let me start off by saying you guys are great! I have used your site once before to fix my brother's computer years ago, and I didn't even need to create a thread! The solution was posted somewhere on the forums already. Unfortunately I am back again at my wits end.
I am not sure how it was acquired. I am usually good at not downloading .exes It has been probably 10+ years since I've had a virus. It has been going on since early December.
Symptoms:
- First Symptom (but no longer a symptom): computer would play short, random audio ads from out of nowhere, even if all programs were closed.
- Firefox and Chrome Google search results redirects.
- Additional tabs open when I click links (like a redirect, but in it's own new tab), and sometimes when I don't click links.
- Multiple Firefox browsers can be launched but none appear. When opening Firefox, it does not open, but I can find it in the background under Task Manager Processes (Not applications). Multiple firefox.exes can be launched and they will show up under processes, but I cannot access them, only "end process" to close them.
I have tried AVG (which finds nothing), Webroot, Microsoft Security Essentials, and Malwarebytes' Anti-Malware. Scan logs are posted. OTL Below.
Microsoft Security Essentials scan logs:
12/2/2010:
TrojanDropper:Win32/Dnik!rts
12/16:
VirTool:Win32/CeeInject.gen!J 10:20am
VirTool:Win32/CeeInject.gen!J 11:11am
VirTool:Win32/CeeInject.gen!J 11:21am
12/27
Trojan:Win32/Wimpixo.E 10:54am
Trojan:Win32/Wimpixo.E 11:14am
12/28
Trojan:Win32/Dynamer!dtc
1/2/2011
Rogue:Win32/FakeSpypro
1/7/2011
TrojanDownloader:HTML/Renos.R
Trojan:Win32/Dynamer!dtc
Malwarebytes' Anti-Malware Logs:
11/30/2010
Scan type: Quick scan
Objects scanned: 167905
Time elapsed: 4 minute(s), 4 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6
Memory Processes Infected:
c:\Windows\Temp\Rg1.exe (Trojan.Fraudpack) -> 3104 -> Unloaded process successfully.
c:\Windows\Temp\Rg0.exe (Trojan.Fraudpack) -> 772 -> Unloaded process successfully.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.Fraudpack) -> Value: JP595IR86O -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\Temp\Rg1.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\Windows\Temp\Rg0.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\Users\Joel\AppData\Local\Temp\reagentca.exe (Virus.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
12/1/2010
Scan type: Full scan (C:\|)
Objects scanned: 329763
Time elapsed: 50 minute(s), 30 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 64
Files Infected: 577
Memory Processes Infected:
c:\program files (x86)\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 1376 -> Unloaded process successfully.
c:\program files (x86)\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 2892 -> Unloaded process successfully.
Memory Modules Infected:
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Delete on reboot.
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
12/1/2010
Scan type: Full scan (C:\|)
Objects scanned: 149177
Time elapsed: 26 minute(s), 4 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
12/8/2010
Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 351953
Time elapsed: 1 hour(s), 8 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\Google\Update\googleupdatebeta.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.
12/19/2010
Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 356714
Time elapsed: 1 hour(s), 7 minute(s), 32 second(s)
Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 92
Files Infected: 719
Memory Processes Infected:
c:\program files (x86)\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 3404 -> Not selected for removal.
c:\program files (x86)\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 2148 -> Not selected for removal.
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Not selected for removal.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.
Registry Data Items Infected:
(No malicious items detected)
12/20/2010
Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 356861
Time elapsed: 1 hour(s), 24 minute(s), 18 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\$Recycle.Bin\s-1-5-21-3957214131-3400773334-1986242629-1000\$RPMACM6\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
1/8/2011
Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 359833
Time elapsed: 53 minute(s), 31 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
OTL Log:
OTL logfile created on: 1/8/2011 10:23:03 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 47.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 5.06 Gb Free Space | 12.95% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 69.45 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 66.80 Gb Free Space | 7.17% Space Free | Partition Type: NTFS
Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL(2).exe
PRC - [2010/12/18 14:53:07 | 001,392,784 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/10 09:16:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 09:16:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/12/07 18:44:16 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/11/24 09:46:13 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/01/08 05:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2007/08/06 16:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
========== Modules (SafeList) ==========
MOD - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL(2).exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 17:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2010/10/12 15:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 15:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/07/26 11:24:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/26 11:24:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/26 11:24:27 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/02 16:42:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 9C 9A F3 9F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 4
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/26 00:00:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 09:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 09:16:49 | 000,000,000 | ---D | M]
[2009/10/30 21:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2011/01/08 00:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions
[2010/12/15 11:47:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/10 09:16:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/29 19:55:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/31 19:18:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/06 13:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 10:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 00:00:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/31 19:18:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/17 12:37:58 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
O1 HOSTS File: ([2010/12/19 11:38:17 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PeerBlock] G:\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (ce.exe) - File not found
O30:64bit: - LSA: Security Packages - (.0\) - File not found
O30:64bit: - LSA: Security Packages - (\) - \ File not found
O30:64bit: - LSA: Security Packages - (7\) - File not found
O30 - LSA: Security Packages - (n-controls_6595b64144ccf1df_6.0.6002.18005_) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/09 14:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010/12/20 10:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010/12/18 14:54:43 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2010/12/18 14:54:42 | 000,137,248 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2010/12/18 14:54:42 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2010/12/18 14:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/18 14:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2010/12/18 14:53:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/12/18 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/12/18 14:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/12/18 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\PackageAware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/01/08 10:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000UA.job
[2011/01/08 10:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/08 10:13:15 | 069,905,175 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/01/08 10:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 01:00:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 00:37:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:37:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:34:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/08 00:34:08 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/08 00:34:08 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/08 00:29:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/08 00:29:35 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 23:04:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000Core.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/01 10:51:24 | 000,142,393 | ---- | M] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/18 14:53:14 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/12/16 03:20:34 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 17:17:02 | 000,002,395 | ---- | M] () -- C:\Users\Joel\Desktop\Google Chrome.lnk
[2010/12/13 00:14:58 | 000,484,892 | ---- | M] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/01/01 10:51:23 | 000,142,393 | ---- | C] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/18 14:54:43 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/12/18 14:53:14 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/17 14:09:06 | 000,594,074 | ---- | C] () -- C:\Users\Joel\Desktop\100_1797.JPG
[2010/12/17 14:05:32 | 000,602,782 | ---- | C] () -- C:\Users\Joel\Desktop\100_1796.JPG
[2010/12/17 14:05:25 | 000,765,199 | ---- | C] () -- C:\Users\Joel\Desktop\100_1795.JPG
[2010/12/13 00:15:26 | 000,484,892 | ---- | C] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[2010/07/26 11:07:14 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/06/20 20:24:27 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/23 12:01:17 | 000,022,847 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\UserTile.png
[2010/03/13 04:52:50 | 000,005,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 13:02:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
========== LOP Check ==========
[2010/09/18 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2010/07/26 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\4Media
[2010/05/22 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2009/11/02 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\DAEMON Tools Lite
[2010/06/14 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Facebook
[2009/10/31 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit
[2010/07/26 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2010/07/26 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\GetRightToGo
[2010/10/16 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Octoshape
[2010/04/23 12:01:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\PeerNetworking
[2010/12/30 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\uTorrent
[2010/01/18 21:33:53 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Yamb
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/01/07 08:40:38 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 168 bytes -> C:\Users\Joel\Desktop\Payment Receipt.jpeg:3or4kl4x13tuuug3Byamue2s4b
< End of report >