Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Redirects and more, month-long battle.

Started by JC4k , Jan 08 2011 12:42 PM

  • This topic is locked This topic is locked

#1
JC4k
Posted 08 January 2011 - 12:42 PM

JC4k

    New Member

  • Member
  • Pip
  • 8 posts
Greetings!
let me start off by saying you guys are great! I have used your site once before to fix my brother's computer years ago, and I didn't even need to create a thread! The solution was posted somewhere on the forums already. Unfortunately I am back again at my wits end.
I am not sure how it was acquired. I am usually good at not downloading .exes It has been probably 10+ years since I've had a virus. It has been going on since early December.

Symptoms:
  • First Symptom (but no longer a symptom): computer would play short, random audio ads from out of nowhere, even if all programs were closed.
  • Firefox and Chrome Google search results redirects.
  • Additional tabs open when I click links (like a redirect, but in it's own new tab), and sometimes when I don't click links.
  • Multiple Firefox browsers can be launched but none appear. When opening Firefox, it does not open, but I can find it in the background under Task Manager Processes (Not applications). Multiple firefox.exes can be launched and they will show up under processes, but I cannot access them, only "end process" to close them.
Maybe a week after I had the first symptoms, I booted my machine one day to find whitesmoke translator had installed itself. I think I got rid of it, but I'm not certain it is 100% gone since I am still having issues and have seen it re-install itself.

I have tried AVG (which finds nothing), Webroot, Microsoft Security Essentials, and Malwarebytes' Anti-Malware. Scan logs are posted. OTL Below.


Microsoft Security Essentials scan logs:

12/2/2010:
TrojanDropper:Win32/Dnik!rts

12/16:
VirTool:Win32/CeeInject.gen!J 10:20am
VirTool:Win32/CeeInject.gen!J 11:11am
VirTool:Win32/CeeInject.gen!J 11:21am

12/27
Trojan:Win32/Wimpixo.E 10:54am
Trojan:Win32/Wimpixo.E 11:14am

12/28
Trojan:Win32/Dynamer!dtc

1/2/2011
Rogue:Win32/FakeSpypro

1/7/2011
TrojanDownloader:HTML/Renos.R
Trojan:Win32/Dynamer!dtc


Malwarebytes' Anti-Malware Logs:


11/30/2010

Scan type: Quick scan
Objects scanned: 167905
Time elapsed: 4 minute(s), 4 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 6

Memory Processes Infected:
c:\Windows\Temp\Rg1.exe (Trojan.Fraudpack) -> 3104 -> Unloaded process successfully.
c:\Windows\Temp\Rg0.exe (Trojan.Fraudpack) -> 772 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\JP595IR86O (Trojan.Fraudpack) -> Value: JP595IR86O -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\Temp\Rg1.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\Windows\Temp\Rg0.exe (Trojan.Fraudpack) -> Quarantined and deleted successfully.
c:\Users\Joel\AppData\Local\Temp\reagentca.exe (Virus.Agent) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{22116563-108c-42c0-a7ce-60161b75e508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{62c40aa6-4406-467a-a5a5-dfdf1b559b7a}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Windows\Tasks\{bbaeaeaf-1275-40e2-bd6c-bc8f88bd114a}.job (Trojan.Downloader) -> Quarantined and deleted successfully.


12/1/2010

Scan type: Full scan (C:\|)
Objects scanned: 329763
Time elapsed: 50 minute(s), 30 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 2
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 64
Files Infected: 577

Memory Processes Infected:
c:\program files (x86)\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 1376 -> Unloaded process successfully.
c:\program files (x86)\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 2892 -> Unloaded process successfully.

Memory Modules Infected:
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbarx.dll (PUP.WhiteSmoke) -> Delete on reboot.
c:\program files (x86)\whitesmoketoolbar\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)


12/1/2010

Scan type: Full scan (C:\|)
Objects scanned: 149177
Time elapsed: 26 minute(s), 4 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


12/8/2010

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 351953
Time elapsed: 1 hour(s), 8 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\GoogleUpdateBeta (Backdoor.IRCBot) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Local\Google\Update\googleupdatebeta.exe (Backdoor.IRCBot) -> Quarantined and deleted successfully.



12/19/2010

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 356714
Time elapsed: 1 hour(s), 7 minute(s), 32 second(s)

Memory Processes Infected: 2
Memory Modules Infected: 0
Registry Keys Infected: 19
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 92
Files Infected: 719

Memory Processes Infected:
c:\program files (x86)\whitesmoke translator\whitesmokedictregistration.exe (PUP.WhiteSmoke) -> 3404 -> Not selected for removal.
c:\program files (x86)\whitesmoke translator\wstraydictmode.exe (PUP.WhiteSmoke) -> 2148 -> Not selected for removal.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\whitesmoketoolbar (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{49269ABB-3D8A-4153-93BC-2A695B066F82} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{CD6A6945-EB68-4F46-A4D2-184082A0491F} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{F33928A1-8849-48DE-BECB-829D7727AAF2} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\ComVistaElevator.LocalMachineWriter (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{064E314E-2382-46F2-A93A-239C7115579A} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{54DE313F-2261-4B8E-A699-9AE1D69BC7C9} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{3D8A3085-A097-4312-B6A4-49FF1A4A460B} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WCaptureX.WResult.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WCaptureX.WResult (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\CLSID\{C7E06D1D-4099-43D4-8C22-718E39713773} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\TypeLib\{68D76969-99CA-4057-9C66-9D0C6F497528} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\Interface\{BB283CBF-EB78-4438-BC3A-7563ED7FEDBF} (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX.1 (PUP.WhiteSmoke) -> Not selected for removal.
HKEY_CLASSES_ROOT\WMonitorX.WMonitorX (PUP.WhiteSmoke) -> Not selected for removal.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Not selected for removal.

Registry Data Items Infected:
(No malicious items detected)


12/20/2010

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 356861
Time elapsed: 1 hour(s), 24 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-AF6C-4C50-9DEF-F2E24F4C8889} (PUP.WhiteSmoke) -> Value: {52794457-AF6C-4C50-9DEF-F2E24F4C8889} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52794457-af6c-4c50-9def-f2e24f4c8889} (PUP.WhiteSmoke) -> Value: {52794457-af6c-4c50-9def-f2e24f4c8889} -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\$Recycle.Bin\s-1-5-21-3957214131-3400773334-1986242629-1000\$RPMACM6\whitesmoketoolbar.dll (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Local\microsoft\Windows\temporary internet files\Content.IE5\0PS72R2M\whitesmoketoolbar[1].exe (PUP.WhiteSmoke) -> Quarantined and deleted successfully.


1/8/2011

Scan type: Full scan (C:\|E:\|G:\|)
Objects scanned: 359833
Time elapsed: 53 minute(s), 31 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)








OTL Log:

OTL logfile created on: 1/8/2011 10:23:03 AM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = G:\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 4.00 Gb Available Physical Memory | 47.00% Memory free
16.00 Gb Paging File | 12.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 5.06 Gb Free Space | 12.95% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 69.45 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 66.80 Gb Free Space | 7.17% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL(2).exe
PRC - [2010/12/18 14:53:07 | 001,392,784 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/10 09:16:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 09:16:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/12/07 18:44:16 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/11/24 09:46:13 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/01/08 05:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2007/08/06 16:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Downloads\OTL(2).exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 17:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/12 15:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 15:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/07/26 11:24:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/26 11:24:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/26 11:24:27 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/02 16:42:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 9C 9A F3 9F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/26 00:00:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 09:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 09:16:49 | 000,000,000 | ---D | M]

[2009/10/30 21:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2011/01/08 00:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions
[2010/12/15 11:47:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/10 09:16:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/29 19:55:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/31 19:18:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/06 13:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 10:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 00:00:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/31 19:18:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/17 12:37:58 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/19 11:38:17 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PeerBlock] G:\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (ce.exe) - File not found
O30:64bit: - LSA: Security Packages - (.0\) - File not found
O30:64bit: - LSA: Security Packages - (\) - \ File not found
O30:64bit: - LSA: Security Packages - (7\) - File not found
O30 - LSA: Security Packages - (n-controls_6595b64144ccf1df_6.0.6002.18005_) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/09 14:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/20 10:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010/12/18 14:54:43 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2010/12/18 14:54:42 | 000,137,248 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2010/12/18 14:54:42 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2010/12/18 14:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/18 14:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2010/12/18 14:53:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/12/18 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/12/18 14:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/12/18 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\PackageAware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/08 10:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000UA.job
[2011/01/08 10:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/08 10:13:15 | 069,905,175 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/01/08 10:07:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 01:00:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 00:37:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:37:13 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 00:34:08 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/08 00:34:08 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/08 00:34:08 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/08 00:29:56 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/08 00:29:35 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/06 23:04:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000Core.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At2.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\tasks\At1.job
[2011/01/01 10:51:24 | 000,142,393 | ---- | M] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/18 14:53:14 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/12/16 03:20:34 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 17:17:02 | 000,002,395 | ---- | M] () -- C:\Users\Joel\Desktop\Google Chrome.lnk
[2010/12/13 00:14:58 | 000,484,892 | ---- | M] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 10:51:23 | 000,142,393 | ---- | C] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/18 14:54:43 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/12/18 14:53:14 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/17 14:09:06 | 000,594,074 | ---- | C] () -- C:\Users\Joel\Desktop\100_1797.JPG
[2010/12/17 14:05:32 | 000,602,782 | ---- | C] () -- C:\Users\Joel\Desktop\100_1796.JPG
[2010/12/17 14:05:25 | 000,765,199 | ---- | C] () -- C:\Users\Joel\Desktop\100_1795.JPG
[2010/12/13 00:15:26 | 000,484,892 | ---- | C] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[2010/07/26 11:07:14 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/06/20 20:24:27 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/23 12:01:17 | 000,022,847 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\UserTile.png
[2010/03/13 04:52:50 | 000,005,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 13:02:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/18 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2010/07/26 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\4Media
[2010/05/22 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2009/11/02 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\DAEMON Tools Lite
[2010/06/14 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Facebook
[2009/10/31 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit
[2010/07/26 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2010/07/26 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\GetRightToGo
[2010/10/16 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Octoshape
[2010/04/23 12:01:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\PeerNetworking
[2010/12/30 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\uTorrent
[2010/01/18 21:33:53 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Yamb
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At1.job
[2011/01/06 22:49:20 | 000,000,378 | ---- | M] () -- C:\Windows\Tasks\At2.job
[2011/01/07 08:40:38 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 168 bytes -> C:\Users\Joel\Desktop\Payment Receipt.jpeg:3or4kl4x13tuuug3Byamue2s4b

< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 08 January 2011 - 12:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Are you still hearing music/ads ?

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    @Alternate Data Stream - 168 bytes -> C:\Users\Joel\Desktop\Payment Receipt.jpeg:3or4kl4x13tuuug3Byamue2s4b

    :Files
    ipconfig /flushdns /c
    C:\Windows\tasks\At*.job

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A window similar to this should open on your desktop:

    Posted Image

  • If you are prompted with options, enter N at the prompt and press Enter
  • Press Enter again
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.

  • 0

#3
JC4k
Posted 08 January 2011 - 02:10 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Edit: I am not still hearing music/ads. Only in the first day or two this started happening there were music/ads. I think previous scans fixed this.

Received error during OTL Run Fix: Cannot create file C:\Windows\System32\drivers\etc\Hosts

OTL LOG after reboot:

OTL logfile created on: 1/8/2011 11:53:42 AM - Run 2
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 80.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 5.44 Gb Free Space | 13.92% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 69.45 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 66.80 Gb Free Space | 7.17% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
PRC - [2010/12/18 14:53:07 | 001,392,784 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/10 09:16:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/12/07 18:44:16 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/11/24 09:46:13 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/01/08 05:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2007/08/06 16:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
MOD - [2009/07/13 17:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/12 15:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 15:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/07/26 11:24:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/26 11:24:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/26 11:24:27 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/02 16:42:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 9C 9A F3 9F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/26 00:00:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 09:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 09:16:49 | 000,000,000 | ---D | M]

[2009/10/30 21:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2011/01/08 00:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions
[2010/12/15 11:47:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/10 09:16:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/29 19:55:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/31 19:18:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/06 13:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 10:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 00:00:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/31 19:18:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/17 12:37:58 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/19 11:38:17 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PeerBlock] G:\PeerBlock\peerblock.exe (PeerBlock, LLC)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (ce.exe) - File not found
O30:64bit: - LSA: Security Packages - (.0\) - File not found
O30:64bit: - LSA: Security Packages - (\) - \ File not found
O30:64bit: - LSA: Security Packages - (7\) - File not found
O30 - LSA: Security Packages - (n-controls_6595b64144ccf1df_6.0.6002.18005_) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/09 14:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 11:53:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
[2010/12/20 10:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010/12/18 14:54:43 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2010/12/18 14:54:42 | 000,137,248 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2010/12/18 14:54:42 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2010/12/18 14:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/18 14:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2010/12/18 14:53:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/12/18 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/12/18 14:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/12/18 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\PackageAware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/08 11:49:36 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 11:49:36 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 11:46:28 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/08 11:46:28 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/08 11:46:28 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/08 11:42:20 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/08 11:42:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 11:41:58 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 11:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000UA.job
[2011/01/08 11:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/08 11:10:01 | 000,740,861 | ---- | M] () -- C:\Users\Joel\Desktop\Payment Receipt.jpeg
[2011/01/08 10:13:15 | 069,905,175 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/01/08 01:00:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
[2011/01/08 00:25:26 | 000,000,000 | ---- | M] () -- C:\Users\Joel\Desktop\OTL.exe
[2011/01/06 23:04:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000Core.job
[2011/01/01 10:51:24 | 000,142,393 | ---- | M] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/18 14:53:14 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/12/16 03:20:34 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/14 17:17:02 | 000,002,395 | ---- | M] () -- C:\Users\Joel\Desktop\Google Chrome.lnk
[2010/12/13 00:14:58 | 000,484,892 | ---- | M] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 11:53:20 | 000,000,000 | ---- | C] () -- C:\Users\Joel\Desktop\OTL.exe
[2011/01/08 11:10:42 | 000,740,861 | ---- | C] () -- C:\Users\Joel\Desktop\Payment Receipt.jpeg
[2011/01/01 10:51:23 | 000,142,393 | ---- | C] () -- C:\Users\Joel\Desktop\fbchat.jpg
[2010/12/18 14:54:43 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/12/18 14:53:14 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/12/17 14:09:06 | 000,594,074 | ---- | C] () -- C:\Users\Joel\Desktop\100_1797.JPG
[2010/12/17 14:05:32 | 000,602,782 | ---- | C] () -- C:\Users\Joel\Desktop\100_1796.JPG
[2010/12/17 14:05:25 | 000,765,199 | ---- | C] () -- C:\Users\Joel\Desktop\100_1795.JPG
[2010/12/13 00:15:26 | 000,484,892 | ---- | C] () -- C:\Users\Joel\Desktop\plugin-SPQ2010.pdf
[2010/07/26 11:07:14 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/06/20 20:24:27 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/23 12:01:17 | 000,022,847 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\UserTile.png
[2010/03/13 04:52:50 | 000,005,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 13:02:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/18 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2010/07/26 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\4Media
[2010/05/22 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2009/11/02 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\DAEMON Tools Lite
[2010/06/14 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Facebook
[2009/10/31 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit
[2010/07/26 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2010/07/26 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\GetRightToGo
[2010/10/16 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Octoshape
[2010/04/23 12:01:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\PeerNetworking
[2010/12/30 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\uTorrent
[2010/01/18 21:33:53 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Yamb
[2011/01/07 08:40:38 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >




MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: MICRO-STAR INTERNATIONAL CO.,LTD
System Product Name: MS-7577
Logical Drives Mask: 0x000000fc

Kernel Drivers (total 152):
0x02A10000 \SystemRoot\system32\ntoskrnl.exe
0x02FEC000 \SystemRoot\system32\hal.dll
0x00B9D000 \SystemRoot\system32\kdcom.dll
0x00C46000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C53000 \SystemRoot\system32\PSHED.dll
0x00C67000 \SystemRoot\system32\CLFS.SYS
0x00CC5000 \SystemRoot\system32\CI.dll
0x00E89000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F2D000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x010D7000 \SystemRoot\System32\Drivers\spiy.sys
0x01000000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x01009000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x01038000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x0108F000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x01099000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F3C000 \SystemRoot\system32\DRIVERS\pci.sys
0x010A6000 \SystemRoot\System32\drivers\partmgr.sys
0x00F6F000 \SystemRoot\system32\DRIVERS\ssidrv.sys
0x010BB000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00F95000 \SystemRoot\System32\drivers\volmgrx.sys
0x010D0000 \SystemRoot\system32\DRIVERS\pciide.sys
0x00E00000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00E10000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E2A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E33000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E5D000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x00D85000 \SystemRoot\system32\drivers\fltmgr.sys
0x00E68000 \SystemRoot\system32\drivers\fileinfo.sys
0x0123C000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01491000 \SystemRoot\System32\Drivers\msrpc.sys
0x014EF000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01509000 \SystemRoot\System32\Drivers\cng.sys
0x0157C000 \SystemRoot\System32\drivers\pcw.sys
0x0158D000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01682000 \SystemRoot\system32\drivers\ndis.sys
0x01774000 \SystemRoot\system32\drivers\NETIO.SYS
0x017D4000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01800000 \SystemRoot\System32\drivers\tcpip.sys
0x01600000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01597000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x0164A000 \SystemRoot\System32\Drivers\spldr.sys
0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
0x01652000 \SystemRoot\System32\Drivers\mup.sys
0x01664000 \SystemRoot\System32\drivers\hwpolicy.sys
0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x01474000 \SystemRoot\system32\DRIVERS\disk.sys
0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x00DD1000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x00C00000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x013F2000 \SystemRoot\System32\Drivers\Null.SYS
0x0167B000 \SystemRoot\System32\Drivers\Beep.SYS
0x00FF1000 \SystemRoot\System32\drivers\vga.sys
0x02C36000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02C5B000 \SystemRoot\System32\drivers\watchdog.sys
0x02C6B000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02C74000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02C7D000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02C86000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C91000 \SystemRoot\System32\Drivers\Npfs.SYS
0x02CA2000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02CC0000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x02CCD000 \SystemRoot\System32\Drivers\avgtdia.sys
0x02D1E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D63000 \SystemRoot\system32\drivers\afd.sys
0x02DED000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02C00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02C26000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03632000 \SystemRoot\system32\DRIVERS\serial.sys
0x0364F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0366A000 \SystemRoot\system32\DRIVERS\termdd.sys
0x0367E000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x03690000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x036E1000 \SystemRoot\system32\drivers\nsiproxy.sys
0x036ED000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x036F8000 \SystemRoot\System32\drivers\discache.sys
0x03707000 \SystemRoot\System32\Drivers\dfsc.sys
0x03725000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03736000 \SystemRoot\System32\Drivers\avgmfx64.sys
0x0373E000 \SystemRoot\System32\Drivers\avgldx64.sys
0x03785000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x037AB000 \SystemRoot\system32\DRIVERS\amdppm.sys
0x03E2F000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x04446000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x0453A000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04580000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x045A4000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x037C0000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x045D6000 \SystemRoot\system32\DRIVERS\usbohci.sys
0x04AFD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04B53000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04B64000 \SystemRoot\system32\DRIVERS\serenum.sys
0x04B70000 \SystemRoot\System32\Drivers\ahqimoo6.SYS
0x04BB5000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04BBE000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04BCE000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04A00000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04A24000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04A30000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04A5F000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x04A7A000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04A9B000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04AB5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04AC4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04AD3000 \SystemRoot\system32\DRIVERS\swenum.sys
0x04CB1000 \SystemRoot\system32\DRIVERS\ks.sys
0x04CF4000 \SystemRoot\system32\DRIVERS\umbus.sys
0x04D06000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04D60000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04D75000 \SystemRoot\system32\drivers\HdAudio.sys
0x04C00000 \SystemRoot\system32\drivers\portcls.sys
0x04C3D000 \SystemRoot\system32\drivers\drmk.sys
0x04C5F000 \SystemRoot\system32\drivers\ksthunk.sys
0x04C65000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x04C73000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x04C8C000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x04C95000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04C97000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x04DD1000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04DEE000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x04AD5000 \SystemRoot\System32\Drivers\crashdmp.sys
0x04CA4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x04AE3000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x04BE4000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x00050000 \SystemRoot\System32\win32k.sys
0x04AEC000 \SystemRoot\System32\drivers\Dxapi.sys
0x045E1000 \SystemRoot\system32\DRIVERS\monitor.sys
0x00420000 \SystemRoot\System32\TSDDD.dll
0x00610000 \SystemRoot\System32\cdd.dll
0x03E00000 \SystemRoot\system32\drivers\luafv.sys
0x045EF000 \SystemRoot\system32\DRIVERS\ssfmonm.sys
0x03600000 \SystemRoot\system32\drivers\WudfPf.sys
0x015E3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x00C2D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x05C71000 \SystemRoot\system32\drivers\HTTP.sys
0x05D39000 \SystemRoot\system32\DRIVERS\bowser.sys
0x05D57000 \SystemRoot\System32\drivers\mpsdrv.sys
0x05D6F000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x05D9C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x05C00000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0603C000 \SystemRoot\system32\drivers\peauth.sys
0x060E2000 \SystemRoot\System32\Drivers\secdrv.SYS
0x060ED000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x0611A000 \SystemRoot\System32\drivers\tcpipreg.sys
0x0612C000 \SystemRoot\system32\drivers\tdtcp.sys
0x06137000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x06146000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x0617E000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06A98000 \SystemRoot\System32\DRIVERS\srv.sys
0x06B9F000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x77750000 \Windows\System32\ntdll.dll
0x48190000 \Windows\System32\smss.exe
0xFFA70000 \Windows\System32\apisetschema.dll

Processes (total 58):
0 System Idle Process
4 System
332 C:\Windows\System32\smss.exe
424 csrss.exe
488 C:\Windows\System32\wininit.exe
508 csrss.exe
520 C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
528 C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
600 C:\Windows\System32\services.exe
612 C:\Windows\System32\lsass.exe
620 C:\Windows\System32\lsm.exe
676 C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
704 C:\Windows\System32\winlogon.exe
380 C:\Windows\System32\svchost.exe
408 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
1028 C:\Windows\System32\svchost.exe
1104 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
1264 C:\Windows\System32\atiesrxx.exe
1336 C:\Windows\System32\svchost.exe
1400 C:\Windows\System32\svchost.exe
1452 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\svchost.exe
1964 C:\Windows\System32\atieclxx.exe
120 C:\Windows\System32\svchost.exe
1448 C:\Windows\System32\spoolsv.exe
1864 C:\Windows\System32\svchost.exe
2128 C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
2176 C:\Windows\System32\svchost.exe
2376 C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
2716 C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
2816 C:\Windows\System32\taskhost.exe
2892 C:\Windows\System32\dwm.exe
2992 C:\Windows\explorer.exe
3708 C:\Windows\System32\svchost.exe
3688 SSU.exe
2348 C:\Program Files\Windows Media Player\wmpnetwk.exe
2612 C:\Windows\System32\SearchIndexer.exe
1036 C:\Windows\System32\notepad.exe
3616 C:\Program Files\Microsoft Security Essentials\msseces.exe
1652 C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
1888 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
2880 C:\Program Files (x86)\Winamp\winampa.exe
2004 C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
3124 C:\PROGRA~2\AVG\AVG9\avgtray.exe
1260 C:\Windows\System32\audiodg.exe
4032 C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
3480 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3756 C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
3424 C:\Windows\System32\svchost.exe
1672 C:\Windows\System32\wuauclt.exe
4160 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4876 C:\Users\Joel\Desktop\OTL(2).exe
2356 C:\Windows\System32\consent.exe
4108 C:\Windows\System32\taskeng.exe
3724 taskhost.exe
4752 C:\Users\Joel\Desktop\MBRCheck.exe
4584 C:\Windows\System32\conhost.exe
4600 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive1 at offset 0x00000009`c3dcd400 (NTFS)
\\.\G: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive1 Model Number: SAMSUNGHD103UJ, Rev: 1AA01113
PhysicalDrive0 Model Number: ST31000528AS, Rev: CC38

Size Device Name MBR Status
--------------------------------------------
931 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966
931 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Edited by JC4k, 08 January 2011 - 02:29 PM.

  • 0

#4
Essexboy
Posted 08 January 2011 - 02:29 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK one area cleared now to clear another area, at some stage I may need to run Combofix, this means that AVG will have to be uninstalled. Are you happy with that ?


Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.


    Posted Image

  • If an infected file is detected, the default action will be Cure, click on Continue.


    Posted Image

  • If a suspicious file is detected, the default action will be Skip, click on Continue.


    Posted Image

  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.


    Posted Image

  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

  • 0

#5
JC4k
Posted 08 January 2011 - 02:33 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I am fine with AVG being uninstalled. I have to go to lunch right now, will be back to complete your next steps as soon as possible. Thank you for what you've done already!
  • 0

#6
Essexboy
Posted 08 January 2011 - 03:03 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No problem we will need to go slowly area by area to ensure it does not hide form us
  • 0

#7
JC4k
Posted 08 January 2011 - 04:01 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
TDSSKiller log: (Reboot was required)

2011/01/08 13:47:21.0882 TDSS rootkit removing tool 2.4.12.0 Dec 16 2010 09:46:46
2011/01/08 13:47:21.0882 ================================================================================
2011/01/08 13:47:21.0882 SystemInfo:
2011/01/08 13:47:21.0882
2011/01/08 13:47:21.0882 OS Version: 6.1.7600 ServicePack: 0.0
2011/01/08 13:47:21.0882 Product type: Workstation
2011/01/08 13:47:21.0882 ComputerName: JOEL-PC
2011/01/08 13:47:21.0882 UserName: Joel
2011/01/08 13:47:21.0882 Windows directory: C:\Windows
2011/01/08 13:47:21.0882 System windows directory: C:\Windows
2011/01/08 13:47:21.0882 Running under WOW64
2011/01/08 13:47:21.0882 Processor architecture: Intel x64
2011/01/08 13:47:21.0882 Number of processors: 3
2011/01/08 13:47:21.0882 Page size: 0x1000
2011/01/08 13:47:21.0882 Boot type: Normal boot
2011/01/08 13:47:21.0882 ================================================================================
2011/01/08 13:47:21.0883 Utility is running under WOW64
2011/01/08 13:47:23.0632 Initialize success
2011/01/08 13:47:45.0455 ================================================================================
2011/01/08 13:47:45.0455 Scan started
2011/01/08 13:47:45.0455 Mode: Manual;
2011/01/08 13:47:45.0455 ================================================================================
2011/01/08 13:47:46.0178 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/01/08 13:47:46.0228 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/01/08 13:47:46.0253 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/01/08 13:47:46.0280 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/01/08 13:47:46.0299 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/01/08 13:47:46.0323 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/01/08 13:47:46.0369 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/01/08 13:47:46.0391 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/01/08 13:47:46.0414 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/01/08 13:47:46.0437 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/01/08 13:47:46.0456 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/01/08 13:47:46.0486 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/01/08 13:47:46.0508 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/01/08 13:47:46.0520 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/01/08 13:47:46.0540 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/01/08 13:47:46.0560 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/01/08 13:47:46.0577 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/01/08 13:47:46.0593 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/01/08 13:47:46.0623 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/01/08 13:47:46.0640 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/01/08 13:47:46.0757 atikmdag (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/01/08 13:47:46.0879 AvgLdx64 (b447db072bf939db9e07bef2adf4ecbd) C:\Windows\system32\Drivers\avgldx64.sys
2011/01/08 13:47:46.0905 AvgMfx64 (405baabbb48f9176e220020b1a77c47b) C:\Windows\system32\Drivers\avgmfx64.sys
2011/01/08 13:47:46.0927 AvgTdiA (ce90aec358a809e7bce6bb0f1da84622) C:\Windows\system32\Drivers\avgtdia.sys
2011/01/08 13:47:46.0960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/01/08 13:47:46.0994 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/01/08 13:47:47.0026 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/01/08 13:47:47.0061 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/01/08 13:47:47.0088 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/01/08 13:47:47.0106 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/01/08 13:47:47.0129 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/01/08 13:47:47.0144 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/01/08 13:47:47.0166 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/01/08 13:47:47.0185 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/01/08 13:47:47.0204 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/01/08 13:47:47.0224 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/01/08 13:47:47.0251 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/01/08 13:47:47.0271 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/01/08 13:47:47.0295 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/01/08 13:47:47.0326 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/01/08 13:47:47.0373 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/01/08 13:47:47.0394 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/01/08 13:47:47.0426 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/01/08 13:47:47.0447 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/01/08 13:47:47.0474 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/01/08 13:47:47.0499 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/01/08 13:47:47.0531 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/01/08 13:47:47.0552 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/01/08 13:47:47.0574 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/01/08 13:47:47.0616 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/01/08 13:47:47.0674 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
2011/01/08 13:47:47.0776 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/01/08 13:47:47.0844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/01/08 13:47:47.0866 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/01/08 13:47:47.0897 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/01/08 13:47:47.0921 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/01/08 13:47:47.0947 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/01/08 13:47:47.0977 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/01/08 13:47:47.0999 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/01/08 13:47:48.0013 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/01/08 13:47:48.0038 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/01/08 13:47:48.0062 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/01/08 13:47:48.0080 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/01/08 13:47:48.0111 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/01/08 13:47:48.0130 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/01/08 13:47:48.0176 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/01/08 13:47:48.0213 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/01/08 13:47:48.0237 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/01/08 13:47:48.0248 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/01/08 13:47:48.0269 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/01/08 13:47:48.0290 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/01/08 13:47:48.0314 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/01/08 13:47:48.0345 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/01/08 13:47:48.0375 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/01/08 13:47:48.0397 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/01/08 13:47:48.0420 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/01/08 13:47:48.0454 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/01/08 13:47:48.0484 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/01/08 13:47:48.0513 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/01/08 13:47:48.0540 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/01/08 13:47:48.0568 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/01/08 13:47:48.0592 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/01/08 13:47:48.0617 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/01/08 13:47:48.0641 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/01/08 13:47:48.0659 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/01/08 13:47:48.0687 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/01/08 13:47:48.0712 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/01/08 13:47:48.0734 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/01/08 13:47:48.0757 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/01/08 13:47:48.0788 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/01/08 13:47:48.0811 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/01/08 13:47:48.0855 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/01/08 13:47:48.0892 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/01/08 13:47:48.0914 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/01/08 13:47:48.0936 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/01/08 13:47:48.0956 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/01/08 13:47:48.0980 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/01/08 13:47:49.0003 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/01/08 13:47:49.0020 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/01/08 13:47:49.0054 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/01/08 13:47:49.0078 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/01/08 13:47:49.0097 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/01/08 13:47:49.0128 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/01/08 13:47:49.0139 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/01/08 13:47:49.0176 MpFilter (c4d8c3031c7cd5884ca856b15307e997) C:\Windows\system32\DRIVERS\MpFilter.sys
2011/01/08 13:47:49.0188 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/01/08 13:47:49.0214 MpNWMon (a768f58c55d3f303e686a7646348aec3) C:\Windows\system32\DRIVERS\MpNWMon.sys
2011/01/08 13:47:49.0232 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/01/08 13:47:49.0260 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/01/08 13:47:49.0288 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/01/08 13:47:49.0308 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/01/08 13:47:49.0333 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/01/08 13:47:49.0363 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/01/08 13:47:49.0390 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/01/08 13:47:49.0420 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/01/08 13:47:49.0461 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/01/08 13:47:49.0486 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/01/08 13:47:49.0513 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/01/08 13:47:49.0539 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/01/08 13:47:49.0551 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/01/08 13:47:49.0579 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/01/08 13:47:49.0601 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/01/08 13:47:49.0616 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/01/08 13:47:49.0636 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/01/08 13:47:49.0663 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/01/08 13:47:49.0708 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/01/08 13:47:49.0743 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/01/08 13:47:49.0770 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/01/08 13:47:49.0790 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/01/08 13:47:49.0815 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/01/08 13:47:49.0836 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/01/08 13:47:49.0852 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/01/08 13:47:49.0872 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/01/08 13:47:49.0895 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/01/08 13:47:49.0936 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/01/08 13:47:49.0971 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/01/08 13:47:49.0994 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/01/08 13:47:50.0034 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/01/08 13:47:50.0070 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/01/08 13:47:50.0093 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/01/08 13:47:50.0110 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/01/08 13:47:50.0122 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/01/08 13:47:50.0137 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/01/08 13:47:50.0162 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/01/08 13:47:50.0179 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/01/08 13:47:50.0200 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/01/08 13:47:50.0221 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/01/08 13:47:50.0243 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/01/08 13:47:50.0256 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/01/08 13:47:50.0280 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/01/08 13:47:50.0353 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/01/08 13:47:50.0375 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/01/08 13:47:50.0400 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/01/08 13:47:50.0439 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/01/08 13:47:50.0474 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/01/08 13:47:50.0497 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/01/08 13:47:50.0518 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/01/08 13:47:50.0548 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/01/08 13:47:50.0578 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/01/08 13:47:50.0606 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/01/08 13:47:50.0625 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/01/08 13:47:50.0648 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/01/08 13:47:50.0668 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/01/08 13:47:50.0700 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/01/08 13:47:50.0716 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/01/08 13:47:50.0734 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/01/08 13:47:50.0759 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/01/08 13:47:50.0782 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/01/08 13:47:50.0818 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/01/08 13:47:50.0858 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/01/08 13:47:50.0901 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/01/08 13:47:50.0970 SCDEmu (4b12e2e559641b0f26474bbc6d7cfaff) C:\Windows\system32\drivers\SCDEmu.sys
2011/01/08 13:47:51.0014 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/01/08 13:47:51.0044 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/01/08 13:47:51.0081 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/01/08 13:47:51.0097 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/01/08 13:47:51.0116 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/01/08 13:47:51.0151 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/01/08 13:47:51.0174 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/01/08 13:47:51.0196 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/01/08 13:47:51.0216 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/01/08 13:47:51.0242 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/01/08 13:47:51.0262 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/01/08 13:47:51.0290 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/01/08 13:47:51.0322 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/01/08 13:47:51.0383 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
2011/01/08 13:47:51.0383 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
2011/01/08 13:47:51.0386 sptd - detected Locked file (1)
2011/01/08 13:47:51.0430 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/01/08 13:47:51.0473 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/01/08 13:47:51.0504 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/01/08 13:47:51.0546 ssfmonm (23bf9353520ca427bfc8e021ea948011) C:\Windows\system32\DRIVERS\ssfmonm.sys
2011/01/08 13:47:51.0568 ssidrv (5012dfc0920f61ef842abb5d07df59d5) C:\Windows\system32\DRIVERS\ssidrv.sys
2011/01/08 13:47:51.0593 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/01/08 13:47:51.0619 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/01/08 13:47:51.0686 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/01/08 13:47:51.0742 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/01/08 13:47:51.0772 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/01/08 13:47:51.0801 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/01/08 13:47:51.0824 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/01/08 13:47:51.0852 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/01/08 13:47:51.0874 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/01/08 13:47:51.0912 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/01/08 13:47:51.0953 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/01/08 13:47:51.0979 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/01/08 13:47:52.0008 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/01/08 13:47:52.0035 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/01/08 13:47:52.0057 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/01/08 13:47:52.0090 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/01/08 13:47:52.0116 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/01/08 13:47:52.0128 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/01/08 13:47:52.0146 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/01/08 13:47:52.0170 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/01/08 13:47:52.0193 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/01/08 13:47:52.0216 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/01/08 13:47:52.0246 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/01/08 13:47:52.0269 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/01/08 13:47:52.0290 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/01/08 13:47:52.0314 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/01/08 13:47:52.0327 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/01/08 13:47:52.0345 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/01/08 13:47:52.0369 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/01/08 13:47:52.0393 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/01/08 13:47:52.0409 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/01/08 13:47:52.0427 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/01/08 13:47:52.0453 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/01/08 13:47:52.0485 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/01/08 13:47:52.0512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
2011/01/08 13:47:52.0549 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/01/08 13:47:52.0569 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/08 13:47:52.0578 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/01/08 13:47:52.0617 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/01/08 13:47:52.0649 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/01/08 13:47:52.0719 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/01/08 13:47:52.0740 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/01/08 13:47:52.0798 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
2011/01/08 13:47:52.0823 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/01/08 13:47:52.0863 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/01/08 13:47:52.0900 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/01/08 13:47:52.0932 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/01/08 13:47:52.0967 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
2011/01/08 13:47:52.0994 ================================================================================
2011/01/08 13:47:52.0994 Scan finished
2011/01/08 13:47:52.0994 ================================================================================
2011/01/08 13:47:53.0001 Detected object count: 2
2011/01/08 13:48:58.0381 Locked file(sptd) - User select action: Skip
2011/01/08 13:48:58.0411 \HardDisk0 - will be cured after reboot
2011/01/08 13:48:58.0412 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
2011/01/08 13:49:36.0902 Deinitialize success
  • 0

#8
Essexboy
Posted 08 January 2011 - 04:39 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Gotcha - TDL4 bootkit :D Could you check for re-directs on completion of the MBAM run and then re-run a fresh OTL log for me please

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

#9
JC4k
Posted 08 January 2011 - 05:00 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Leaving for work after these scans, will check back tonight, thanks for your help so far!

MBAM Log:
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/8/2011 2:57:24 PM
mbam-log-2011-01-08 (14-57-24).txt

Scan type: Quick scan
Objects scanned: 173013
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



OTL Log:

OTL logfile created on: 1/8/2011 2:58:03 PM - Run 3
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Joel\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 75.00% Memory free
16.00 Gb Paging File | 14.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 39.06 Gb Total Space | 5.12 Gb Free Space | 13.10% Space Free | Partition Type: NTFS
Drive E: | 892.44 Gb Total Space | 69.45 Gb Free Space | 7.78% Space Free | Partition Type: NTFS
Drive G: | 931.51 Gb Total Space | 66.80 Gb Free Space | 7.17% Space Free | Partition Type: NTFS

Computer Name: JOEL-PC | User Name: Joel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
PRC - [2010/12/20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010/12/18 14:53:07 | 001,392,784 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe
PRC - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe
PRC - [2010/12/10 09:16:48 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/12/10 09:16:48 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\AEI.exe
PRC - [2010/12/07 18:44:16 | 000,158,048 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files (x86)\Webroot\Security\Current\plugins\antimalware\SSU.exe
PRC - [2010/11/24 09:46:13 | 002,069,344 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgtray.exe
PRC - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
PRC - [2010/06/02 16:50:58 | 001,144,104 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/01/13 14:44:52 | 000,037,888 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Winamp\winampa.exe
PRC - [2009/01/08 05:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2007/08/06 16:05:46 | 000,200,704 | ---- | M] (PowerISO Computing, Inc.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.EXE


========== Modules (SafeList) ==========

MOD - [2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010/03/25 23:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/08/18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2010/12/18 14:53:05 | 003,275,112 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\Current\Framework\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/12/07 18:44:24 | 003,888,696 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files (x86)\Webroot\Security\current\plugins\antimalware\AEI.exe -- (WebrootSpySweeperService)
SRV - [2010/07/26 11:23:33 | 000,308,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/12 15:57:14 | 000,137,248 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ssidrv.sys -- (ssidrv)
DRV:64bit: - [2010/10/12 15:57:12 | 000,055,360 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\ssfmonm.sys -- (ssfmonm)
DRV:64bit: - [2010/07/26 11:24:30 | 000,317,520 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (AvgTdiA)
DRV:64bit: - [2010/07/26 11:24:27 | 000,269,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (AvgLdx64)
DRV:64bit: - [2010/07/26 11:24:27 | 000,035,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (AvgMfx64)
DRV:64bit: - [2009/11/02 16:42:27 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/08/18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB D4 9C 9A F3 9F CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.2
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.8.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.872
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..network.proxy.type: 4


FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG9\Firefox [2010/11/26 00:00:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/12/10 09:16:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/12/10 09:16:49 | 000,000,000 | ---D | M]

[2009/10/30 21:29:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Extensions
[2011/01/08 00:10:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions
[2010/12/15 11:47:18 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2010/12/10 09:16:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/29 19:55:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2009/10/31 19:18:32 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Users\Joel\AppData\Roaming\Mozilla\Firefox\Profiles\vo5ff09i.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/07/06 13:39:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/09/05 10:01:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/03 22:16:01 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/11/26 00:00:22 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG9\FIREFOX
[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/10/31 19:18:01 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/01/13 14:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
[2010/12/17 12:37:58 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

O1 HOSTS File: ([2010/12/19 11:38:17 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (SMTTB2009 Class) - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (4Media Video Toolbar) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - C:\Program Files (x86)\4Media Video Toolbar\tbcore3.dll ()
O4:64bit: - HKLM..\Run: [MSSE] C:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files (x86)\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [WebrootTrayApp] C:\Program Files (x86)\Webroot\Security\Current\Framework\WRTray.exe (Webroot Software, Inc. )
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\Joel\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [PeerBlock] G:\PeerBlock\peerblock.exe (PeerBlock, LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: virginmobileusa.com ([www1] https in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.27.35.1
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - AppInit_DLLs: (avgrssta.dll) - C:\Windows\SysNative\avgrssta.dll (AVG Technologies CZ, s.r.o.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Authentication Packages - (ows\w) - File not found
O30 - LSA: Authentication Packages - (ows\w) - File not found
O30:64bit: - LSA: Security Packages - (ce.exe) - File not found
O30:64bit: - LSA: Security Packages - (.0\) - File not found
O30:64bit: - LSA: Security Packages - (\) - \ File not found
O30:64bit: - LSA: Security Packages - (7\) - File not found
O30 - LSA: Security Packages - (n-controls_6595b64144ccf1df_6.0.6002.18005_) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001/05/09 14:25:02 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{845325de-a6f5-11df-a544-00242123a14e}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell - "" = AutoRun
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\AutoRun\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\configure\command - "" = F:\SETUP.EXE -- File not found
O33 - MountPoints2\{e560efd0-c811-11de-b439-00242123a14e}\Shell\install\command - "" = F:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/08 13:46:59 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Joel\Desktop\TDSSKiller.exe
[2011/01/08 13:45:17 | 000,000,000 | ---D | C] -- C:\Users\Joel\Desktop\EVERYTHING
[2011/01/08 12:01:50 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Roaming\AVG9
[2011/01/08 11:53:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
[2010/12/20 10:15:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2010/12/18 14:54:43 | 000,019,576 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\SsiEfr.exe
[2010/12/18 14:54:42 | 000,137,248 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssidrv.sys
[2010/12/18 14:54:42 | 000,055,360 | ---- | C] (Webroot Software, Inc. (www.webroot.com)) -- C:\Windows\SysNative\drivers\ssfmonm.sys
[2010/12/18 14:54:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2010/12/18 14:53:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Webroot
[2010/12/18 14:53:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\{346564C3-1CD0-440B-AE7A-F644B66D2026}
[2010/12/18 14:52:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Webroot
[2010/12/18 14:52:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/12/18 14:52:00 | 000,000,000 | ---D | C] -- C:\Users\Joel\AppData\Local\PackageAware
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/08 14:16:00 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000UA.job
[2011/01/08 14:14:00 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/01/08 13:57:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 13:57:52 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/08 13:54:50 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/08 13:54:50 | 000,623,940 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/08 13:54:50 | 000,106,316 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/08 13:50:46 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/01/08 13:50:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/08 13:50:20 | 2146,099,199 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/08 13:45:10 | 001,232,020 | ---- | M] () -- C:\Users\Joel\Desktop\tdsskiller.zip
[2011/01/08 11:55:25 | 000,080,384 | ---- | M] () -- C:\Users\Joel\Desktop\MBRCheck.exe
[2011/01/08 10:13:15 | 069,905,175 | ---- | M] () -- C:\Windows\SysNative\drivers\Avg\incavi.avm
[2011/01/08 01:00:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/01/08 00:34:59 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Joel\Desktop\OTL(2).exe
[2011/01/08 00:25:26 | 000,000,000 | ---- | M] () -- C:\Users\Joel\Desktop\OTL.exe
[2011/01/06 23:04:14 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3957214131-3400773334-1986242629-1000Core.job
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,024,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2010/12/18 14:53:14 | 000,002,287 | ---- | M] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | M] () -- C:\Windows\install.dat
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Joel\Desktop\TDSSKiller.exe
[2010/12/16 03:20:34 | 000,413,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/08 13:46:52 | 001,232,020 | ---- | C] () -- C:\Users\Joel\Desktop\tdsskiller.zip
[2011/01/08 11:56:00 | 000,080,384 | ---- | C] () -- C:\Users\Joel\Desktop\MBRCheck.exe
[2011/01/08 11:53:20 | 000,000,000 | ---- | C] () -- C:\Users\Joel\Desktop\OTL.exe
[2010/12/18 14:54:43 | 000,030,424 | ---- | C] () -- C:\Windows\SysWow64\wrLZMA.dll
[2010/12/18 14:53:14 | 000,002,287 | ---- | C] () -- C:\Users\Public\Desktop\Webroot AntiVirus with Spy Sweeper.lnk
[2010/12/18 14:51:55 | 000,000,164 | ---- | C] () -- C:\Windows\install.dat
[2010/07/26 11:07:14 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2010/06/20 20:24:27 | 000,000,268 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/04/23 12:01:17 | 000,022,847 | ---- | C] () -- C:\Users\Joel\AppData\Roaming\UserTile.png
[2010/03/13 04:52:50 | 000,005,120 | ---- | C] () -- C:\Users\Joel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/10/31 13:02:05 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/09/18 22:11:51 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\.minecraft
[2010/07/26 11:29:06 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\4Media
[2011/01/08 12:01:50 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\AVG9
[2010/05/22 22:10:13 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Canneverbe Limited
[2009/11/02 16:54:14 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\DAEMON Tools Lite
[2010/06/14 09:07:32 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Facebook
[2009/10/31 19:18:28 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Foxit
[2010/07/26 11:07:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\FreeAudioPack
[2010/07/26 11:04:15 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\GetRightToGo
[2010/10/16 10:55:36 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Octoshape
[2010/04/23 12:01:17 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\PeerNetworking
[2010/12/30 14:45:16 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\uTorrent
[2010/01/18 21:33:53 | 000,000,000 | ---D | M] -- C:\Users\Joel\AppData\Roaming\Yamb
[2011/01/07 08:40:38 | 000,032,636 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#10
Essexboy
Posted 08 January 2011 - 05:02 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I am off to bed in a bit, when you get a chance could you check to see if the redirects have gone
  • 0

Advertisements

#11
JC4k
Posted 09 January 2011 - 12:20 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
I have not had anymore redirects, extra tabs, or firefox launching issues so far! Thank you! Any other steps I should take?
  • 0

#12
Essexboy
Posted 09 January 2011 - 01:00 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Just these to do now ;)

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems

Now the best part of the day ----- Your log now appears clean :D

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done

Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 23.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u23-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u23-windows-i586-p.exe and select "Run as an Administrator.")


SPRING CLEAN

To manually create a new Restore Point

  • Go to Control Panel and select System and Maintenance
  • Select System
  • On the left select Advance System Settings and accept the warning if you get one
  • Select System Protection Tab
  • Select Create at the bottom
  • Type in a name i.e. Clean
  • Select Create

Now we can purge the infected ones

  • Go back to the System and Maintenance page
  • Select Performance Information and Tools
  • On the left select Open Disk Cleanup
  • Select Files from all users and accept the warning if you get one
  • In the drop down box select your main drive i.e. C
  • For a few moments the system will make some calculations
  • Select the More Options tab
  • In the System Restore and Shadow Backups select Clean up
  • Select Delete on the pop up
  • Select OK
  • Select Delete

Final stretch


Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe ;)
  • 0

#13
JC4k
Posted 10 January 2011 - 12:58 AM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Should I install jre-6u23-windows-i586-p.exe or jre-6u23-windows-x64.exe if I am using 64-bit Windows?
  • 0

#14
Essexboy
Posted 10 January 2011 - 04:52 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Use the x64 version as it is a more secure fit for your system
  • 0

#15
JC4k
Posted 10 January 2011 - 12:02 PM

JC4k

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for all your help Essexboy! System is clean, up to date and running smoothly!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP