046 3952 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/03/21 23:35:05.0250 3952 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys
2011/03/21 23:35:05.0265 3952 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/03/21 23:35:05.0328 3952 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/03/21 23:35:05.0578 3952 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/03/21 23:35:05.0593 3952 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/03/21 23:35:05.0656 3952 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/03/21 23:35:05.0718 3952 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/03/21 23:35:05.0765 3952 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/03/21 23:35:06.0031 3952 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/03/21 23:35:06.0078 3952 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/03/21 23:35:06.0093 3952 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/03/21 23:35:06.0140 3952 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/03/21 23:35:06.0171 3952 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/03/21 23:35:06.0203 3952 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/03/21 23:35:06.0250 3952 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2011/03/21 23:35:06.0437 3952 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/03/21 23:35:06.0484 3952 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/03/21 23:35:06.0546 3952 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/03/21 23:35:06.0750 3952 HPZid412 (30ca91e657cede2f95359d6ef186f650) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
2011/03/21 23:35:06.0781 3952 HPZipr12 (efd31afa752aa7c7bbb57bcbe2b01c78) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
2011/03/21 23:35:06.0843 3952 HPZius12 (7ac43c38ca8fd7ed0b0a4466f753e06e) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
2011/03/21 23:35:07.0046 3952 HSFHWAZL (03a51d7d5666df3d4331581b3a3109dc) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/03/21 23:35:07.0125 3952 HSF_DPV (d92272a376bba4a0ed61f92280d71a10) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/03/21 23:35:07.0312 3952 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/03/21 23:35:07.0390 3952 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/03/21 23:35:07.0593 3952 ialm (f592a1b020723cfbd3d2722514066449) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
2011/03/21 23:35:07.0984 3952 iaStor (db0cc620b27a928d968c1a1e9cd9cb87) C:\WINDOWS\system32\drivers\iaStor.sys
2011/03/21 23:35:08.0015 3952 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/03/21 23:35:08.0218 3952 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/03/21 23:35:08.0250 3952 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/03/21 23:35:08.0296 3952 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/03/21 23:35:08.0312 3952 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/03/21 23:35:08.0484 3952 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/03/21 23:35:08.0531 3952 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/03/21 23:35:08.0578 3952 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/03/21 23:35:08.0609 3952 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/03/21 23:35:08.0781 3952 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/03/21 23:35:08.0828 3952 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/03/21 23:35:08.0890 3952 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/03/21 23:35:09.0109 3952 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/03/21 23:35:09.0140 3952 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/03/21 23:35:09.0156 3952 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/03/21 23:35:09.0234 3952 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/03/21 23:35:09.0375 3952 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/03/21 23:35:09.0406 3952 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/03/21 23:35:09.0500 3952 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/03/21 23:35:09.0593 3952 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/03/21 23:35:09.0656 3952 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/03/21 23:35:09.0718 3952 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/03/21 23:35:09.0750 3952 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/03/21 23:35:09.0781 3952 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/03/21 23:35:09.0890 3952 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/03/21 23:35:09.0906 3952 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/03/21 23:35:09.0953 3952 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/03/21 23:35:10.0015 3952 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/03/21 23:35:10.0046 3952 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/03/21 23:35:10.0156 3952 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/03/21 23:35:10.0187 3952 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/03/21 23:35:10.0250 3952 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/03/21 23:35:10.0281 3952 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/03/21 23:35:10.0375 3952 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/03/21 23:35:10.0421 3952 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/03/21 23:35:10.0437 3952 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/03/21 23:35:10.0531 3952 NetBT (5ab96dfe1a7212022d0ef10f01908be7) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/21 23:35:10.0531 3952 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 5ab96dfe1a7212022d0ef10f01908be7, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/03/21 23:35:10.0531 3952 NetBT - detected Rootkit.Win32.TDSS.tdl3 (0)
2011/03/21 23:35:10.0578 3952 Netdevio (1265eb253ed4ebe4acb3bd5f548ff796) C:\WINDOWS\system32\DRIVERS\netdevio.sys
2011/03/21 23:35:10.0953 3952 NETw5x32 (0888844230083ce3b47395102bca8207) C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
2011/03/21 23:35:11.0328 3952 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/03/21 23:35:11.0390 3952 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/03/21 23:35:11.0453 3952 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/03/21 23:35:11.0531 3952 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/03/21 23:35:11.0640 3952 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/03/21 23:35:11.0687 3952 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/03/21 23:35:11.0734 3952 O2MDRDR (0c95ba8d98c39fba5383461f53254c02) C:\WINDOWS\system32\DRIVERS\o2media.sys
2011/03/21 23:35:11.0765 3952 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/03/21 23:35:11.0953 3952 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys
2011/03/21 23:35:11.0968 3952 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/03/21 23:35:12.0000 3952 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/03/21 23:35:12.0015 3952 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/03/21 23:35:12.0093 3952 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/03/21 23:35:12.0234 3952 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/03/21 23:35:12.0328 3952 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/03/21 23:35:12.0343 3952 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/03/21 23:35:12.0390 3952 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/03/21 23:35:12.0500 3952 QIOMem (3267952ec32cce7867dc6ee533f33391) C:\WINDOWS\system32\DRIVERS\QIOMem.sys
2011/03/21 23:35:12.0515 3952 qkbfiltr (7dc7aca4e775e9d823f5773a2f47a2ac) C:\WINDOWS\system32\drivers\qkbfiltr.sys
2011/03/21 23:35:12.0609 3952 qmofiltr (8652b9e134c3478be948bf089df8ed5e) C:\WINDOWS\system32\drivers\qmofiltr.sys
2011/03/21 23:35:12.0687 3952 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/03/21 23:35:12.0843 3952 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/03/21 23:35:12.0859 3952 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/03/21 23:35:12.0875 3952 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/03/21 23:35:12.0890 3952 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/03/21 23:35:12.0953 3952 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/03/21 23:35:13.0125 3952 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/03/21 23:35:13.0171 3952 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/03/21 23:35:13.0234 3952 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/03/21 23:35:13.0468 3952 s24trans (2bc0b847cbcfe62a79b18ce0b440334d) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/03/21 23:35:13.0515 3952 sdbus (8d04819a3ce51b9eb47e5689b44d43c4) C:\WINDOWS\system32\DRIVERS\sdbus.sys
2011/03/21 23:35:13.0562 3952 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/03/21 23:35:13.0812 3952 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
2011/03/21 23:35:13.0859 3952 sffdisk (0fa803c64df0914b41f807ea276bf2a6) C:\WINDOWS\system32\DRIVERS\sffdisk.sys
2011/03/21 23:35:13.0875 3952 sffp_sd (c17c331e435ed8737525c86a7557b3ac) C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
2011/03/21 23:35:14.0078 3952 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/03/21 23:35:14.0125 3952 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/03/21 23:35:14.0203 3952 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/03/21 23:35:14.0421 3952 sptd (d15da1ba189770d93eea2d7e18f95af9) C:\WINDOWS\system32\Drivers\sptd.sys
2011/03/21 23:35:14.0421 3952 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d15da1ba189770d93eea2d7e18f95af9
2011/03/21 23:35:14.0437 3952 sptd - detected Locked file (1)
2011/03/21 23:35:14.0468 3952 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/03/21 23:35:14.0640 3952 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/03/21 23:35:14.0687 3952 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/03/21 23:35:14.0734 3952 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/03/21 23:35:14.0921 3952 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/03/21 23:35:15.0015 3952 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
2011/03/21 23:35:15.0109 3952 SynTP (82933c4fb0f915701f63ca8e35e746a6) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/03/21 23:35:15.0296 3952 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/03/21 23:35:15.0375 3952 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/03/21 23:35:15.0578 3952 tdcmdpst (2f8bfbdb5824c71f672779b4b8cf8b01) C:\WINDOWS\system32\DRIVERS\tdcmdpst.sys
2011/03/21 23:35:15.0625 3952 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/03/21 23:35:15.0656 3952 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/03/21 23:35:15.0812 3952 tdudf (f56a9327c58ff985616c5e197472932c) C:\WINDOWS\system32\DRIVERS\tdudf.sys
2011/03/21 23:35:15.0843 3952 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/03/21 23:35:15.0953 3952 tosrfec (5c4103544612e5011ef46301b93d1aa6) C:\WINDOWS\system32\DRIVERS\tosrfec.sys
2011/03/21 23:35:16.0171 3952 trudf (3f9ba8878aa26d0831116733f9bc53ff) C:\WINDOWS\system32\DRIVERS\trudf.sys
2011/03/21 23:35:16.0203 3952 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/03/21 23:35:16.0265 3952 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/03/21 23:35:16.0453 3952 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
2011/03/21 23:35:16.0531 3952 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/03/21 23:35:16.0718 3952 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/03/21 23:35:16.0750 3952 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/03/21 23:35:16.0796 3952 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/03/21 23:35:16.0828 3952 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/03/21 23:35:17.0015 3952 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/03/21 23:35:17.0078 3952 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/03/21 23:35:17.0140 3952 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/03/21 23:35:17.0312 3952 UVCFTR (8c5094a8ab24de7496c7c19942f2df04) C:\WINDOWS\system32\Drivers\UVCFTR_S.SYS
2011/03/21 23:35:17.0343 3952 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/03/21 23:35:17.0390 3952 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/03/21 23:35:17.0421 3952 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/03/21 23:35:17.0500 3952 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/03/21 23:35:17.0703 3952 winachsf (ed10a3d367dd5596506022d5e2a3cba0) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/03/21 23:35:17.0781 3952 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/03/21 23:35:17.0953 3952 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/03/21 23:35:18.0031 3952 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/03/21 23:35:18.0062 3952 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/03/21 23:35:18.0140 3952 yukonwxp (d57a909f1a9114d5d18a2eacb1afecd5) C:\WINDOWS\system32\DRIVERS\yk51x86.sys
2011/03/21 23:35:18.0312 3952 ================================================================================
2011/03/21 23:35:18.0312 3952 Scan finished
2011/03/21 23:35:18.0312 3952 ================================================================================
2011/03/21 23:35:18.0328 2244 Detected object count: 2
2011/03/21 23:36:13.0218 2244 NetBT (5ab96dfe1a7212022d0ef10f01908be7) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/03/21 23:36:13.0218 2244 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\netbt.sys. Real md5: 5ab96dfe1a7212022d0ef10f01908be7, Fake md5: 74b2b2f5bea5e9a3dc021d685551bd3d
2011/03/21 23:36:14.0015 2244 Backup copy found, using it..
2011/03/21 23:36:14.0015 2244 C:\WINDOWS\system32\DRIVERS\netbt.sys - will be cured after reboot
2011/03/21 23:36:14.0015 2244 Rootkit.Win32.TDSS.tdl3(NetBT) - User select action: Cure
2011/03/21 23:36:14.0015 2244 Locked file(sptd) - User select action: Skip
2011/03/21 23:36:26.0281 5256 Deinitialize success

OTL:
OTL logfile created on: 3/21/2011 11:44:00 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\thea\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 92.16 Gb Free Space | 41.14% Space Free | Partition Type: NTFS

Computer Name: MIMSERS | User Name: thea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/21 23:43:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thea\My Documents\Downloads\OTL (1).exe
PRC - [2011/03/17 03:15:04 | 001,004,088 | ---- | M] (Google Inc.) -- C:\Documents and Settings\thea\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2011/01/22 03:13:36 | 000,312,640 | ---- | M] (Smilebox, Inc.) -- C:\Documents and Settings\thea\Application Data\Smilebox\SmileboxTray.exe
PRC - [2010/02/28 00:51:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
PRC - [2010/02/26 01:10:20 | 021,979,992 | ---- | M] () -- C:\Documents and Settings\thea\Application Data\Dropbox\bin\Dropbox.exe
PRC - [2009/10/05 20:14:22 | 002,075,384 | ---- | M] (Veoh Networks) -- C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
PRC - [2009/03/09 11:49:18 | 000,037,888 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/12/29 06:40:30 | 000,687,560 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Lite\daemon.exe
PRC - [2008/10/14 21:38:56 | 000,623,992 | ---- | M] (Adobe Systems Inc.) -- C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
PRC - [2008/05/21 18:07:00 | 000,111,984 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2008/05/09 19:50:42 | 001,773,568 | ---- | M] (TOSHIBA Inc.) -- C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe
PRC - [2008/05/08 14:11:58 | 004,787,712 | ---- | M] () -- C:\Program Files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
PRC - [2008/04/30 23:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe
PRC - [2008/04/30 23:27:12 | 001,347,584 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
PRC - [2008/04/30 23:20:38 | 000,901,120 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
PRC - [2008/04/30 23:11:20 | 001,191,936 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
PRC - [2008/04/30 23:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
PRC - [2008/04/29 14:33:28 | 000,417,792 | ---- | M] (Chicony) -- C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe
PRC - [2008/04/13 17:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/11 15:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
PRC - [2008/02/19 03:41:53 | 000,536,576 | ---- | M] () -- C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe
PRC - [2008/01/28 18:24:00 | 000,038,776 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSBattM.exe
PRC - [2008/01/28 18:23:18 | 000,268,152 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TPSMain.exe
PRC - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\WINDOWS\system32\TODDSrv.exe
PRC - [2007/09/28 20:03:46 | 000,075,136 | ---- | M] ( TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\ItSecMng.exe
PRC - [2007/04/09 22:07:02 | 000,159,744 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe
PRC - [2007/03/09 04:28:19 | 000,700,416 | ---- | M] (Zhorn Software) -- C:\Program Files\stickies\stickies.exe
PRC - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
PRC - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2006/03/16 17:58:00 | 000,974,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\NDSTray.exe
PRC - [2006/01/30 12:00:00 | 000,098,304 | R--- | M] (Hewlett-Packard) -- C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
PRC - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe
PRC - [2004/12/30 04:32:20 | 000,065,536 | ---- | M] (TOSHIBA) -- C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe
PRC - [2004/03/04 11:46:24 | 000,172,032 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe


========== Modules (SafeList) ==========

MOD - [2011/03/21 23:43:53 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\thea\My Documents\Downloads\OTL (1).exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Norton Internet Security)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/02/28 00:51:01 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Running] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/06/30 20:36:35 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate)
SRV - [2008/05/21 18:07:00 | 000,111,984 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2008/04/30 23:41:12 | 000,815,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2008/04/30 23:20:38 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2008/04/30 23:10:10 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2008/04/11 15:57:14 | 000,124,264 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2007/11/21 21:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\WINDOWS\system32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/02/12 20:43:44 | 000,065,536 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe -- (o2flash)
SRV - [2007/01/25 22:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2005/03/14 15:05:02 | 000,069,632 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2005/01/17 20:38:00 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\Toshiba\ConfigFree\CFSvcs.exe -- (CFSvcs)


========== Driver Services (SafeList) ==========

DRV - [2011/03/20 21:33:16 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2009/10/12 07:45:48 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/28 10:14:54 | 003,626,112 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/15 14:15:30 | 000,051,160 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\o2media.sys -- (O2MDRDR)
DRV - [2008/04/04 14:57:00 | 000,296,320 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/03/25 19:22:50 | 000,985,472 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008/03/25 19:22:10 | 000,210,560 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008/03/25 19:22:06 | 000,731,264 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008/03/20 16:32:24 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2008/02/01 17:18:56 | 000,732,160 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CHDAud.sys -- (CnxtHdAudAddService)
DRV - [2007/12/17 15:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/08/13 04:39:19 | 000,041,984 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\DGIVECP.SYS -- (DgiVecp)
DRV - [2007/05/29 14:01:50 | 000,006,912 | ---- | M] (TOSHIBA) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\QIOMem.sys -- (QIOMem)
DRV - [2007/03/26 16:22:18 | 000,105,856 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tdudf.sys -- (tdudf)
DRV - [2007/02/22 19:10:30 | 000,016,128 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/02/19 16:15:32 | 000,134,016 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\trudf.sys -- (trudf)
DRV - [2006/10/23 20:32:20 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tosrfec.sys -- (tosrfec)
DRV - [2006/01/12 20:21:18 | 000,031,872 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qkbfiltr.sys -- (qkbfiltr)
DRV - [2005/06/11 01:42:00 | 000,005,504 | ---- | M] (Quanta Computer Corp) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BoiHwSetup.sys -- (BoiHwsetup)
DRV - [2005/05/05 18:27:38 | 000,007,936 | ---- | M] (Quanta Computer, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\qmofiltr.sys -- (qmofiltr)
DRV - [2003/01/29 18:35:00 | 000,012,032 | ---- | M] (TOSHIBA Corporation.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\Netdevio.sys -- (Netdevio)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/cse?cx=partner-pub ... Rechercher
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 76 FA 12 98 00 62 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://spike.wharton.upenn.edu/"
FF - prefs.js..extensions.enabledItems: fastdial@telega.phpnet.us:3.4
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:7
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.8
FF - prefs.js..extensions.enabledItems: {1320D5A7-AE4E-4900-8107-690F09E5B933}:1.9.1

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/12 12:13:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{1320D5A7-AE4E-4900-8107-690F09E5B933}: C:\Documents and Settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933} [2011/02/23 21:04:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\mozilla.org\Mozilla Firefox\components [2011/03/15 20:40:03 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\mozilla.org\Mozilla Firefox\plugins [2011/03/20 21:52:36 | 000,000,000 | ---D | M]

[2009/02/26 04:30:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thea\Application Data\Mozilla\Extensions
[2011/03/20 00:48:45 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions
[2010/04/27 11:40:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/24 00:58:48 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011/02/24 00:58:47 | 000,000,000 | ---D | M] (Fast Dial) -- C:\Documents and Settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\extensions\fastdial@telega.phpnet.us
[2009/07/02 18:23:42 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\THEA\APPLICATION DATA\MOVE NETWORKS
[2011/02/23 21:04:03 | 000,000,000 | ---D | M] (XULRunner) -- C:\DOCUMENTS AND SETTINGS\THEA\LOCAL SETTINGS\APPLICATION DATA\{1320D5A7-AE4E-4900-8107-690F09E5B933}
[2010/03/12 12:13:22 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2009/11/09 19:59:55 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2009/11/09 20:00:11 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA.ORG\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

O1 HOSTS File: ([2010/05/05 00:33:27 | 000,000,725 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O2 - BHO: (T10QP3808 Class) - {4F4693CD-2B4D-42BD-B512-D2AB0F74D30C} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - C:\Program Files\IEToolbar\Google Toolbar\frame_search.dll ()
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe (Chicony)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation)
O4 - HKLM..\Run: [ITSecMng] C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe ( TOSHIBA CORPORATION)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NDSTray.exe] File not found
O4 - HKLM..\Run: [OrderReminder] C:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe ()
O4 - HKLM..\Run: [Samsung PanelMgr] C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\TOSHIBA Zooming Utility\SmoothView.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Toshiba Hotkey Utility] C:\Program Files\Toshiba\Windows Utilities\Hotkey.exe (TOSHIBA Inc.)
O4 - HKLM..\Run: [TPSMain] C:\WINDOWS\System32\TPSMain.exe (TOSHIBA Corporation)
O4 - HKLM..\Run: [Whitney2_S2P] File not found
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Wpifazu] File not found
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SmileboxTray] C:\Documents and Settings\thea\Application Data\Smilebox\SmileboxTray.exe (Smilebox, Inc.)
O4 - HKCU..\Run: [TOSCDSPD] C:\Program Files\Toshiba\TOSCDSPD\TOSCDSPD.exe (TOSHIBA)
O4 - HKCU..\Run: [VeohPlugin] C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe (Veoh Networks)
O4 - Startup: C:\Documents and Settings\thea\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\thea\Application Data\Dropbox\bin\Dropbox.exe ()
O4 - Startup: C:\Documents and Settings\thea\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\stickies\stickies.exe (Zhorn Software)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 207.69.188.185 207.69.188.186 207.69.188.187
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\thea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\thea\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/08 18:34:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{8b221dca-a1e9-11df-b191-0022fa1eef1c}\Shell\AutoRun\command - "" = wd_windows_tools\WDSetup.exe
O33 - MountPoints2\{ec0b8486-9024-11de-b14a-0022fa1eef1c}\Shell\AutoRun\command - "" = F:\WD_Windows_Tools\Setup.exe
O33 - MountPoints2\G\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/03/20 21:57:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2011/03/15 22:33:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\Dear My Girls Ch4
[2011/03/15 22:32:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG.vol1.2
[2011/03/15 22:20:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG.vol1.1
[2011/03/15 20:48:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\DMG
[2011/03/15 20:45:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/15 20:44:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/15 20:44:01 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/03/15 20:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/03/15 20:39:35 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2011/03/15 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Start Menu\Programs\WinRAR
[2011/03/15 19:53:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/03/15 19:52:59 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/26 21:42:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/02/26 19:08:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Local Settings\Application Data\Amazon
[2011/02/26 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\My Documents\My Kindle Content
[2011/02/26 19:08:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Start Menu\Programs\Amazon
[2011/02/23 21:04:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}
[2011/02/23 21:03:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Application Data\OfferBox
[2011/02/23 21:02:20 | 000,000,000 | ---D | C] -- C:\Program Files\OfferBox
[2011/02/23 21:02:10 | 000,000,000 | ---D | C] -- C:\Program Files\IEToolbar
[2011/02/23 21:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B
[2011/02/21 23:55:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\thea\Desktop\Esther
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\thea\Desktop\*.tmp files -> C:\Documents and Settings\thea\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/21 23:42:47 | 000,437,610 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/21 23:42:47 | 000,069,288 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/21 23:38:53 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 23:37:58 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/03/21 23:37:52 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Mxufomp.job
[2011/03/21 23:37:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/21 23:37:49 | 3079,524,352 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/21 23:34:19 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\thea\Desktop\Shortcut to tdsskiller.lnk
[2011/03/21 23:24:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/03/21 23:19:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005UA.job
[2011/03/20 21:57:51 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/20 21:52:36 | 000,001,740 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/20 21:33:28 | 000,002,706 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/03/20 21:33:16 | 000,123,952 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2011/03/20 21:33:16 | 000,060,800 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2011/03/20 21:33:16 | 000,010,563 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2011/03/20 21:33:16 | 000,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2011/03/20 21:07:12 | 000,077,824 | ---- | M] () -- C:\Documents and Settings\thea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/17 20:20:41 | 000,002,288 | ---- | M] () -- C:\Documents and Settings\thea\Desktop\Google Chrome.lnk
[2011/03/17 20:20:41 | 000,002,266 | ---- | M] () -- C:\Documents and Settings\thea\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/15 20:45:27 | 000,001,553 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 20:39:53 | 000,001,615 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/03/09 20:34:15 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/02/28 09:19:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005Core.job
[2011/02/26 19:08:27 | 000,001,780 | ---- | M] () -- C:\Documents and Settings\thea\Desktop\Kindle For PC.lnk
[2011/02/23 23:04:34 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Gsufakidalosace.dat
[2011/02/23 23:04:34 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Fpegagijobake.bin
[2011/02/23 21:02:24 | 000,135,168 | RHS- | M] () -- C:\WINDOWS\System32\1031N.dll
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\thea\Desktop\*.tmp files -> C:\Documents and Settings\thea\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/21 23:34:19 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\Shortcut to tdsskiller.lnk
[2011/03/20 21:57:51 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/20 21:57:26 | 000,001,691 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Security Essentials.lnk
[2011/03/20 21:51:47 | 000,002,347 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 9.lnk
[2011/03/20 21:51:47 | 000,001,740 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2011/03/20 21:33:24 | 000,002,706 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2011/03/15 22:26:31 | 000,319,424 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\recruit_pg.jpg
[2011/03/15 22:20:16 | 000,292,464 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\recruit.pg.jpg
[2011/03/15 20:45:27 | 000,001,553 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/15 20:39:53 | 000,001,615 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/02/26 19:08:27 | 000,001,780 | ---- | C] () -- C:\Documents and Settings\thea\Desktop\Kindle For PC.lnk
[2011/02/23 23:04:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Gsufakidalosace.dat
[2011/02/23 23:04:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Fpegagijobake.bin
[2011/02/23 21:02:24 | 000,135,168 | RHS- | C] () -- C:\WINDOWS\System32\1031N.dll
[2011/02/23 21:02:24 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Mxufomp.job
[2010/08/26 08:00:49 | 000,005,740 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/08/16 00:08:24 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/31 23:08:08 | 000,010,936 | -HS- | C] () -- C:\Documents and Settings\thea\Local Settings\Application Data\4NXd80
[2010/03/31 23:08:08 | 000,010,936 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\4NXd80
[2010/02/27 19:41:58 | 002,463,976 | ---- | C] () -- C:\WINDOWS\System32\NPSWF32.dll
[2010/01/27 01:03:38 | 000,060,864 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/08/23 20:30:51 | 000,109,946 | ---- | C] () -- C:\WINDOWS\hpoins08.dat
[2009/08/23 20:30:51 | 000,007,577 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat
[2009/08/23 15:17:29 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/05/23 16:04:03 | 000,009,250 | ---- | C] () -- C:\Documents and Settings\thea\Application Data\SmarThruOptions.xml
[2009/05/23 16:03:53 | 000,163,840 | ---- | C] () -- C:\WINDOWS\System32\SecSNMP.dll
[2009/05/23 16:03:32 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\SamFaxPort.dll
[2009/05/23 16:03:23 | 000,000,124 | ---- | C] () -- C:\WINDOWS\Readiris.ini
[2009/05/23 16:03:18 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2009/05/23 16:02:03 | 000,479,232 | ---- | C] () -- C:\WINDOWS\ssndii.exe
[2009/05/23 15:50:39 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\WIAIPH.dll
[2009/05/23 15:50:39 | 000,110,592 | R--- | C] () -- C:\WINDOWS\WiaInst.exe
[2009/05/23 15:50:39 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\WIASTIIO.dll
[2009/05/23 15:50:38 | 000,081,920 | R--- | C] () -- C:\WINDOWS\System32\WIAEH.dll
[2009/05/23 15:50:38 | 000,057,344 | R--- | C] () -- C:\WINDOWS\System32\Sswiadrv.dll
[2009/05/23 15:50:19 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\scx425ci.exe
[2009/05/23 15:50:19 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\scx425ci.dll
[2009/05/23 15:28:45 | 000,010,565 | ---- | C] () -- C:\WINDOWS\hpdj3740.ini
[2009/05/07 21:38:11 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/31 08:51:26 | 000,000,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/03/22 22:30:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2009/03/22 22:30:42 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2009/03/22 22:30:42 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2009/03/22 22:24:53 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2009/03/22 22:24:53 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2009/02/28 15:34:03 | 000,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2009/02/28 15:32:35 | 000,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2009/02/28 15:32:35 | 000,000,060 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2009/02/27 16:42:45 | 000,442,368 | R--- | C] () -- C:\WINDOWS\System32\zshp1018.exe
[2009/02/27 16:42:45 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\vshp1018.dll
[2009/02/27 16:35:06 | 000,077,824 | ---- | C] () -- C:\Documents and Settings\thea\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/26 04:17:59 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ToDisc.INI
[2009/02/26 04:06:53 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/02/26 03:50:59 | 000,000,013 | RHS- | C] () -- C:\WINDOWS\System32\drivers\fbd.sys
[2009/02/26 02:15:41 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2009/02/26 02:12:18 | 000,128,113 | ---- | C] () -- C:\WINDOWS\System32\csellang.ini
[2009/02/26 02:12:18 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\csellang.dll
[2009/02/26 02:12:18 | 000,009,484 | ---- | C] () -- C:\WINDOWS\System32\tosmreg.ini
[2009/02/26 02:12:18 | 000,007,671 | ---- | C] () -- C:\WINDOWS\System32\cseltbl.ini
[2009/02/26 01:58:19 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\TPeculiarity.dll
[2009/02/26 01:54:55 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeW7.dll
[2009/02/26 01:54:55 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeA6.dll
[2009/02/26 01:54:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeP6.dll
[2009/02/26 01:54:55 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IVIresizeM6.dll
[2009/02/26 01:54:55 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\IVIresizePX.dll
[2009/02/26 01:54:55 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\IVIresize.dll
[2009/02/26 01:49:27 | 001,991,464 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin
[2009/02/26 01:49:27 | 000,432,400 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin
[2009/02/26 01:49:27 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4953.dll
[2009/02/26 00:39:40 | 000,000,004 | RHS- | C] () -- C:\WINDOWS\System32\drivers\taishop.sys
[2009/01/09 04:57:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\HideCmd.exe
[2009/01/08 19:32:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NDSTray.INI
[2009/01/08 19:10:54 | 000,012,524 | ---- | C] () -- C:\WINDOWS\HWSetupStr.ini
[2009/01/08 19:10:54 | 000,002,036 | ---- | C] () -- C:\WINDOWS\SVPW32Str.ini
[2009/01/08 18:40:37 | 000,000,102 | ---- | C] () -- C:\WINDOWS\System32\softkbd.exe.config
[2009/01/08 18:35:55 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/01/08 18:33:07 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/01/08 18:32:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2009/01/08 17:15:55 | 000,000,341 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2009/01/08 17:15:53 | 000,065,536 | ---- | C] () -- C:\WINDOWS\gtfirstboot.exe
[2009/01/08 17:11:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2009/01/08 17:11:14 | 000,437,610 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2009/01/08 17:11:14 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2009/01/08 17:11:13 | 000,069,288 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2009/01/08 17:11:13 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2009/01/08 17:11:11 | 000,004,688 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2009/01/08 17:11:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2009/01/08 17:11:04 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2009/01/08 17:10:53 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2009/01/08 17:10:53 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2009/01/08 17:10:34 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2009/01/08 17:10:12 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2009/01/08 10:31:04 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/01/08 10:30:32 | 001,585,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/21 20:46:32 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\TosBtAcc.dll
[2007/12/14 20:01:30 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\tsbwls.dll
[2005/07/23 01:30:18 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\TosCommAPI.dll
[2004/03/17 09:12:48 | 000,000,362 | ---- | C] () -- C:\WINDOWS\hpfins_s04_main.dat
[2004/03/17 09:11:51 | 000,005,428 | ---- | C] () -- C:\WINDOWS\hpfmdl_s04_main.dat
[2002/09/18 04:45:00 | 000,119,808 | ---- | C] () -- C:\WINDOWS\lsb_un20.exe
[2001/07/06 19:30:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini

< End of report >

Thanks in advance.
bubkwa
Active Member
 
Posts: 4
Joined: March 19th, 2011, 10:25 am

Re: Redirection to random sites using google and other sites

Unread postby askey127 » March 22nd, 2011, 8:50 am

bubkwa,
Please do paste the contents of the original Extras.txt

I notice Norton Internet Security is not running. Don't start it now.
Is it up to date and paid for?
If not, we can remove and replace it.
-----------------------------------------------------------
Download and Run ComboFix
IMPORTANT NOTE: ComboFix is a VERY POWERFUL tool. DO NOT use it without guidance.
ComboFix uses very forceful tactics to remove malware from your system.
You will need to disable all your antivirus software after downloading but BEFORE running ComboFix.
.
  • Download ComboFix from here
  • Rename it while saving the download to zzz.exe and save it to your Desktop. Do not try to rename it after it has been saved to your desktop, or the infection may prevent you from using it.
    **Note: It is important that it is saved directly to your desktop and run from the desktop, not from any other folder on your computer**
  • Make sure your Norton is not running.
  • Now start ComboFix (zzz.exe)
  • The tool will check whether the Recovery Console is present on your system. If it is not, ComboFix will prompt you whether you would like to install it. (You would).
  • If it is not, make sure you are connected to the internet as ComboFix needs to download a file. When you are connected to the internet, click Yes and follow the prompts.
    When asked whether to continue scanning or to exit, click Yes to continue scanning (no need to disconnect from the internet as ComboFix breaks your internet connection for you).
  • It will run through about 50 procedures, then take a while to assemble its output log.
  • Do not touch the computer AT ALL while ComboFix is running.
  • When finished, the report will open. Post the log in your next reply, and then Reenable your AVG protection software
A copy of the log will be located here if you need it-> C:\ComboFix.txt
If you cannot connect to the internet after running ComboFix, unplug the cable you use to connect to the internet and plug it back in.

The Recovery Console produces a brief (2 second) black screen at bootup which allows an additional technical resource for repair in case of a major failure. In regular operation, you can ignore it.

So will be looking for the following in your reply:
  • Extras.txt
  • Status of Norton
  • Combofix.txt
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirection to random sites using google and other sites

Unread postby bubkwa » March 22nd, 2011, 8:57 pm

extra.txt

OTL Extras logfile created on: 3/19/2011 2:23:59 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\thea\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 41.00% Memory free
6.00 Gb Paging File | 4.00 Gb Available in Paging File | 68.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 224.04 Gb Total Space | 90.37 Gb Free Space | 40.33% Space Free | Partition Type: NTFS

Hi askey127,

I actually removed norton anti virus, since a friend suggested that i use the microsoft security essentials. However, if you advise me to reinstall norton, i could possibly do it as well. I'm not quite sure if i currently have it on me. I have also pasted the logs you requested.

Computer Name: MIMSERS | User Name: thea | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\mozilla.org\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\TOSHIBA\ivp\NetInt\Netint.exe" = C:\TOSHIBA\ivp\NetInt\Netint.exe:*:Enabled:NIE - Toshiba Software Upgrade Engine -- (TOSHIBA Corporation)
"C:\TOSHIBA\Ivp\ISM\pinger.exe" = C:\TOSHIBA\IVP\ISM\pinger.exe:*:Enabled:Toshiba Software Upgrades Pinger -- ()
"C:\Program Files\Symantec Endpoint Protection\Smc.exe" = C:\Program Files\Symantec Endpoint Protection\Smc.exe:*:Enabled:SMC Service -- (Symantec Corporation)
"C:\Program Files\Symantec Endpoint Protection\SNAC.EXE" = C:\Program Files\Symantec Endpoint Protection\SNAC.EXE:*:Enabled:SNAC Service -- (Symantec Corporation)
"C:\Program Files\Common Files\Symantec Shared\ccApp.exe" = C:\Program Files\Common Files\Symantec Shared\ccApp.exe:*:Enabled:Symantec Email -- (Symantec Corporation)
"C:\Program Files\SPSSInc\Statistics17\statistics.exe" = C:\Program Files\SPSSInc\Statistics17\statistics.exe:*:Disabled:Statistics17:exe
"C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe" = C:\Program Files\SPSSInc\Statistics17\SPSSWinWrapIDE.exe:*:Disabled:SPSS Basic Script Editor
"C:\Program Files\SPSSInc\Statistics17\statistics.com" = C:\Program Files\SPSSInc\Statistics17\statistics.com:*:Disabled:Statistics17:com
"C:\Documents and Settings\thea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll" = C:\Documents and Settings\thea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.dll:*:Enabled:Google Talk Plugin -- (Google)
"C:\Documents and Settings\thea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe" = C:\Documents and Settings\thea\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe:*:Enabled:Google Talk Plugin -- (Google)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- (Veoh Networks)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0046FA01-C5B9-4985-BACB-398DC480FC05}" = Adobe Photoshop CS3
"{005F78AF-110D-398A-8430-BE98950A1E22}" = Google Talk Plugin
"{0224CACC-994D-45F8-B973-D65056EA9C2F}" = Adobe XMP DVA Panels CS3
"{05C56753-F144-44BC-BA67-83CC5DBF395C}" = F300
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{0BF5FBE7-3907-4A1F-9E48-8B66E52850D6}" = TrayApp
"{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"{12B3A009-A080-4619-9A2A-C6DB151D8D67}" = TOSHIBA Assist
"{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{156E98D0-1AEC-4013-A41A-94A1A01BFD68}" = O2Micro Flash Memory Card Reader Driver (x86)
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{193EAFD0-1BAF-4FB4-B18F-79D5D6A4B285}" = Adobe After Effects CS3 Presets
"{1E1F1E70-14D8-4380-8652-BD1A895A7D65}" = Status
"{21526716-DFD8-4B90-86D9-EF9F47057B3E}" = Toshiba Resources Page
"{23B35809-5E4A-4F14-8332-1CDEDDFAC089}" = CP_Package_Variety2
"{24BEBF2E-73F3-4599-840B-EDC612CCDD0D}" = Destinations
"{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}" = Adobe ExtendScript Toolkit 2
"{26921B2E-3E62-47F9-A514-1FC4A83BD738}" = Intel(R) PROSet/Wireless WiFi Software
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{27F00C63-449B-2FAB-CBE8-24AB80E17449}" = Acrobat.com
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{31263605-FC84-4787-B847-BA445B147E24}" = ScannerCopy
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java(TM) 6 Update 6
"{34F3FCF1-817B-4D61-B6AF-19D9486AFEA0}" = Unload
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{37C866E4-AA67-4725-9E95-A39968DD7960}" = Camera Assistant Software for Toshiba
"{3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373}" = Symantec Endpoint Protection
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{400830CA-F056-4BBE-80A3-9DF9CA4FB889}" = TOSHIBA Direct Disc Writer
"{4041C245-7099-4C96-9738-5EBC23827B3C}" = BufferChm
"{425A2BC2-AA64-4107-9C29-484245BBEA05}" = TOSHIBA Software Upgrades
"{4458C442-7376-4CF9-AF58-E8CEA6722363}" = Adobe Setup
"{4BE53DB2-C1F2-44D1-A9AB-1630BA7F2AF1}" = SolutionCenter
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{522D1D79-9C0A-4361-91F8-2AFF8EC6C2E1}" = CP_Package_Variety1
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{58BAA8D0-404E-4585-9FD3-ED1BB72AC2EE}" = Adobe Flash Player 9 ActiveX
"{5DA0E02F-970B-424B-BF41-513A5018E4C0}" = TOSHIBA Disc Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{64212898-097F-4F3F-AECA-6D34A7EF82DF}" = TOSHIBA Zooming Utility
"{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}" = Adobe Setup
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69D9D4F1-779E-421F-B17A-6D771DF5D080}" = Mozilla Firefox 2.0.0.x
"{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6B708481-748A-4EB4-97C1-CD386244FF77}" = Adobe MotionPicture Color Files
"{6BBAA81D-6A7E-43AD-8889-2F002DCAAFDD}" = AHV content for Acrobat and Flash
"{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}" = Adobe Color Common Settings
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{71D9B000-CD43-4DE9-9729-49434415B8F7}" = F300Trb
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7ACFB90E-8FD0-4397-AD3A-5195412623A3}" = Adobe Help Viewer CS3
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{845A8DB9-8802-4FD3-9FE3-938A6C46A2EC}" = Adobe Video Profiles
"{8718DC03-D066-4957-94E5-50C3C5042E8E}" = Adobe Creative Suite 3 Master Collection
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8F7AC250-4D7D-431D-AC4E-94FB78EA3F8B}" = TOSHIBA Power Saver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD for TOSHIBA
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}" = Toshiba Application Installer For WinXP
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9FE35071-CAB2-4E79-93E7-BFC6A2DC5C5D}" = CD/DVD Drive Acoustic Silencer
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-1033-0000-7760-000000000003}" = Adobe Acrobat 8 Professional
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}" = Adobe Setup
"{B57F2FF0-5A25-4332-B503-4592B370C02F}" = CP_Package_Variety3
"{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}" = TOSHIBA Recovery Disc Creator
"{B671CBFD-4109-4D35-9252-3062D3CCB7B2}" = Adobe SING CS3
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73CFB12-C814-4638-AFFD-7E3AAFAF0B4E}" = Adobe BridgeTalk Plugin CS3
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{BDD83DC9-BEE9-4654-A5DA-CC46C250088D}" = TOSHIBA ConfigFree
"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3
"{BF4E9ED0-EF26-4A4C-A123-6A6A1ABEE411}" = DocProc
"{BF5A20B4-55F7-49B8-9302-FAC7C459AF3D}" = Skype Launcher
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C53D16CC-E56F-47B8-906E-70AAF8EABB4F}" = Toshiba Registration
"{C5BD220A-EFE8-48A5-B70E-9503D535FACE}" = Adobe WAS CS3
"{C6812939-B117-48E6-A3BA-1709C14A3C8C}" = Scan
"{C7239ACC-601B-46BC-B48D-3998303A326D}" = OverDrive Media Console
"{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{C950420B-4182-49EA-850A-A6A2ABF06C6B}" = Marvell Miniport Driver
"{C98E8D9D-21DE-4F87-A9B7-142BB89840FC}" = Toolbox
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB3F8375-B600-4B9F-83C9-238ED1E583FD}" = Adobe InDesign CS3
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D5A31AB1-345D-47C7-A87B-036A669F6DF1}" = Adobe XMP Panels CS3
"{D7CAE58E-26DE-49B7-A75D-EAEDF76726BE}" = HP Photosmart Essential
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{DEBB2986-15B0-4D28-95FA-5C966A396589}" = HPProductAssistant
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{E5966E4C-0A93-4F59-A981-BD3173D4799F}" = F300_Help
"{E5A8DDAB-AE80-48C6-A75B-D0FAB83B299D}" = HP PSC & OfficeJet 6.1.A
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{EA7B3CC4-366D-4CF6-8350-FD7A7034116E}" = Adobe InDesign CS3 Icon Handler
"{EBFF48F5-3CFA-436F-8FD5-94FB01D3A0A7}" = TOSHIBA SD Memory Utilities
"{EC2715CE-C182-483C-84CC-81D7D914CF14}" = WebReg
"{F08E8D2E-F132-4742-9C87-D5FF223A016A}" = Adobe Illustrator CS3
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{F901CA6D-A074-42D3-A11D-33AAE6FFD0C1}" = HP Deskjet 3740
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"{FE57DE70-95DE-4B64-9266-84DA811053DB}" = HP Update
"Adobe Acrobat 8 Professional" = Adobe Acrobat 8.1.3 Professional
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe_3e054d2218e7aa282c2369d939e58ff" = Adobe ExtendScript Toolkit 2
"Adobe_4dcfd9b7e901b57f81f667144603236" = Add or Remove Adobe Creative Suite 3 Master Collection
"Adobe_6c8e2cb4fd241c55406016127a6ab2e" = Adobe Color Common Settings
"Amazon Kindle For PC" = Amazon Kindle For PC
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDAUDIO_HERMOSA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HP Imaging Device Functions" = HP Imaging Device Functions 6.1
"HP OrderReminder" = HP OrderReminder
"HP Solution Center & Imaging Support Tools" = HP Solution Center and Imaging Support Tools 6.1
"HP-LaserJet 1018" = LaserJet 1018
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0C0A2D69-7F51-4B77-B64E-AB405AC446BE}" = Toshiba Controls Utility
"InstallShield_{13515135-48BB-4184-8C1F-2FAE0138E200}" = TBS WMP Plug-in
"InstallShield_{2C38F661-26B7-445D-B87D-B53FE2D3BD42}" = TOSHIBA PC Diagnostic Tool
"InstallShield_{5691A25E-C05B-4E0F-87DA-E80869F756C2}" = Toshiba Hotkey Utility
"InstallShield_{576420A5-E1F0-4C09-A07C-F689082E666F}" = Toshiba Touchpad Utility
"InstallShield_{C852C0FF-CDF5-43F9-A75E-CB99410FF602}" = Toshiba Utility
"LiveUpdate" = LiveUpdate 3.3 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.15)" = Mozilla Firefox (3.6.15)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NetLogo 4.1" = NetLogo 4.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Pdf995" = Pdf995
"Picasa2" = Picasa 2
"ProInst" = Intel PROSet Wireless
"Samsung SCX-4725 Series" = Samsung SCX-4725 Series
"SecureW2 EAP Suite" = SecureW2 EAP Suite 1.1.2 for Windows
"SmarThru PC Fax" = SmarThru PC Fax
"Stickies 6.0c" = Stickies 6.0c
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VideoLAN VLC media player 0.8.6d
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.00 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEP" = XPS Essentials Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Facebook Plug-In" = Facebook Plug-In
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Smilebox" = Hallmark Smilebox

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/18/2011 11:50:00 PM | Computer Name = MIMSERS | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

Error - 3/19/2011 12:27:43 AM | Computer Name = MIMSERS | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 0.0.0.0, faulting module
chrome.dll, version 10.0.648.151, fault address 0x00017c90.

Error - 3/19/2011 12:27:48 AM | Computer Name = MIMSERS | Source = Application Error | ID = 1001
Description = Fault bucket -1936544886.

Error - 3/19/2011 12:54:45 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/19/2011 12:54:45 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1953

Error - 3/19/2011 12:54:45 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1953

Error - 3/19/2011 12:54:47 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/19/2011 12:54:47 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3937

Error - 3/19/2011 12:54:47 AM | Computer Name = MIMSERS | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3937

Error - 3/19/2011 10:38:45 AM | Computer Name = MIMSERS | Source = SescLU | ID = 13
Description = LiveUpdate returned a non-critical error. Available content updates
may have failed to install.

[ OSession Events ]
Error - 2/28/2009 4:04:02 PM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 89670
seconds with 6840 seconds of active time. This session ended with a crash.

Error - 4/13/2009 4:14:43 PM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 1395015
seconds with 57180 seconds of active time. This session ended with a crash.

Error - 7/7/2009 8:34:41 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 3, Application Name: Microsoft Office PowerPoint, Application
Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session
lasted 1792 seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/24/2009 1:17:49 PM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 77920
seconds with 1080 seconds of active time. This session ended with a crash.

Error - 11/17/2009 2:39:51 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 51
seconds with 0 seconds of active time. This session ended with a crash.

Error - 2/19/2010 6:29:21 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 665565
seconds with 25680 seconds of active time. This session ended with a crash.

Error - 2/19/2010 6:29:57 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 5
seconds with 0 seconds of active time. This session ended with a crash.

Error - 4/29/2010 8:56:14 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6504.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 61393
seconds with 180 seconds of active time. This session ended with a crash.

Error - 4/29/2010 8:56:22 AM | Computer Name = MIMSERS | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:
12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 60978
seconds with 120 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 3/9/2011 9:11:14 PM | Computer Name = MIMSERS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.135 for the Network Card with network
address 0022FA1EEF1C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).

Error - 3/9/2011 9:14:19 PM | Computer Name = MIMSERS | Source = Service Control Manager | ID = 7000
Description = The DgiVecp service failed to start due to the following error: %%20

Error - 3/9/2011 9:14:19 PM | Computer Name = MIMSERS | Source = Service Control Manager | ID = 7000
Description = The Norton Internet Security service failed to start due to the following
error: %%3

Error - 3/9/2011 9:14:19 PM | Computer Name = MIMSERS | Source = Service Control Manager | ID = 7000
Description = The SSPORT service failed to start due to the following error: %%2

Error - 3/9/2011 9:14:19 PM | Computer Name = MIMSERS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde

Error - 3/9/2011 9:14:23 PM | Computer Name = MIMSERS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/9/2011 9:14:24 PM | Computer Name = MIMSERS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/9/2011 9:14:24 PM | Computer Name = MIMSERS | Source = DCOM | ID = 10016
Description = The machine-default permission settings do not grant Local Activation
permission for the COM Server application with CLSID {A4199E55-EBB9-49E5-AF1A-7A5408B2E206}

to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20). This security permission
can be modified using the Component Services administrative tool.

Error - 3/13/2011 11:11:56 PM | Computer Name = MIMSERS | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.1.135 on
the Network Card with network address 0022FA1EEF1C.

Error - 3/16/2011 7:39:25 PM | Computer Name = MIMSERS | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.135 for the Network Card with network
address 0022FA1EEF1C has been denied by the DHCP server 192.168.1.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >

Combofix.com

ComboFix 11-03-22.04 - thea 03/22/2011 19:54:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2937.2216 [GMT -4:00]
Running from: c:\documents and settings\thea\Desktop\zzz.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\thea\Application Data\Adobe\plugs
c:\documents and settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B
c:\documents and settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B\enemies-names.txt
c:\documents and settings\thea\Application Data\D88D2B70CD6B84F22B2FE3D02B7EDA4B\local.ini
c:\documents and settings\thea\Application Data\OfferBox
c:\documents and settings\thea\Application Data\OfferBox\config.dat
c:\documents and settings\thea\Application Data\OfferBox\config.xml
c:\documents and settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}
c:\documents and settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}\chrome.manifest
c:\documents and settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}\chrome\content\_cfg.js
c:\documents and settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}\chrome\content\overlay.xul
c:\documents and settings\thea\Local Settings\Application Data\{1320D5A7-AE4E-4900-8107-690F09E5B933}\install.rdf
c:\program files\IEToolbar
c:\program files\IEToolbar\Google Toolbar\arrow_refresh.png
c:\program files\IEToolbar\Google Toolbar\basis.xml
c:\program files\IEToolbar\Google Toolbar\cog.png
c:\program files\IEToolbar\Google Toolbar\computer_delete.png
c:\program files\IEToolbar\Google Toolbar\frame_search.crc
c:\program files\IEToolbar\Google Toolbar\frame_search.dll
c:\program files\IEToolbar\Google Toolbar\Google.bmp
c:\program files\IEToolbar\Google Toolbar\icons.bmp
c:\program files\IEToolbar\Google Toolbar\info.txt
c:\program files\IEToolbar\Google Toolbar\options.html
c:\program files\IEToolbar\Google Toolbar\TbCommonUtils.dll
c:\program files\IEToolbar\Google Toolbar\tbhelper.dll
c:\program files\IEToolbar\Google Toolbar\TbHelper2.exe
c:\program files\IEToolbar\Google Toolbar\tbs_include_script_024945.js
c:\program files\IEToolbar\Google Toolbar\tbs_include_script_029031.js
c:\program files\IEToolbar\Google Toolbar\tbu08803\arrow_refresh.png
c:\program files\IEToolbar\Google Toolbar\tbu08803\basis.xml
c:\program files\IEToolbar\Google Toolbar\tbu08803\cog.png
c:\program files\IEToolbar\Google Toolbar\tbu08803\computer_delete.png
c:\program files\IEToolbar\Google Toolbar\tbu08803\frame_search.crc
c:\program files\IEToolbar\Google Toolbar\tbu08803\frame_search.dll
c:\program files\IEToolbar\Google Toolbar\tbu08803\Google.bmp
c:\program files\IEToolbar\Google Toolbar\tbu08803\icons.bmp
c:\program files\IEToolbar\Google Toolbar\tbu08803\info.txt
c:\program files\IEToolbar\Google Toolbar\tbu08803\options.html
c:\program files\IEToolbar\Google Toolbar\tbu08803\TbCommonUtils.dll
c:\program files\IEToolbar\Google Toolbar\tbu08803\tbhelper.dll
c:\program files\IEToolbar\Google Toolbar\tbu08803\TbHelper2.exe
c:\program files\IEToolbar\Google Toolbar\tbu08803\tbs_include_script_024945.js
c:\program files\IEToolbar\Google Toolbar\tbu08803\tbs_include_script_029031.js
c:\program files\IEToolbar\Google Toolbar\tbu08803\uninstall.exe
c:\program files\IEToolbar\Google Toolbar\tbu08803\update.exe
c:\program files\IEToolbar\Google Toolbar\tbu08803\version.txt
c:\program files\IEToolbar\Google Toolbar\tbu08803\your_logo.png
c:\program files\IEToolbar\Google Toolbar\uninstall.exe
c:\program files\IEToolbar\Google Toolbar\update.exe
c:\program files\IEToolbar\Google Toolbar\version.txt
c:\program files\IEToolbar\Google Toolbar\your_logo.png
c:\program files\OfferBox
c:\program files\OfferBox\OfferBoxBHO.dll
c:\program files\OfferBox\offerboxffx@offerbox.com\components\OfferBoxXpCom.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
2011-03-22 23:41 . 2011-03-22 23:41 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-03-16 00:44 . 2011-03-16 00:44 -------- d-----w- c:\program files\iPod
2011-03-16 00:44 . 2011-03-16 00:45 -------- d-----w- c:\program files\iTunes
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2011-03-16 00:40 . 2011-03-16 00:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2011-03-16 00:39 . 2011-03-16 00:40 -------- d-----w- c:\program files\QuickTime
2011-02-27 01:42 . 2011-02-27 01:42 -------- d-----w- c:\program files\Common Files\Skype
2011-02-26 23:08 . 2011-02-26 23:08 -------- d-----w- c:\documents and settings\thea\Local Settings\Application Data\Amazon
2011-02-24 03:04 . 2011-02-24 03:04 0 ----a-w- c:\windows\Fpegagijobake.bin
2011-02-24 01:02 . 2011-02-24 01:02 135168 --sha-r- c:\windows\system32\1031N.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 03:37 . 2009-01-08 21:11 162816 ----a-w- c:\windows\system32\drivers\netbt.sys
2011-03-21 01:33 . 2009-02-26 08:46 60800 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-03-21 01:33 . 2009-02-26 08:46 123952 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-02-09 13:53 . 2009-01-08 21:11 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2009-01-08 21:10 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58 . 2009-01-08 22:32 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2009-01-08 22:32 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2009-01-08 21:11 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2009-01-08 21:10 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2009-01-08 21:11 1854976 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\thea\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\thea\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\thea\Application Data\Dropbox\bin\DropboxExt.13.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"Google Update"="c:\documents and settings\thea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-04-21 133104]
"SmileboxTray"="c:\documents and settings\thea\Application Data\Smilebox\SmileboxTray.exe" [2011-01-22 312640]
"VeohPlugin"="c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" [2009-10-06 2075384]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-12-29 687560]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-01-26 15026056]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-20 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-20 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-20 141848]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-05-01 1347584]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-05-01 1191936]
"Camera Assistant Software"="c:\program files\Camera Assistant Software for Toshiba\traybar.exe" [2008-04-29 417792]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-11-30 1024000]
"TPSMain"="TPSMain.exe" [2008-01-28 268152]
"Toshiba Hotkey Utility"="c:\program files\Toshiba\Windows Utilities\Hotkey.exe" [2008-05-09 1773568]
"NDSTray.exe"="NDSTray.exe" [BU]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2007-04-10 159744]
"Pinger"="c:\toshiba\ivp\ism\pinger.exe" [2007-01-26 136816]
"OrderReminder"="c:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-13 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2008-04-13 44032]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-13 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-13 455168]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-03-09 37888]
"HP Component Manager"="c:\program files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-02-19 536576]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-12-15 49152]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-09-03 30192]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-10-15 623992]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
c:\documents and settings\thea\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\thea\Application Data\Dropbox\bin\Dropbox.exe [2010-2-26 21979992]
Microsoft Office Groove.lnk - c:\program files\Microsoft Office\Office12\GROOVE.EXE [2011-1-12 337264]
Stickies.lnk - c:\program files\stickies\stickies.exe [2007-3-9 700416]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-12-15 282624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\thea\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\thea\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/26/2009 4:58 AM 721904]
R2 tdudf;TOSHIBA UDF File System Driver;c:\windows\system32\drivers\tdudf.sys [3/26/2007 4:22 PM 105856]
R2 trudf;TOSHIBA DVD-RAM UDF File System Driver;c:\windows\system32\drivers\trudf.sys [2/19/2007 4:15 PM 134016]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDAud.sys [2/1/2008 5:18 PM 732160]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [1/8/2009 6:56 PM 51160]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [5/29/2007 2:01 PM 6912]
S2 gupdate1c9b0e45e8e52ec;Google Update Service (gupdate1c9b0e45e8e52ec);c:\program files\Google\Update\GoogleUpdate.exe [3/29/2009 11:05 PM 133104]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [1/14/2009 6:45 PM 30192]
.
Contents of the 'Scheduled Tasks' folder
.
2010-05-25 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:34]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 03:05]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-30 03:05]
.
2011-02-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005Core.job
- c:\documents and settings\thea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 01:01]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-595693871-2290516247-3996458890-1005UA.job
- c:\documents and settings\thea\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-04-21 01:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.fr/cse?cx=partner-pub ... Rechercher
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\documents and settings\thea\Application Data\Mozilla\Firefox\Profiles\ztkrpflv.default\
FF - prefs.js: browser.startup.homepage - hxxp://spike.wharton.upenn.edu/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla.org\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\mozilla.org\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Move Media Player: moveplayer@movenetworks.com - c:\documents and settings\thea\Application Data\Move Networks
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Fast Dial: fastdial@telega.phpnet.us - %profile%\extensions\fastdial@telega.phpnet.us
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4F4693CD-2B4D-42BD-B512-D2AB0F74D30C} - c:\program files\IEToolbar\Google Toolbar\frame_search.dll
Toolbar-{5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - c:\program files\IEToolbar\Google Toolbar\frame_search.dll
WebBrowser-{FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - (no file)
WebBrowser-{5DE50A7B-9B62-DDBE-1BA3-C385294E418F} - c:\program files\IEToolbar\Google Toolbar\frame_search.dll
HKLM-Run-ITSecMng - %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
HKLM-Run-Whitney2_S2P - c:\program files\Samsung\Samsung SCX-4725 Series\SPanel\Scan2pc.exe
HKLM-Run-Wpifazu - c:\windows\oxuwuvubo.dll
SafeBoot-klmdb.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-22 20:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2696)
c:\windows\system32\WININET.dll
c:\documents and settings\thea\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\toshiba\IVP\swupdate\swupdtmr.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\TPSMain.exe
c:\program files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe
c:\program files\TOSHIBA\ConfigFree\NDSTray.exe
c:\windows\system32\igfxext.exe
c:\program files\Camera Assistant Software for Toshiba\CEC_MAIN.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\TPSBattM.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-03-22 20:27:20 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 00:27
.
Pre-Run: 103,172,931,584 bytes free
Post-Run: 103,261,274,112 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 18FB77175C6C66B9663A37E27473A428
bubkwa
Active Member
 
Posts: 4
Joined: March 19th, 2011, 10:25 am

Re: Redirection to random sites using google and other sites

Unread postby askey127 » March 23rd, 2011, 8:31 am

bubkwa,
------------------------------------------------------
Warning - Compromised Data
Because the infection has had remote control access to your Internet activities, you should assume that any data on the machine may have been stolen.
Take whatever precautions you think sensible about any financial (credit cards, banking, etc.), or other critical information that has been passed through or stored on the machine.
I would suggest changing all account names/numbers, and passwords for ANY accounts that have been used with the machine.
That includes not only banking, credit cards, and financial, but also website and e-mail accounts as well.
Don't use the infected machine to make the changes.

Since the infection involves a Rootkit, criminals have had complete control of the machine.
Some experts feel that the only Absolutely Safe way to be sure of a clean machine going forward is to Reformat and Reinstall Winodws.
We will remove everything we can see, but that decision is up to you.
----------------------------------------------
Your machine is vulnerable to infection if you open outside PDF files using Acrobat 8 Pro.
It does not have the protections of the newer Acrobat Pro X or Adobe Reader X
If you cannot upgrade to Acrobat X pro, I would recommend using a new Adobe Reader X to open files from the net or any outside source, and only use Acrobat 8 on files that have been scanned by your Antivirus. The procedures below will remove Acrobat 8 as the default file opener for online PDFs, and install Reader X to do that job.
Perform a Custom Scan or Fix with OTL
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    
    :Commands
    [EMPTYTEMP]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
------------------------------------------------------
Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.
All versions numbered lower than 10.0 are vulnerable.
Go HERE and click on AdbeRdr1001_en_US.exe to download the latest version of Adobe Acrobat Reader.
Save this file to your desktop and run it to install the latest version of Adobe Reader.

After the new Reader is installed, Open Adobe Reader X. (Right click and Run as administrator in Vista/Win7)
OK the license.
Click on Edit and select Preferences.
On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
Click the OK button
---------------------------------------------
Norton did not remove everything as it should. This is a common problem.
To completely remove Norton Antivirus, Download and Run the Norton Removal Tool for your version of Windows.
http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN&ln=en_US
Perform the DownLoad for your version of Windows (download to your desktop as it says).
On your desktop, click on Norton Removal Tool and follow the instructions.
Please Be patient. This tool removes hundreds of files and settings. It will let you know when it's done.
---------------------------------------------
Open Microsoft Security Essentials, have it Update itself and run a Full Scan.
Have it remove anything it finds.

Tell me how it goes, and how the machine is running for redirects..
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Redirection to random sites using google and other sites

Unread postby askey127 » March 27th, 2011, 8:23 am

this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 266 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware