Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google redirect, not TDSS [Solved]


  • This topic is locked This topic is locked

#16
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Looking good. How is your system now? Redirects?
  • 0

Advertisements


#17
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
firefox no longer has any, but google chrome as redirects and video ads over youtube videos that arent by google, and extra video ads that play during videos ect... but firefox and IE are good so im thinking its chrome.
  • 0

#18
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Step 1

Download the adwCleaner

  • Run the Tool
    (Windows Vista and Windows 7 users: right click in the adwCleaner.exe and select the Run as Administrator option)
  • Select the Delete button.
  • When the scan completes, it will open a notepad windows.
  • Please, copy the content of this file in your next reply.

Step 2

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

Step 3

Please don't forget to include these items in your reply:

  • adwCleaner log
  • New OTL scan log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#19
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
# AdwCleaner v2.005 - Logfile created 10/16/2012 at 08:34:20
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Trudy - WAFFLES
# Boot Mode : Normal
# Running from : C:\Users\Trudy\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Folder Deleted : C:\Program Files (x86)\Giant Savings
Folder Deleted : C:\Users\Trudy\AppData\Local\Giant Savings
Folder Deleted : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndkhncnongaclekkbelchmeafffimifj

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\Giant Savings
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442279}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33333333-3333-3333-3333-330033443379}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445579}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446679}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077447779}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.avg.com/?cid={510D57D2-3C73-4530-A60B-D3862402A4CC}&mid=e24644eef4c847d0a4326de783e749dd-f8018c7003de28c623bff265b4fc95014cc9c77e&lang=en&ds=ft011&pr=sa&d=2012-06-30 09:44:41&v=11.1.0.12&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0 (en-US)

Profile name : default
File : C:\Users\Trudy\AppData\Roaming\Mozilla\Firefox\Profiles\k252trzg.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [3664 octets] - [16/10/2012 08:34:20]

########## EOF - C:\AdwCleaner[S1].txt - [3724 octets] ##########
  • 0

#20
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
OTL logfile created on: 10/16/2012 8:37:34 AM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Trudy\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.85 Gb Available Physical Memory | 82.16% Memory free
23.98 Gb Paging File | 21.77 Gb Available in Paging File | 90.76% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 925.16 Gb Total Space | 741.78 Gb Free Space | 80.18% Space Free | Partition Type: NTFS
Drive D: | 196.82 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: WAFFLES | User Name: Trudy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
PRC - [2012/10/10 06:06:17 | 001,239,064 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012/10/04 00:57:42 | 000,529,744 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012/09/22 16:34:24 | 001,677,144 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
PRC - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
PRC - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/09/07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/08/10 19:00:12 | 004,440,896 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Trudy\AppData\Local\Akamai\netsession_win.exe
PRC - [2012/08/04 18:36:48 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) -- C:\Program Files (x86)\Skype\Updater\Updater.exe
PRC - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010/03/03 21:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
PRC - [2010/01/22 13:29:40 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe


========== Modules (No Company Name) ==========

MOD - [2012/10/10 06:06:15 | 000,460,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppgooglenaclpluginchrome.dll
MOD - [2012/10/10 06:06:12 | 004,005,912 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
MOD - [2012/10/10 06:04:57 | 000,578,072 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libglesv2.dll
MOD - [2012/10/10 06:04:55 | 000,123,928 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\libegl.dll
MOD - [2012/10/10 06:04:44 | 000,156,712 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avutil-51.dll
MOD - [2012/10/10 06:04:43 | 000,275,496 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avformat-54.dll
MOD - [2012/10/10 06:04:42 | 002,168,360 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\avcodec-54.dll
MOD - [2012/10/04 00:57:39 | 020,317,008 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012/10/04 00:57:36 | 000,902,480 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
MOD - [2012/10/04 00:57:33 | 000,123,232 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012/10/04 00:57:31 | 000,190,816 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012/10/04 00:57:29 | 001,099,616 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012/09/07 06:13:05 | 000,771,584 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0c00b1a8336dd4c1bd1ebce7780f20b4\System.Runtime.Remoting.ni.dll
MOD - [2012/09/07 06:13:03 | 000,452,608 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\73baa23d28d21c7c01e334211330a84e\IAStorUtil.ni.dll
MOD - [2012/09/07 06:13:01 | 012,433,920 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\009c50fb69919b90fb233cb4c35d0ad7\System.Windows.Forms.ni.dll
MOD - [2012/09/07 06:12:56 | 001,591,808 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ebefde27b0ef7f39bb49c493b34a602c\System.Drawing.ni.dll
MOD - [2012/09/07 06:12:51 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5c85c9c42e1b8a8760de82ecb4c7d582\System.Xml.ni.dll
MOD - [2012/09/07 06:12:48 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cb079eab134fd1a752ad91db13274110\System.Configuration.ni.dll
MOD - [2012/09/07 06:12:47 | 007,952,384 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\2ebb3c259eab50af565e3a8dba6ad20e\System.ni.dll
MOD - [2012/09/07 06:12:43 | 011,490,816 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\5858678a79aae31262b0214424245d06\mscorlib.ni.dll
MOD - [2012/08/21 18:18:44 | 000,557,056 | ---- | M] () -- C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
MOD - [2012/05/28 16:43:22 | 000,520,464 | ---- | M] () -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\39624\RapportMS.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/09/12 21:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/09/12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/10/09 06:03:03 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/10/05 22:15:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/10/04 00:57:42 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/09/22 16:34:24 | 000,976,728 | ---- | M] (Trusteer Ltd.) [Auto | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe -- (RapportMgmtService)
SRV - [2012/09/07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 16:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/07/12 15:16:55 | 000,008,704 | ---- | M] (Hi-Rez Studios) [Auto | Running] -- C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe -- (HiPatchService)
SRV - [2011/07/17 12:04:00 | 004,390,376 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/16 12:46:40 | 000,369,256 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/03 21:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RapportKE64.sys -- (RapportKE64)
DRV:64bit: - [2012/09/07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/08/30 22:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/11/14 13:44:33 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/10 17:40:58 | 000,023,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nuidfltr.sys -- (NuidFltr)
DRV:64bit: - [2011/08/01 16:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011/07/28 19:37:10 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011/07/13 04:22:10 | 000,077,352 | ---- | M] (Eugene V. Muzychenko) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vrtaucbl.sys -- (EuMusDesignVirtualAudioCableWdm)
DRV:64bit: - [2011/03/11 02:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/07 16:08:55 | 000,155,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/07/29 14:36:42 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2010/03/03 20:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/01 12:30:54 | 000,622,624 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl819xp.sys -- (rtl819xpn64)
DRV:64bit: - [2010/01/22 13:22:22 | 000,180,224 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010/01/22 13:22:18 | 000,077,824 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009/09/28 03:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/24 06:52:30 | 000,215,040 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008/08/07 19:49:44 | 000,556,544 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rtl8190p.sys -- (rtl8190pn64)
DRV:64bit: - [2008/05/06 17:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV - [2012/09/22 16:34:44 | 000,055,096 | ---- | M] (Trusteer Ltd.) [Kernel | System | Running] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys -- (RapportEI64)
DRV - [2012/09/22 16:34:42 | 000,297,240 | ---- | M] (Trusteer Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys -- (RapportPG64)
DRV - [2012/08/15 03:21:57 | 000,397,720 | ---- | M] () [Kernel | System | Running] -- C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_42020.sys -- (RapportCerberus_42020)
DRV - [2012/02/02 18:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.maingear.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A9 36 DC DC A7 45 CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/09 21:59:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/07 01:21:23 | 000,000,000 | ---D | M]

[2012/10/09 22:00:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Trudy\AppData\Roaming\Mozilla\Extensions
[2012/10/09 21:59:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/07 01:21:22 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/10/05 22:15:51 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/10/05 22:15:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/10/05 22:15:12 | 000,002,058 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.94\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Trudy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/10/13 13:48:31 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] c:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Trudy\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B7974F00-B76C-4A3A-97AC-F87E3D1DF6FB}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/01/16 17:11:56 | 000,000,027 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/10/15 21:20:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/15 12:19:55 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/10/15 07:59:29 | 000,208,216 | ---- | C] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\95991096.sys
[2012/10/13 20:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/10/13 20:53:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012/10/13 13:22:48 | 000,000,000 | ---D | C] -- C:\Warcraft III
[2012/10/12 02:50:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2012/10/11 21:05:42 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/10/11 20:50:55 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Trudy\Desktop\TDSSKiller.exe
[2012/10/11 20:35:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/10/11 20:35:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/10/11 20:35:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/10/11 20:35:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/11 20:35:00 | 000,000,000 | ---D | C] -- C:\windows\erdnt
[2012/10/11 20:34:33 | 004,766,830 | R--- | C] (Swearware) -- C:\Users\Trudy\Desktop\ComboFix.exe
[2012/10/11 04:59:02 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/10/11 04:18:20 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 03:38:54 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/10/11 03:28:49 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/10/09 22:00:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/10/08 06:42:37 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2012/10/08 06:42:27 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2012/10/08 06:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SIX Networks
[2012/10/08 06:42:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SIX Networks
[2012/10/08 06:40:11 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\Downloaded Installations
[2012/10/06 20:01:26 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\DayZCommander
[2012/10/06 20:01:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Dotjosh Studios
[2012/10/06 19:34:46 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 OA
[2012/10/06 04:27:12 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2 Other Profiles
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\ArmA 2 Free
[2012/10/06 04:11:22 | 000,000,000 | ---D | C] -- C:\Users\Trudy\Documents\ArmA 2
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:10:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bohemia Interactive
[2012/10/06 04:08:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bohemia Interactive
[2012/10/06 03:19:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StarCraft II
[2012/09/28 20:27:15 | 000,000,000 | ---D | C] -- C:\Users\Trudy\AppData\Local\GQWeb
[2012/09/28 20:15:20 | 000,000,000 | ---D | C] -- C:\Edline

========== Files - Modified Within 30 Days ==========

[2012/10/16 08:36:08 | 000,000,892 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/16 08:35:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/10/16 08:35:35 | 1066,725,374 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/16 08:33:08 | 000,538,941 | ---- | M] () -- C:\Users\Trudy\Desktop\adwcleaner.exe
[2012/10/16 08:02:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/10/16 07:58:00 | 000,000,896 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/15 07:59:29 | 000,208,216 | ---- | M] (Kaspersky Lab, GERT) -- C:\windows\SysNative\drivers\95991096.sys
[2012/10/14 07:33:39 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/14 07:33:39 | 000,020,128 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/13 20:53:43 | 000,002,221 | ---- | M] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk
[2012/10/13 13:48:31 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts
[2012/10/13 13:07:27 | 000,779,306 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/10/13 13:07:27 | 000,660,296 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/10/13 13:07:27 | 000,121,224 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/10/12 17:27:22 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Trudy\Desktop\TDSSKiller.exe
[2012/10/12 02:50:24 | 000,001,013 | ---- | M] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk
[2012/10/12 02:49:04 | 139,533,768 | ---- | M] () -- C:\Users\Trudy\Desktop\setup_11.0.0.1245.x01_2012_10_12_05_14.exe
[2012/10/12 02:24:45 | 000,001,296 | ---- | M] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/11 20:34:49 | 004,766,830 | R--- | M] (Swearware) -- C:\Users\Trudy\Desktop\ComboFix.exe
[2012/10/11 12:09:29 | 000,001,558 | ---- | M] () -- C:\Users\Trudy\Desktop\mbam.exe - Shortcut.lnk
[2012/10/11 11:42:49 | 000,302,592 | ---- | M] () -- C:\Users\Trudy\Desktop\0r3tz9wr.exe
[2012/10/11 04:18:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Trudy\Desktop\OTL.exe
[2012/10/11 03:28:44 | 721,981,385 | ---- | M] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | M] () -- C:\windows\SysNative\MRT.INI
[2012/10/10 21:39:33 | 000,001,099 | ---- | M] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | M] () -- C:\extensions.sqlite
[2012/10/06 18:17:09 | 000,000,221 | ---- | M] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 03:26:47 | 000,001,108 | ---- | M] () -- C:\Users\Public\Desktop\StarCraft II.lnk
[2012/10/02 03:00:55 | 000,001,945 | ---- | M] () -- C:\windows\epplauncher.mif
[2012/09/29 13:36:08 | 000,233,901 | ---- | M] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/09/26 22:45:55 | 000,000,033 | ---- | M] () -- C:\windows\GunzLauncher.INI
[2012/09/22 16:34:44 | 000,101,688 | ---- | M] (Trusteer Ltd.) -- C:\windows\SysNative\drivers\RapportKE64.sys

========== Files Created - No Company Name ==========

[2012/10/16 08:33:00 | 000,538,941 | ---- | C] () -- C:\Users\Trudy\Desktop\adwcleaner.exe
[2012/10/13 20:53:43 | 000,002,221 | ---- | C] () -- C:\Users\Trudy\Desktop\Google Chrome.lnk
[2012/10/13 20:53:10 | 000,000,896 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/10/13 20:53:10 | 000,000,892 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/12 02:50:24 | 000,001,013 | ---- | C] () -- C:\Users\Trudy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_48682769.lnk
[2012/10/12 02:47:11 | 139,533,768 | ---- | C] () -- C:\Users\Trudy\Desktop\setup_11.0.0.1245.x01_2012_10_12_05_14.exe
[2012/10/12 02:24:45 | 000,001,296 | ---- | C] () -- C:\Users\Public\Desktop\DayZ Commander.lnk
[2012/10/11 20:35:43 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/10/11 20:35:43 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/10/11 20:35:43 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/10/11 20:35:43 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/10/11 20:35:43 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/10/11 12:09:29 | 000,001,558 | ---- | C] () -- C:\Users\Trudy\Desktop\mbam.exe - Shortcut.lnk
[2012/10/11 11:42:48 | 000,302,592 | ---- | C] () -- C:\Users\Trudy\Desktop\0r3tz9wr.exe
[2012/10/11 03:28:44 | 721,981,385 | ---- | C] () -- C:\windows\MEMORY.DMP
[2012/10/11 03:04:27 | 000,000,129 | ---- | C] () -- C:\windows\SysNative\MRT.INI
[2012/10/10 21:39:33 | 000,001,099 | ---- | C] () -- C:\Users\Trudy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/10/09 22:00:08 | 000,001,125 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/10/09 22:00:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/10/09 21:59:30 | 000,000,000 | ---- | C] () -- C:\extensions.sqlite
[2012/10/06 18:17:09 | 000,000,221 | ---- | C] () -- C:\Users\Trudy\Desktop\ARMA 2 Operation Arrowhead.url
[2012/10/06 04:05:57 | 1023,856,640 | ---- | C] () -- C:\Users\Trudy\Documents\ARMA2Free_setup.exe
[2012/09/29 13:36:08 | 000,233,901 | ---- | C] () -- C:\Users\Trudy\Desktop\house.jpg
[2012/08/21 00:07:26 | 000,007,597 | ---- | C] () -- C:\Users\Trudy\AppData\Local\Resmon.ResmonCfg
[2012/08/09 13:43:20 | 000,000,033 | ---- | C] () -- C:\windows\GunzLauncher.INI
[2012/02/07 22:27:10 | 000,000,204 | ---- | C] () -- C:\Users\Trudy\.packettracer
[2011/10/23 05:01:52 | 000,000,262 | ---- | C] () -- C:\windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
[2011/09/28 17:44:14 | 000,179,271 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat
[2011/06/03 21:59:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/06/02 19:02:43 | 000,107,229 | ---- | C] () -- C:\Users\Trudy\TaskList-trunk-bin.tgz
[2011/06/02 19:02:28 | 000,030,194 | ---- | C] () -- C:\Users\Trudy\DirtyGutter-trunk-bin.tgz
[2011/06/02 19:02:16 | 000,027,513 | ---- | C] () -- C:\Users\Trudy\BufferTabs-trunk-bin.tgz
[2011/06/02 19:01:56 | 000,632,209 | ---- | C] () -- C:\Users\Trudy\ProjectViewer-trunk-bin.tgz
[2010/12/22 15:19:42 | 000,776,466 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2010/12/14 00:32:42 | 000,003,972 | ---- | C] () -- C:\windows\SysWow64\drivers\PciBus.sys

========== ZeroAccess Check ==========

[2009/07/14 00:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 01:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 00:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 21:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/13 21:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 21:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2011/02/28 07:48:29 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\.minecraft
[2012/03/15 14:58:04 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\DAEMON Tools Lite
[2011/12/13 11:07:10 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\ijjigame
[2011/12/17 17:37:55 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Kalypso Media
[2011/05/06 12:43:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\LolClient
[2012/01/14 02:52:47 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Mumble
[2012/09/06 03:55:08 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Notepad++
[2012/10/08 06:43:21 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Play withSIX
[2011/01/14 17:51:31 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Publish Providers
[2012/07/22 13:25:49 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\runic games
[2012/10/08 06:42:37 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\six-zsync
[2011/12/13 01:42:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Sony
[2012/01/24 00:47:35 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\SplitMediaLabs
[2012/03/13 18:35:43 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Tropico 4
[2011/04/18 11:17:26 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\Trusteer
[2012/08/23 23:11:18 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\TS3Client
[2012/10/13 13:39:06 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\uTorrent
[2012/01/07 22:38:45 | 000,000,000 | ---D | M] -- C:\Users\Trudy\AppData\Roaming\W Photo Studio Viewer

========== Purity Check ==========



< End of report >
  • 0

#21
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Please tell me how is your Chrome now. From what I see it should be fine...
  • 0

#22
yumito

yumito

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
things are looking good as of now, no redirects to extra ads ect..
  • 0

#23
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Glad to hear that. It was add-on that caused problems with Chrome.

Your logs and system are clean now. I'm glad we fix up your computer.

Step 1

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [clearallrestorepoints]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
Step 2

We need to clean up your PC from programs we used.

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end.

In case that any of the software we used in this fix still remains on your system please delete it manually (Right click on it and select Delete).

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Something to read

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?

2. Make Backups of Important Files

Please read this article Home Computer Data Backup.

3. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#24
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP