Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Virus causing popups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Virus causing popups

Unread postby sweetchickchristina » August 2nd, 2011, 2:55 pm

My computer is experiencing an excess of popups. The pop up blockers on all browsers are enabled. I realized these popups are not originating from the browsers.

My DDS log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_26
Run by Laura at 14:41:14 on 2011-08-02
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.5887.4295 [GMT -4:00]
.
AV: Norton 360 *Enabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton 360 *Enabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: FCToolbarURLSearchHook Class: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll
uURLSearchHooks: H - No File
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Dogpile Bundle Toolbar BHO: {bfe4b5cb-63f7-4a51-9266-6167655d5b4f} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO: LivingPlay: {d9291f9e-7010-4d7a-8df6-455deef8ef51} - C:\Program Files (x86)\LivingPlay\lplaytl.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB: Dogpile Bundle Toolbar: {c80bdeb2-8735-44c6-bd55-a1ccd555667a} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
uRun: [Google Update] "C:\Users\Laura\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{76986EC7-0360-4A94-8470-9F238FE2D4F4} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
BHO-X64: Symantec NCO BHO - No File
BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\IPSBHO.DLL
BHO-X64: Symantec Intrusion Prevention - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Dogpile Bundle Toolbar BHO: {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
BHO-X64: FCTBPos00Pos - No File
BHO-X64: LivingPlay: {D9291F9E-7010-4D7A-8DF6-455DEEF8EF51} - C:\Program Files (x86)\LivingPlay\lplaytl.dll
BHO-X64: LivingPlay - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEPlg.dll
TB-X64: Dogpile Bundle Toolbar: {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Laura\AppData\Roaming\Mozilla\Firefox\Profiles\6md5dbzv.default\
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\LivingPlay\nplplaypop.dll
FF - plugin: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx64.sys [2011-7-22 1151096]
R1 ccHP;Symantec Hash Provider;C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys --> C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110801.030\IDSviA64.sys [2011-8-2 488056]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS --> C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS --> C:\Windows\system32\Drivers\N360x64\0403000.005\SYMTDIV.SYS [?]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe [2011-7-2 126392]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-7-28 136824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-02 18:20:49 98816 ----a-w- C:\Windows\sed.exe
2011-08-02 18:20:49 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-02 18:20:49 256000 ----a-w- C:\Windows\PEV.exe
2011-08-02 18:20:49 208896 ----a-w- C:\Windows\MBR.exe
2011-08-02 18:20:43 -------- d-s---w- C:\ComboFix
2011-08-02 15:39:15 -------- d-----w- C:\Users\Laura\AppData\Roaming\Malwarebytes
2011-08-02 15:39:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-02 15:39:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-02 15:38:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-02 15:38:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-21 04:34:10 -------- d-----w- C:\Program Files (x86)\Dogpile Bundle Toolbar
2011-07-21 04:34:04 -------- d-----w- C:\Program Files (x86)\LivingPlay
2011-07-12 18:52:52 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-12 18:52:52 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-07-12 18:52:52 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-12 18:52:52 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-12 18:52:52 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-12 18:52:52 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-12 18:52:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-12 18:52:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-12 18:52:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-12 18:52:51 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 18:52:51 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-12 08:20:23 -------- d-----r- C:\Program Files (x86)\Skype
2011-07-11 07:38:29 -------- d-----w- C:\Users\Laura\AppData\Local\Microsoft Games
2011-07-08 05:51:23 -------- d-----w- C:\Users\Laura\AppData\Roaming\Tific
2011-07-08 05:51:21 -------- d-----w- C:\Users\Laura\AppData\Local\Symantec
2011-07-07 02:06:27 -------- d-----w- C:\Windows\System32\SPReview
2011-07-07 02:04:47 -------- d-----w- C:\Windows\System32\EventProviders
.
==================== Find3M ====================
.
2011-07-07 02:13:21 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-07-07 02:13:21 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-02 23:55:15 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-02 00:44:13 173104 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2011-07-01 23:45:07 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-24 23:14:10 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-05-24 11:42:55 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:40:05 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:40:05 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:39:38 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 14:41:39.09 ===============


The Attach log

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2002 3:29:53 AM
System Uptime: 8/2/2011 12:29:23 PM (2 hours ago)
.
Motherboard: PEGATRON CORPORATION | | VIOLET6
Processor: AMD Athlon(tm) II X4 630 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 932 GiB total, 888.631 GiB free.
D: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP16: 7/8/2011 1:44:09 AM - Windows Update
RP17: 7/8/2011 2:01:44 AM - Windows Update
RP18: 7/12/2011 7:14:39 PM - Windows Update
RP19: 7/20/2011 3:11:04 AM - Scheduled Checkpoint
RP20: 7/27/2011 2:01:39 PM - Scheduled Checkpoint
RP21: 8/2/2011 2:20:55 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Shockwave Player 11.6
Dogpile Bundle Toolbar
Google Chrome
Google Talk Plugin
Java Auto Updater
Java(TM) 6 Update 26
LivingPlay
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 5.0 (x86 en-US)
Norton 360
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Toolbars
Skype™ 5.3
.
==== End Of File ===========================


Thanks for any help.
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm
Advertisement
Register to Remove

Re: Virus causing popups

Unread postby askey127 » August 5th, 2011, 7:09 pm

Hi sweetchickchristina,
Sorry for the delay.
If you still need help, and are not receiving it elsewhere, please proceed as follows:
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • Right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
The Extras.txt file will only appear the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus causing popups

Unread postby sweetchickchristina » August 7th, 2011, 8:38 pm

Thank you! I am not receiving help elsewhere. I will get right on this. I will be back to respond with the requested material ASAP.

Christina
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby sweetchickchristina » August 7th, 2011, 8:50 pm

OTL logfile created on: 8/7/2011 8:44:36 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.88 Gb Available Physical Memory | 84.83% Memory free
11.50 Gb Paging File | 10.24 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 887.30 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/07 20:40:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL (1).exe
PRC - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccsvchst.exe


========== Modules (SafeList) ==========

MOD - [2011/08/07 20:40:50 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Laura\Downloads\OTL (1).exe
MOD - [2010/11/20 07:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011/07/18 20:01:47 | 000,146,816 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/25 20:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ccSvcHst.exe -- (N360)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV:64bit: - [2011/07/01 20:44:13 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/05/06 00:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/04/29 01:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/21 23:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/21 22:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/21 22:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/02/25 20:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/01/27 08:58:38 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009/10/14 23:50:05 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0403000.005\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 18:17:08 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011/08/03 21:35:25 | 002,048,632 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110807.002\EX64.SYS -- (NAVEX15)
DRV - [2011/08/03 21:35:25 | 000,117,880 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110807.002\ENG64.SYS -- (NAVENG)
DRV - [2011/08/02 01:07:58 | 000,488,056 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110805.030\IDSviA64.sys -- (IDSVia64)
DRV - [2011/07/27 20:33:26 | 000,481,912 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2011/07/27 20:33:26 | 000,136,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2011/07/22 20:27:21 | 001,151,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx64.sys -- (BHDrvx64)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm






IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C0 7B 56 37 44 38 CC 01 [binary data]
IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll ()
IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\npDisplayEngine: C:\Program Files (x86)\LivingPlay\nplplaypop.dll ( )
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Laura\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Laura\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\ [2011/07/20 19:33:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn_2010_9_0_6 [2011/08/06 19:49:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/07/01 19:15:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011/07/21 00:34:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Laura\AppData\Roaming\Mozilla\Extensions
[2011/07/12 04:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/07/12 04:20:33 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011/07/01 19:45:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
[2011/08/06 19:49:11 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\COFFPLGN_2010_9_0_6
[2011/07/20 19:33:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPLGN
[2011/07/21 00:34:09 | 000,000,000 | ---D | M] (LivingPlay TextLinks) -- C:\USERS\LAURA\APPDATA\ROAMING\MOZILLA\EXTENSIONS\{EC8030F7-C20A-464F-9B0E-13A3A9E97384}\TEXTLINKS@LPLAY.COM
[2011/06/16 00:17:34 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/02 15:25:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.3.0.5\coIEplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-868180774-2464755877-989294739-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-868180774-2464755877-989294739-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-868180774-2464755877-989294739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/05 07:19:14 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\CrashDumps
[2011/08/03 17:45:15 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\SUPERAntiSpyware.com
[2011/08/03 17:45:06 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
[2011/08/03 17:45:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/08/03 17:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/08/03 17:45:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/02 15:36:36 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/02 15:28:11 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/08/02 14:20:49 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/08/02 14:20:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/08/02 14:20:49 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/08/02 14:20:44 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/08/02 14:20:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/02 11:39:15 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Malwarebytes
[2011/08/02 11:39:02 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011/08/02 11:39:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/08/02 11:39:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/08/02 11:38:58 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/08/02 11:38:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011/07/21 00:34:18 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
[2011/07/21 00:34:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dogpile Bundle Toolbar
[2011/07/21 00:34:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LivingPlay
[2011/07/12 14:53:26 | 000,421,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/07/12 14:53:25 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 14:53:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 14:53:25 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 14:53:25 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 14:53:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/07/12 14:53:24 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/07/12 14:53:24 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/07/12 14:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/07/12 14:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/07/12 14:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 14:53:24 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 14:53:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/07/12 14:53:19 | 000,325,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbport.sys
[2011/07/12 14:53:19 | 000,007,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usbd.sys
[2011/07/12 14:53:10 | 002,565,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/07/12 14:53:10 | 001,699,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/07/12 14:53:10 | 000,189,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/07/12 14:53:10 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/07/12 14:53:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/07/12 14:53:10 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/07/12 14:53:10 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/07/12 14:52:52 | 001,162,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/07/12 14:52:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/07/12 14:52:52 | 000,338,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/07/12 14:52:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/07/12 14:52:52 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/07/12 14:52:52 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/07/12 14:52:52 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/07/12 14:52:52 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/07/12 14:52:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/07/12 14:52:51 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/07/12 14:52:51 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/07/12 14:52:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/07/12 04:20:39 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Roaming\Skype
[2011/07/12 04:20:23 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011/07/12 04:20:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011/07/12 04:20:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011/07/11 03:38:29 | 000,000,000 | ---D | C] -- C:\Users\Laura\AppData\Local\Microsoft Games

========== Files - Modified Within 30 Days ==========

[2011/08/07 20:40:00 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-868180774-2464755877-989294739-1000UA.job
[2011/08/07 19:30:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/08/07 02:18:20 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-868180774-2464755877-989294739-1000Core.job
[2011/08/06 19:56:22 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 19:56:22 | 000,014,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/06 19:53:47 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/08/06 19:53:47 | 000,628,082 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/08/06 19:53:47 | 000,108,260 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/08/06 19:49:04 | 334,946,303 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/06 06:41:03 | 000,002,359 | ---- | M] () -- C:\Users\Laura\Desktop\Google Chrome.lnk
[2011/08/03 17:45:06 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/02 15:25:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011/08/02 11:39:02 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/12 20:17:49 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/07/12 04:20:23 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

========== Files Created - No Company Name ==========

[2011/08/03 17:45:06 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/08/02 14:20:49 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/08/02 14:20:49 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/08/02 14:20:49 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/08/02 14:20:49 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/08/02 14:20:49 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/08/02 11:39:02 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/07/12 04:20:23 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011/07/08 01:51:23 | 000,000,000 | ---D | M] -- C:\Users\Laura\AppData\Roaming\Tific
[2009/07/14 01:08:49 | 000,017,094 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby sweetchickchristina » August 7th, 2011, 8:51 pm

OTL Extras logfile created on: 8/7/2011 8:44:36 PM - Run 1
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Laura\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

5.75 Gb Total Physical Memory | 4.88 Gb Available Physical Memory | 84.83% Memory free
11.50 Gb Paging File | 10.24 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931.51 Gb Total Space | 887.30 Gb Free Space | 95.25% Space Free | Partition Type: NTFS

Computer Name: LAURA-PC | User Name: Laura | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Dogpile Bundle Toolbar" = Dogpile Bundle Toolbar
"LivingPlay" = LivingPlay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"N360" = Norton 360

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-868180774-2464755877-989294739-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 8/6/2011 1:37:50 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7601.17514,
time stamp: 0x4ce796f7 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7153
Faulting
process id: 0xafc Faulting application start time: 0x01cc53faf9d37500 Faulting application
path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 388f83b0-bfee-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 2:13:08 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7601.17514,
time stamp: 0x4ce796f7 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7153
Faulting
process id: 0x604 Faulting application start time: 0x01cc53ffe8466860 Faulting application
path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 26f9c480-bff3-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 3:02:20 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7601.17514,
time stamp: 0x4ce796f7 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7153
Faulting
process id: 0x4bc Faulting application start time: 0x01cc5406c7d110b0 Faulting application
path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 0680ea60-bffa-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 3:12:36 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7150 Faulting
process id: 0xa00 Faulting application start time: 0x01cc540836abcc90 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 75af1d70-bffb-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 3:12:53 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7150 Faulting
process id: 0xe0 Faulting application start time: 0x01cc5408420afe30 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 7fd41990-bffb-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 3:16:38 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7150 Faulting
process id: 0x9b0 Faulting application start time: 0x01cc5408c6f26e30 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 05ee9af0-bffc-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 3:16:55 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: DllHost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bca54 Faulting module name: ntdll.dll, version: 6.1.7601.17514, time
stamp: 0x4ce7c8f9 Exception code: 0xc000041d Fault offset: 0x00000000000b7150 Faulting
process id: 0x9b0 Faulting application start time: 0x01cc5408c6f26e30 Faulting application
path: C:\Windows\system32\DllHost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 10644750-bffc-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 4:13:48 AM | Computer Name = Laura-PC | Source = Application Error | ID = 1000
Description = Faulting application name: taskhost.exe, version: 6.1.7601.17514,
time stamp: 0x4ce796f7 Faulting module name: ntdll.dll, version: 6.1.7601.17514,
time stamp: 0x4ce7c8f9 Exception code: 0xc0000005 Fault offset: 0x00000000000b7153
Faulting
process id: 0x6a4 Faulting application start time: 0x01cc5410c3af9dd0 Faulting application
path: C:\Windows\system32\taskhost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
Report
Id: 025a6e70-c004-11e0-bbc8-e0cb4e04aacf

Error - 8/6/2011 6:02:15 AM | Computer Name = Laura-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 8/7/2011 2:57:44 AM | Computer Name = Laura-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

[ System Events ]
Error - 7/17/2011 2:44:36 PM | Computer Name = Laura-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 7/17/2011 2:44:36 PM | Computer Name = Laura-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume C:.

Error - 7/17/2011 2:44:36 PM | Computer Name = Laura-PC | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume \Device\HarddiskVolume1.

Error - 7/17/2011 2:58:33 PM | Computer Name = Laura-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:50:40 PM on ?7/?17/?2011 was unexpected.

Error - 8/2/2011 3:22:24 PM | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/2/2011 3:23:37 PM | Computer Name = Laura-PC | Source = Application Popup | ID = 1060
Description = \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility
with this system. Please contact your software vendor for a compatible version
of the driver.

Error - 8/2/2011 3:23:59 PM | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7030
Description = The PEVSystemStart service is marked as an interactive service. However,
the system is configured to not allow interactive services. This service may not
function properly.

Error - 8/3/2011 2:23:59 AM | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
BHDrvx64 SymIRON

Error - 8/4/2011 10:58:46 PM | Computer Name = Laura-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 10:56:55 PM on ?8/?4/?2011 was unexpected.

Error - 8/5/2011 12:49:27 PM | Computer Name = Laura-PC | Source = Service Control Manager | ID = 7011
Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
response from the ShellHWDetection service.


< End of report >
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby askey127 » August 8th, 2011, 8:14 am

sweetchickchristina,
I see where you have run some spyware removal tools in the past.
Please do not run any scans, removals or installations while we work, unless I ask, until your machine is cleaned up.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Uninstall a program under the Programs heading.
Right click each Entry, as follows, one by one, if it exists, choose Uninstall/Change, and give permission to Continue:

Dogpile Bundle Toolbar
Java Auto Updater
Java(TM) 6 Update 26

Take extra care in answering questions posed by any Uninstaller.
------------------------------------------------------------
Download and Install the latest version of Java Runtime Environment from here : http://www.oracle.com/technetwork/java/javase/downloads/index.html, and install it to your computer.
In the first section on the page, labeled Java SE 7(JDK or JRE), click on the button labeled Download JRE. Do NOT choose the button labeled "Download JDK".
If it won't allow you to get past the "Agree to the license" dialog, you will need to set your browser to temporarily allow scripts.
Check the button to agree to the license.
Select the link for your Platform (Windows 64-bit), and click it.
Download it, choose Save, and save it to your desktop.
Then right click and choose "Run as administrator", and it will install the newest version of Java for you to use.
When it finishes, you can remove the Installer from your desktop.
--------------------------------------------
TDSSKiller - Rootkit Removal Tool
Please download the TDSSKiller.exe by Kaspersky... save it to your Desktop. <-Important!!!
  1. Right-click on TDSSKiller.exe and select "Run As Administrator" to run the tool for known TDSS variants.
    If TDSSKiller does not run... rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. ektfhtw.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Ensure Cure (default) is selected... then click Continue > Reboot now to finish the cleaning process.
    • If Cure is not offered as an option, choose Skip.
  5. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the main directory of C:
    (the dd.mm.yyyy_hh.mm.ss numbers in the filename represent the time/date stamp)
  6. Copy and paste the contents of that file in your next reply.
If, for some reason,you can't locate the text file to paste into your reply, just tell me, but DO NOT run the program a second time.

Also tell me if you are connected to a router, and whether any other machines on the router are having popups or redirects.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus causing popups

Unread postby sweetchickchristina » August 11th, 2011, 12:18 pm

Hi,
I am taking care to follow your instructions. I am not seeing a Java Auto Updater on the list of add/remove programs. Also, an error occurred while I was attempting to uninstall Dogpile Bundle Toolbar, but it is not on the list of programs anymore. How should I proceed?
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby sweetchickchristina » August 11th, 2011, 12:34 pm

2011/08/11 12:31:19.0927 1780 TDSS rootkit removing tool 2.5.15.0 Aug 11 2011 16:32:13
2011/08/11 12:31:20.0317 1780 ================================================================================
2011/08/11 12:31:20.0317 1780 SystemInfo:
2011/08/11 12:31:20.0317 1780
2011/08/11 12:31:20.0317 1780 OS Version: 6.1.7601 ServicePack: 1.0
2011/08/11 12:31:20.0317 1780 Product type: Workstation
2011/08/11 12:31:20.0317 1780 ComputerName: LAURA-PC
2011/08/11 12:31:20.0317 1780 UserName: Laura
2011/08/11 12:31:20.0317 1780 Windows directory: C:\Windows
2011/08/11 12:31:20.0317 1780 System windows directory: C:\Windows
2011/08/11 12:31:20.0317 1780 Running under WOW64
2011/08/11 12:31:20.0317 1780 Processor architecture: Intel x64
2011/08/11 12:31:20.0317 1780 Number of processors: 4
2011/08/11 12:31:20.0317 1780 Page size: 0x1000
2011/08/11 12:31:20.0317 1780 Boot type: Normal boot
2011/08/11 12:31:20.0317 1780 ================================================================================
2011/08/11 12:31:20.0894 1780 Initialize success
2011/08/11 12:31:25.0231 3984 ================================================================================
2011/08/11 12:31:25.0231 3984 Scan started
2011/08/11 12:31:25.0231 3984 Mode: Manual;
2011/08/11 12:31:25.0231 3984 ================================================================================
2011/08/11 12:31:25.0855 3984 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
2011/08/11 12:31:25.0948 3984 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
2011/08/11 12:31:26.0073 3984 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
2011/08/11 12:31:26.0213 3984 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/08/11 12:31:26.0338 3984 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/08/11 12:31:26.0416 3984 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/08/11 12:31:26.0510 3984 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
2011/08/11 12:31:26.0588 3984 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
2011/08/11 12:31:26.0635 3984 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
2011/08/11 12:31:26.0666 3984 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
2011/08/11 12:31:26.0759 3984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/08/11 12:31:26.0806 3984 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/08/11 12:31:26.0853 3984 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
2011/08/11 12:31:26.0915 3984 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/08/11 12:31:26.0947 3984 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
2011/08/11 12:31:27.0009 3984 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
2011/08/11 12:31:27.0118 3984 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/08/11 12:31:27.0149 3984 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/08/11 12:31:27.0196 3984 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/11 12:31:27.0243 3984 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
2011/08/11 12:31:27.0337 3984 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/08/11 12:31:27.0415 3984 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/08/11 12:31:27.0477 3984 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/08/11 12:31:27.0649 3984 BHDrvx64 (c823adeedd3ae6f3db52b6152e5789cf) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110723.001\BHDrvx64.sys
2011/08/11 12:31:27.0695 3984 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/08/11 12:31:27.0742 3984 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/11 12:31:27.0805 3984 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/08/11 12:31:27.0836 3984 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/08/11 12:31:27.0867 3984 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/08/11 12:31:27.0883 3984 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/08/11 12:31:27.0914 3984 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/08/11 12:31:27.0929 3984 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/08/11 12:31:27.0945 3984 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/08/11 12:31:28.0117 3984 ccHP (da66e851e76766d2c84502fe682ab175) C:\Windows\system32\drivers\N360x64\0403000.005\ccHPx64.sys
2011/08/11 12:31:28.0195 3984 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/11 12:31:28.0241 3984 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
2011/08/11 12:31:28.0273 3984 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/08/11 12:31:28.0319 3984 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/08/11 12:31:28.0397 3984 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/11 12:31:28.0429 3984 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
2011/08/11 12:31:28.0475 3984 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
2011/08/11 12:31:28.0507 3984 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/11 12:31:28.0553 3984 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
2011/08/11 12:31:28.0585 3984 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/08/11 12:31:28.0647 3984 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
2011/08/11 12:31:28.0678 3984 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/08/11 12:31:28.0709 3984 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/08/11 12:31:28.0772 3984 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/08/11 12:31:28.0865 3984 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/11 12:31:28.0975 3984 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/08/11 12:31:29.0162 3984 eeCtrl (5e3a50930447f464c66032e05a4632f5) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
2011/08/11 12:31:29.0255 3984 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/08/11 12:31:29.0318 3984 EraserUtilRebootDrv (dcb76ecc6b50a266fdc16e1963ab98ce) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
2011/08/11 12:31:29.0365 3984 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
2011/08/11 12:31:29.0411 3984 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/08/11 12:31:29.0458 3984 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/08/11 12:31:29.0505 3984 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/11 12:31:29.0536 3984 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/08/11 12:31:29.0567 3984 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/08/11 12:31:29.0583 3984 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/11 12:31:29.0630 3984 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
2011/08/11 12:31:29.0661 3984 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/08/11 12:31:29.0692 3984 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/11 12:31:29.0739 3984 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/08/11 12:31:29.0755 3984 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/08/11 12:31:29.0801 3984 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/11 12:31:29.0833 3984 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/08/11 12:31:29.0895 3984 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
2011/08/11 12:31:29.0911 3984 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
2011/08/11 12:31:29.0957 3984 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/08/11 12:31:29.0989 3984 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/08/11 12:31:30.0004 3984 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/08/11 12:31:30.0051 3984 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
2011/08/11 12:31:30.0098 3984 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
2011/08/11 12:31:30.0176 3984 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
2011/08/11 12:31:30.0269 3984 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
2011/08/11 12:31:30.0316 3984 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
2011/08/11 12:31:30.0379 3984 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
2011/08/11 12:31:30.0566 3984 IDSVia64 (d321ff68ff6986bcc18fe85943cb55ef) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110810.030\IDSvia64.sys
2011/08/11 12:31:30.0675 3984 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/08/11 12:31:30.0831 3984 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
2011/08/11 12:31:30.0893 3984 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
2011/08/11 12:31:30.0940 3984 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/11 12:31:31.0003 3984 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/11 12:31:31.0034 3984 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
2011/08/11 12:31:31.0065 3984 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/08/11 12:31:31.0096 3984 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/08/11 12:31:31.0127 3984 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
2011/08/11 12:31:31.0159 3984 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
2011/08/11 12:31:31.0205 3984 JRAID (1c368c1a2733dcc5b8e15420aa2b0f6d) C:\Windows\system32\DRIVERS\jraid.sys
2011/08/11 12:31:31.0252 3984 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
2011/08/11 12:31:31.0299 3984 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
2011/08/11 12:31:31.0330 3984 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/11 12:31:31.0377 3984 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
2011/08/11 12:31:31.0424 3984 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/08/11 12:31:31.0502 3984 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/11 12:31:31.0564 3984 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/08/11 12:31:31.0595 3984 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/08/11 12:31:31.0611 3984 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/08/11 12:31:31.0642 3984 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/08/11 12:31:31.0673 3984 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/08/11 12:31:31.0705 3984 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/08/11 12:31:31.0736 3984 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/08/11 12:31:31.0767 3984 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/08/11 12:31:31.0814 3984 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/11 12:31:31.0876 3984 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
2011/08/11 12:31:31.0907 3984 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/11 12:31:31.0939 3984 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
2011/08/11 12:31:31.0985 3984 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
2011/08/11 12:31:32.0017 3984 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/11 12:31:32.0063 3984 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
2011/08/11 12:31:32.0126 3984 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/11 12:31:32.0173 3984 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/11 12:31:32.0235 3984 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/11 12:31:32.0282 3984 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
2011/08/11 12:31:32.0329 3984 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
2011/08/11 12:31:32.0391 3984 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/08/11 12:31:32.0422 3984 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/08/11 12:31:32.0453 3984 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
2011/08/11 12:31:32.0500 3984 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/11 12:31:32.0516 3984 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/11 12:31:32.0547 3984 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/08/11 12:31:32.0594 3984 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
2011/08/11 12:31:32.0687 3984 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
2011/08/11 12:31:32.0719 3984 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/08/11 12:31:32.0750 3984 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/08/11 12:31:32.0797 3984 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/08/11 12:31:32.0843 3984 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/11 12:31:32.0968 3984 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110810.037\ENG64.SYS
2011/08/11 12:31:33.0046 3984 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110810.037\EX64.SYS
2011/08/11 12:31:33.0124 3984 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
2011/08/11 12:31:33.0202 3984 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/08/11 12:31:33.0296 3984 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/11 12:31:33.0358 3984 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/11 12:31:33.0405 3984 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/11 12:31:33.0436 3984 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
2011/08/11 12:31:33.0499 3984 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/11 12:31:33.0545 3984 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/11 12:31:33.0608 3984 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/08/11 12:31:33.0655 3984 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/08/11 12:31:33.0701 3984 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/11 12:31:33.0795 3984 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
2011/08/11 12:31:33.0904 3984 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/08/11 12:31:33.0998 3984 NVENETFD (a85b4f2ef3a7304a5399ef0526423040) C:\Windows\system32\DRIVERS\nvm62x64.sys
2011/08/11 12:31:34.0279 3984 nvlddmkm (1cf597c9f0745735a6c5181ecb83706e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/08/11 12:31:34.0372 3984 NVNET (909eedcbd365bb81027d8e742e6b3416) C:\Windows\system32\DRIVERS\nvmf6264.sys
2011/08/11 12:31:34.0419 3984 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
2011/08/11 12:31:34.0481 3984 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
2011/08/11 12:31:34.0528 3984 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
2011/08/11 12:31:34.0606 3984 nvstor64 (6ba747b1a9297a6c0271700d12fdd495) C:\Windows\system32\DRIVERS\nvstor64.sys
2011/08/11 12:31:34.0653 3984 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
2011/08/11 12:31:34.0684 3984 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
2011/08/11 12:31:34.0715 3984 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/08/11 12:31:34.0762 3984 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
2011/08/11 12:31:34.0793 3984 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
2011/08/11 12:31:34.0825 3984 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
2011/08/11 12:31:34.0856 3984 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/11 12:31:34.0887 3984 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/08/11 12:31:34.0918 3984 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/08/11 12:31:35.0027 3984 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/11 12:31:35.0059 3984 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/08/11 12:31:35.0137 3984 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/11 12:31:35.0183 3984 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/08/11 12:31:35.0246 3984 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/08/11 12:31:35.0277 3984 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/11 12:31:35.0308 3984 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/11 12:31:35.0355 3984 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/08/11 12:31:35.0402 3984 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/11 12:31:35.0433 3984 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/11 12:31:35.0464 3984 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/11 12:31:35.0511 3984 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/11 12:31:35.0558 3984 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/08/11 12:31:35.0589 3984 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/11 12:31:35.0636 3984 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/11 12:31:35.0667 3984 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/08/11 12:31:35.0714 3984 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
2011/08/11 12:31:35.0823 3984 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
2011/08/11 12:31:35.0932 3984 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/11 12:31:35.0995 3984 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/08/11 12:31:36.0010 3984 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/08/11 12:31:36.0041 3984 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
2011/08/11 12:31:36.0088 3984 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
2011/08/11 12:31:36.0166 3984 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/08/11 12:31:36.0229 3984 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/08/11 12:31:36.0260 3984 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/08/11 12:31:36.0291 3984 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/08/11 12:31:36.0338 3984 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
2011/08/11 12:31:36.0385 3984 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/11 12:31:36.0400 3984 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/11 12:31:36.0416 3984 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/08/11 12:31:36.0478 3984 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/08/11 12:31:36.0494 3984 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/08/11 12:31:36.0525 3984 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/08/11 12:31:36.0556 3984 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/08/11 12:31:36.0650 3984 SRTSP (96babc4906ecdb1c69d1176f8647ad8e) C:\Windows\System32\Drivers\N360x64\0403000.005\SRTSP64.SYS
2011/08/11 12:31:36.0697 3984 SRTSPX (c7f491a290e0e4222f5cdcd50eeb8167) C:\Windows\system32\drivers\N360x64\0403000.005\SRTSPX64.SYS
2011/08/11 12:31:36.0759 3984 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
2011/08/11 12:31:36.0821 3984 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/11 12:31:36.0868 3984 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/11 12:31:36.0931 3984 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/08/11 12:31:37.0009 3984 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
2011/08/11 12:31:37.0071 3984 SymDS (659b227a72b76115975a6a9491b2fe1f) C:\Windows\system32\drivers\N360x64\0403000.005\SYMDS64.SYS
2011/08/11 12:31:37.0118 3984 SymEFA (42c952d131eff724a9959bb6d78c1b63) C:\Windows\system32\drivers\N360x64\0403000.005\SYMEFA64.SYS
2011/08/11 12:31:37.0180 3984 SymEvent (3f9d5fe52585e2653e59fdbfdf09a94c) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
2011/08/11 12:31:37.0227 3984 SymIRON (f57588546e738db1583981d8f44e9bc2) C:\Windows\system32\drivers\N360x64\0403000.005\Ironx64.SYS
2011/08/11 12:31:37.0289 3984 SYMTDIv (8abb6e5b7d75cd3f0a988695d0d9186a) C:\Windows\System32\Drivers\N360x64\0403000.005\SYMTDIV.SYS
2011/08/11 12:31:37.0414 3984 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
2011/08/11 12:31:37.0523 3984 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/11 12:31:37.0586 3984 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/11 12:31:37.0648 3984 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/08/11 12:31:37.0695 3984 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/08/11 12:31:37.0757 3984 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/11 12:31:37.0820 3984 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
2011/08/11 12:31:37.0898 3984 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/11 12:31:37.0976 3984 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
2011/08/11 12:31:38.0054 3984 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/11 12:31:38.0101 3984 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/08/11 12:31:38.0163 3984 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/11 12:31:38.0241 3984 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/11 12:31:38.0288 3984 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
2011/08/11 12:31:38.0303 3984 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/08/11 12:31:38.0366 3984 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/11 12:31:38.0428 3984 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
2011/08/11 12:31:38.0475 3984 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/11 12:31:38.0537 3984 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/11 12:31:38.0584 3984 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
2011/08/11 12:31:38.0615 3984 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/11 12:31:38.0678 3984 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/11 12:31:38.0709 3984 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
2011/08/11 12:31:38.0787 3984 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
2011/08/11 12:31:38.0818 3984 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/11 12:31:38.0849 3984 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/08/11 12:31:38.0896 3984 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
2011/08/11 12:31:38.0959 3984 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
2011/08/11 12:31:38.0990 3984 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
2011/08/11 12:31:39.0037 3984 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
2011/08/11 12:31:39.0083 3984 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
2011/08/11 12:31:39.0146 3984 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/08/11 12:31:39.0177 3984 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/08/11 12:31:39.0208 3984 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/08/11 12:31:39.0286 3984 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/11 12:31:39.0317 3984 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/11 12:31:39.0364 3984 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/08/11 12:31:39.0427 3984 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/11 12:31:39.0536 3984 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/08/11 12:31:39.0551 3984 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/08/11 12:31:39.0645 3984 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
2011/08/11 12:31:39.0723 3984 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/11 12:31:39.0785 3984 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
2011/08/11 12:31:39.0832 3984 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/11 12:31:39.0863 3984 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
2011/08/11 12:31:39.0863 3984 Boot (0x1200) (fda90a99589285e29032c90f8fb93573) \Device\Harddisk0\DR0\Partition0
2011/08/11 12:31:39.0879 3984 ================================================================================
2011/08/11 12:31:39.0879 3984 Scan finished
2011/08/11 12:31:39.0879 3984 ================================================================================
2011/08/11 12:31:39.0879 3644 Detected object count: 0
2011/08/11 12:31:39.0879 3644 Actual detected object count: 0
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby sweetchickchristina » August 11th, 2011, 12:36 pm

Also, I am not hooked up to a router. This is the only computer on the network.

Thanks for your help,
Christina
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby askey127 » August 11th, 2011, 5:58 pm

sweet,
OK. Looks pretty good.
Let's get rid of the Dogpile toolbar.
(Almost all toolbars are for the provider's benefit, not yours. Don't install ANY, unless you MUST.)
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • Under the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box:
    Code: Select all
    :processes
    killallprocesses
    
    :OTL
    IE - HKU\S-1-5-21-868180774-2464755877-989294739-1000\..\URLSearchHook: {f78bf7a8-cf12-4de7-a6da-c463d1b539a7} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll ()
    O2 - BHO: (Dogpile Bundle Toolbar BHO) - {BFE4B5CB-63F7-4A51-9266-6167655D5B4F} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
    O3 - HKLM\..\Toolbar: (Dogpile Bundle Toolbar) - {C80BDEB2-8735-44C6-BD55-A1CCD555667A} - C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll ()
    
    :Files
    C:\Program Files (x86)\Dogpile Bundle Toolbar
    
    :Commands
    [EMPTYTEMP]
    [CREATERESTOREPOINT]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered and reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus causing popups

Unread postby sweetchickchristina » August 13th, 2011, 2:57 pm

Hi, Thanks. I ran the fix and this is the scan results.
I appreciate your help,
Christina

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-868180774-2464755877-989294739-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f78bf7a8-cf12-4de7-a6da-c463d1b539a7}\ not found.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Helper.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}\ not found.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{C80BDEB2-8735-44C6-BD55-A1CCD555667A} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}\ not found.
File C:\Program Files (x86)\Dogpile Bundle Toolbar\Toolbar.dll not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Dogpile Bundle Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Laura
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 40304 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 43537258 bytes
->Google Chrome cache emptied: 169611184 bytes
->Flash cache emptied: 2563 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 203.00 mb

Restore point Set: OTL Restore Point
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby askey127 » August 14th, 2011, 7:03 am

christina,
-----------------------------------------------
Please download MiniToolBox and run it.
Check ONLY the following in the list:
  • Flush DNS
  • Report IE Proxy Settings
  • List IP configuration
Click GO and post the result (Result.txt).

After you run this, tell me if you are still seeing the popups.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Virus causing popups

Unread postby sweetchickchristina » August 15th, 2011, 9:24 pm

MiniToolBox by Farbar
Ran by Laura (administrator) on 15-08-2011 at 21:20:53
Windows 7 Home Premium Service Pack 1 (X64)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Laura-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : ec.rr.com

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : ec.rr.com
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : E0-CB-4E-04-AA-CF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::8986:e740:5bc7:632e%10(Preferred)
IPv4 Address. . . . . . . . . . . : 98.121.185.91(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.252.0
Lease Obtained. . . . . . . . . . : Monday, August 15, 2011 3:20:22 AM
Lease Expires . . . . . . . . . . : Tuesday, August 16, 2011 9:10:12 AM
Default Gateway . . . . . . . . . : 98.121.184.1
DHCP Server . . . . . . . . . . . : 10.208.0.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-03-DC-61-BF-E0-CB-4E-04-AA-CF
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:472:3fa3:9d86:46a4(Preferred)
Link-local IPv6 Address . . . . . : fe80::472:3fa3:9d86:46a4%11(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . : ec.rr.com
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:6279:b95b::6279:b95b(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 209.18.47.61
209.18.47.62
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.ec.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : ec.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: google.com
Addresses: 74.125.113.104
74.125.113.105
74.125.113.106
74.125.113.147
74.125.113.99
74.125.113.103


Pinging google.com [74.125.113.104] with 32 bytes of data:
Reply from 74.125.113.104: bytes=32 time=31ms TTL=53
Reply from 74.125.113.104: bytes=32 time=33ms TTL=53

Ping statistics for 74.125.113.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 31ms, Maximum = 33ms, Average = 32ms
Server: dns-cac-lb-01.rr.com
Address: 209.18.47.61

Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56


Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=80ms TTL=53
Reply from 98.137.149.56: bytes=32 time=82ms TTL=53

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 80ms, Maximum = 82ms, Average = 81ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
10...e0 cb 4e 04 aa cf ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
11...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
13...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 98.121.184.1 98.121.185.91 20
98.121.184.0 255.255.252.0 On-link 98.121.185.91 276
98.121.185.91 255.255.255.255 On-link 98.121.185.91 276
98.121.187.255 255.255.255.255 On-link 98.121.185.91 276
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 98.121.185.91 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 98.121.185.91 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 1125 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
11 58 2001::/32 On-link
11 306 2001:0:4137:9e76:472:3fa3:9d86:46a4/128
On-link
13 1025 2002::/16 On-link
13 281 2002:6279:b95b::6279:b95b/128
On-link
10 276 fe80::/64 On-link
11 306 fe80::/64 On-link
11 306 fe80::472:3fa3:9d86:46a4/128
On-link
10 276 fe80::8986:e740:5bc7:632e/128
On-link
1 306 ff00::/8 On-link
11 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

== End of log ==
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby sweetchickchristina » August 15th, 2011, 9:25 pm

So far, I haven't seen anymore pop ups. I really appreciate all of your help.

Christina
sweetchickchristina
Active Member
 
Posts: 10
Joined: August 2nd, 2011, 2:30 pm

Re: Virus causing popups

Unread postby askey127 » August 16th, 2011, 6:34 am

Christina,
Looks like you are good to go.
Good luck, (and don't accept any toolbars).
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 13905
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 33 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware