Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with google-analytics redirect/trojan


  • This topic is locked This topic is locked
25 replies to this topic

#1 MVTZ

MVTZ

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 25 December 2010 - 05:28 AM

When browsing using google chrome, some websites will get redirected to advertisements. When it does this, one of the web addresses it filters through is something like www.google-analytics.com/... Recently some websites will fail to load and an error screen appears until I refresh the page a few times. Computer also has become sluggish in places it hadn't been before such as opening pictures in the windows picture viewer. I have tried removal programs such as spybot, SuperAntiSpyware Free Adition, and although they do find problems, its only a temporary fix and has not resolved the problem. Avast AntiVirus also has not detected anything. Thanks to anyone who can help.



DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by MTOMIN at 2:07:57.54 on Sat 12/25/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4061.2477 [GMT -8:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Users\MTOMIN\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\iTunes\iTunes.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\MTOMIN\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.jzip.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat

\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin

\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Google Update] "C:\Users\MTOMIN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\MTOMIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\MTOMIN

\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital

Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:

\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-20 52856]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-20 121936]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository

\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-9-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-1 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-20 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-20 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-2-5 742144]
R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-1-25 67616]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-7 317480]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers

\netw5v64.sys [2009-6-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11

282616]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2010-3-1 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2010-3-1 319840]
R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework

\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET

\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock

\DockLogin.exe [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService64.exe [2010-4-13 1038088]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-3-12 19544]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]

=============== Created Last 30 ================

2010-12-24 18:12:50 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{BD05C674-

1B2C-4A55-8797-91D38A764BC4}\mpengine.dll
2010-12-22 22:22:17 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup

\mpengine.dll
2010-12-22 08:18:06 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B11D0D59-

4C9E-4E57-9962-E598DDC71C20}\gapaengine.dll
2010-12-22 03:12:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2010-12-22 03:12:12 -------- d-----w- C:\Program Files\Microsoft Security Client
2010-12-22 03:11:53 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2010-12-21 21:15:32 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7D016436-558E-

4CD3-A1B1-D9EB7032E603}\mpengine.dll
2010-12-21 00:54:22 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-12-21 00:53:22 38848 ----a-w- C:\Windows\avastSS.scr
2010-12-21 00:53:18 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-14 20:23:15 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2010-12-03 08:14:33 -------- d-----w- C:\Users\MTOMIN\AppData\Local\MetaGeek,_LLC
2010-12-03 07:33:06 -------- d-----w- C:\Program Files\MetaGeek
2010-11-29 06:49:05 -------- d-----w- C:\Program Files (x86)\MSECache
2010-11-29 05:50:53 388096 ----a-r- C:\Users\MTOMIN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-

A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-29 05:50:53 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-11-27 03:32:52 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2010-11-27 03:32:52 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll
2010-09-28 23:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys
2010-09-28 23:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll

============= FINISH: 2:11:39.99 ===============


I did not run GMER because I am running Windows 7 64bit

Attached Files



BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 30 December 2010 - 04:45 PM

Hello and welcome. I apologize for the delay. If you no longer need help with this issue, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. I realize that you have already posted logs, but because of the time that has passed I'd like a fresh set.

Posted Image Please download DDS by sUBs from one of the following links and save it to your desktop.

DDS.scr
DDS.com
DDS.pif
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.
Please include the following in your next post:
  • DDS.txt and Attach.txt logs

Edited by RPMcMurphy, 30 December 2010 - 04:46 PM.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 30 December 2010 - 06:10 PM

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by MTOMIN at 15:05:18.66 on Thu 12/30/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4061.2507 [GMT -8:00]

AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\StikyNot.exe
C:\Users\MTOMIN\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\atibtmon.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\system32\DllHost.exe
C:\Users\MTOMIN\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://home.jzip.com
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Google Update] "C:\Users\MTOMIN\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\MTOMIN\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} - hxxps://support.dell.com/systemprofiler/SysProExe.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey

============= SERVICES / DRIVERS ===============

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-20 52856]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-12-20 121936]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-10-24 188928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2010-9-13 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-3-1 203264]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-12-20 20048]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-12-20 61008]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
R2 NACAgent;Cisco NAC Agent;C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-2-5 742144]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-11-26 1153368]
R2 Windows7FirewallService;Windows7FirewallService;C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe [2010-3-6 545792]
R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-1-25 67616]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-7 317480]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-10-24 40832]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;C:\Windows\System32\drivers\OA001Ufd.sys [2010-3-1 159840]
R3 OA001Vid;Creative Camera OA001 Function Driver;C:\Windows\System32\drivers\OA001Vid.sys [2010-3-1 319840]
R3 VSTWinDriver6;VSTWinDriver6;C:\Windows\System32\drivers\VSTwindrvr6.sys [2008-7-3 252928]
S1 SASDIFSV;SASDIFSV;C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys [2010-2-17 12872]
S1 SASKUTIL;SASKUTIL;C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-2-17 66632]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?]
S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-12-20 40384]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-4-13 1038088]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2010-10-24 72064]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-3-12 19544]
S3 SASENUM;SASENUM;C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-2-17 12872]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-2-28 1255736]

=============== Created Last 30 ================

2010-12-30 18:52:01 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{70F896F6-78E2-4AB0-A2E3-548E74944F8D}\mpengine.dll
2010-12-22 22:22:17 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-22 08:18:06 601424 ------w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B11D0D59-4C9E-4E57-9962-E598DDC71C20}\gapaengine.dll
2010-12-22 03:12:33 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2010-12-22 03:12:12 -------- d-----w- C:\Program Files\Microsoft Security Client
2010-12-22 03:11:53 374664 ----a-w- C:\Windows\System32\drivers\netio.sys
2010-12-21 21:15:32 8199504 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{7D016436-558E-4CD3-A1B1-D9EB7032E603}\mpengine.dll
2010-12-21 00:54:22 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2010-12-21 00:53:22 38848 ----a-w- C:\Windows\avastSS.scr
2010-12-21 00:53:18 -------- d-----w- C:\PROGRA~3\Alwil Software
2010-12-14 20:23:15 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2010-12-03 08:14:33 -------- d-----w- C:\Users\MTOMIN\AppData\Local\MetaGeek,_LLC
2010-12-03 07:33:06 -------- d-----w- C:\Program Files\MetaGeek

==================== Find3M ====================

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe
2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe
2010-10-27 05:06:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-27 04:32:36 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-25 05:25:38 72064 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
2010-10-25 05:25:38 40832 ----a-w- C:\Windows\System32\drivers\MpNWMon.sys
2010-10-25 05:25:38 188928 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll
2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys
2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe
2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll
2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll

============= FINISH: 15:08:50.29 ===============

Attached Files



#4 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 30 December 2010 - 07:16 PM

MVTZ:

Posted Image P2P - I see you have P2P software (uTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Please see this post for more information. I recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at BC are complete.

Posted Image Please download MBRCheck.exe to your desktop.
  • Be sure to disable your security programs
  • Double click on the file to run it (Vista and Windows 7 users will have to confirm the UAC prompt)
  • A small window should open on your desktop
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your deskop. Please post the contents of that file.
Please include the following in your next post:
  • MBRCheck log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#5 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 01 January 2011 - 09:31 PM

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Professional
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Dell Inc.
BIOS Manufacturer: Dell Inc.
System Manufacturer: Dell Inc.
System Product Name: Studio XPS 1640
Logical Drives Mask: 0x0000000c

Kernel Drivers (total 212):
0x02E01000 \SystemRoot\system32\ntoskrnl.exe
0x033DD000 \SystemRoot\system32\hal.dll
0x00B9A000 \SystemRoot\system32\kdcom.dll
0x00CE3000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00D27000 \SystemRoot\system32\PSHED.dll
0x00D3B000 \SystemRoot\system32\CLFS.SYS
0x00C00000 \SystemRoot\system32\CI.dll
0x00E59000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00EFD000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F0C000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F63000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F6C000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F76000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F83000 \SystemRoot\system32\DRIVERS\pci.sys
0x00FB6000 \SystemRoot\System32\drivers\partmgr.sys
0x00FCB000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FD4000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FE0000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x00D99000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E00000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E1A000 \SystemRoot\system32\DRIVERS\atapi.sys
0x00E23000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x00E4D000 \SystemRoot\system32\DRIVERS\msahci.sys
0x00CC0000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x00FF5000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x01020000 \SystemRoot\system32\drivers\fltmgr.sys
0x0106C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01080000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01249000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0108C000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x010EA000 \SystemRoot\System32\Drivers\cng.sys
0x0121A000 \SystemRoot\System32\drivers\pcw.sys
0x0122B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01412000 \SystemRoot\system32\drivers\ndis.sys
0x01504000 \SystemRoot\system32\drivers\NETIO.SYS
0x01564000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01602000 \SystemRoot\System32\drivers\tcpip.sys
0x0158F000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x015D9000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x0115D000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x015E9000 \SystemRoot\System32\Drivers\spldr.sys
0x011A9000 \SystemRoot\System32\drivers\rdyboost.sys
0x01400000 \SystemRoot\System32\Drivers\mup.sys
0x015F1000 \SystemRoot\System32\drivers\hwpolicy.sys
0x018E1000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0191B000 \SystemRoot\system32\DRIVERS\disk.sys
0x01931000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01999000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x019C3000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x019F4000 \SystemRoot\System32\Drivers\Null.SYS
0x01800000 \SystemRoot\System32\Drivers\Beep.SYS
0x01807000 \SystemRoot\System32\drivers\vga.sys
0x01815000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x0183A000 \SystemRoot\System32\drivers\watchdog.sys
0x0184A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x01853000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0185C000 \SystemRoot\system32\drivers\rdprefmp.sys
0x01865000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01870000 \SystemRoot\System32\Drivers\Npfs.SYS
0x01881000 \SystemRoot\system32\DRIVERS\tdx.sys
0x0189F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x018AC000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x02C8A000 \SystemRoot\system32\drivers\afd.sys
0x02D14000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x02D1E000 \SystemRoot\System32\DRIVERS\netbt.sys
0x02D63000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x02D6C000 \SystemRoot\system32\DRIVERS\pacer.sys
0x02D92000 \SystemRoot\system32\DRIVERS\netbios.sys
0x02DA1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x02DBC000 \SystemRoot\system32\DRIVERS\termdd.sys
0x02C00000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x02C51000 \SystemRoot\system32\drivers\nsiproxy.sys
0x02C5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x02C68000 \SystemRoot\System32\drivers\discache.sys
0x03A27000 \SystemRoot\system32\drivers\csc.sys
0x03AAA000 \SystemRoot\System32\Drivers\dfsc.sys
0x03AC8000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x03AD9000 \SystemRoot\System32\Drivers\aswSP.SYS
0x03AFC000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x03C58000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x0426F000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04363000 \SystemRoot\System32\drivers\dxgmms1.sys
0x043A9000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x043CD000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x043DA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x048B0000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x04800000 \SystemRoot\system32\DRIVERS\k57nd60a.sys
0x04851000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x0488F000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x03B22000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
0x03B38000 \SystemRoot\system32\DRIVERS\rimspx64.sys
0x03B4F000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
0x04E18000 \SystemRoot\system32\DRIVERS\itecir.sys
0x04E74000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x04E92000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04EA1000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x04EEC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x04EEE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x04EFD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04F0A000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x04F20000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x04F29000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x04F2E000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x04F3E000 \SystemRoot\System32\Drivers\RootMdm.sys
0x04F46000 \SystemRoot\system32\drivers\modem.sys
0x04F55000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x04F6B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x04F8F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04F9B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04FCA000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x03BA6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x04FE5000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x04E00000 \SystemRoot\system32\DRIVERS\RimSerial_AMD64.sys
0x04E08000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x04E13000 \SystemRoot\system32\DRIVERS\swenum.sys
0x0506B000 \SystemRoot\system32\DRIVERS\ks.sys
0x050AE000 \SystemRoot\system32\DRIVERS\circlass.sys
0x050C0000 \SystemRoot\system32\DRIVERS\umbus.sys
0x050D2000 \SystemRoot\system32\drivers\VSTwindrvr6.sys
0x05115000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0516F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x05184000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x051A4000 \SystemRoot\system32\drivers\portcls.sys
0x05000000 \SystemRoot\system32\drivers\drmk.sys
0x05022000 \SystemRoot\system32\drivers\ksthunk.sys
0x08EE7000 \SystemRoot\system32\DRIVERS\stwrt64.sys
0x08F66000 \SystemRoot\system32\DRIVERS\hidir.sys
0x08F77000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x08F90000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x08F99000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x08FA7000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x08FB4000 \SystemRoot\System32\drivers\Dxapi.sys
0x08FC0000 \SystemRoot\System32\Drivers\crashdmp.sys
0x08FCE000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x08FDA000 \SystemRoot\System32\Drivers\dump_msahci.sys
0x08FE5000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x08E00000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x08E1D000 \SystemRoot\system32\DRIVERS\OA001Vid.sys
0x08E6C000 \SystemRoot\system32\DRIVERS\OA001Ufd.sys
0x05028000 \SystemRoot\System32\Drivers\fastfat.SYS
0x00570000 \SystemRoot\System32\TSDDD.dll
0x03BC7000 \SystemRoot\system32\drivers\luafv.sys
0x022BE000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x022F8000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x02301000 \SystemRoot\system32\drivers\WudfPf.sys
0x00890000 \SystemRoot\System32\ATMFD.DLL
0x02322000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02337000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x0238A000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0239D000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02634000 \SystemRoot\system32\drivers\HTTP.sys
0x026FC000 \SystemRoot\system32\DRIVERS\bowser.sys
0x0271A000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02732000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x0275F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x027AD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x027D0000 \SystemRoot\System32\Drivers\adfs.SYS
0x02200000 \SystemRoot\system32\drivers\peauth.sys
0x027E8000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02600000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x022A6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02AA7000 \SystemRoot\System32\DRIVERS\srv2.sys
0x02B0E000 \SystemRoot\System32\DRIVERS\srv.sys
0x02A71000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x02A3A000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x02A8A000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x02BA4000 \SystemRoot\system32\DRIVERS\udfs.sys
0x00710000 \SystemRoot\System32\cdd.dll
0x02A2A000 \SystemRoot\system32\DRIVERS\monitor.sys
0x770A0000 \Windows\System32\ntdll.dll
0x48300000 \Windows\System32\smss.exe
0xFF3C0000 \Windows\System32\apisetschema.dll
0xFF600000 \Windows\System32\autochk.exe
0xFF150000 \Windows\System32\iertutil.dll
0xFF100000 \Windows\System32\ws2_32.dll
0xFF0E0000 \Windows\System32\imagehlp.dll
0xFEF00000 \Windows\System32\setupapi.dll
0xFEDD0000 \Windows\System32\rpcrt4.dll
0x77270000 \Windows\System32\psapi.dll
0x76F80000 \Windows\System32\kernel32.dll
0xFED80000 \Windows\System32\Wldap32.dll
0xFDFF0000 \Windows\System32\shell32.dll
0x76E80000 \Windows\System32\user32.dll
0x77260000 \Windows\System32\normaliz.dll
0xFDF50000 \Windows\System32\comdlg32.dll
0xFDF40000 \Windows\System32\lpk.dll
0xFDE10000 \Windows\System32\wininet.dll
0xFDD40000 \Windows\System32\usp10.dll
0xFDCC0000 \Windows\System32\difxapi.dll
0xFDBE0000 \Windows\System32\oleaut32.dll
0xFDA60000 \Windows\System32\urlmon.dll
0xFD9C0000 \Windows\System32\msvcrt.dll
0xFD9B0000 \Windows\System32\nsi.dll
0xFD910000 \Windows\System32\clbcatq.dll
0xFD8A0000 \Windows\System32\gdi32.dll
0xFD7C0000 \Windows\System32\advapi32.dll
0xFD740000 \Windows\System32\shlwapi.dll
0xFD710000 \Windows\System32\imm32.dll
0xFD600000 \Windows\System32\msctf.dll
0xFD3F0000 \Windows\System32\ole32.dll
0xFD3D0000 \Windows\System32\sechost.dll
0xFD390000 \Windows\System32\cfgmgr32.dll
0xFD220000 \Windows\System32\crypt32.dll
0xFD200000 \Windows\System32\devobj.dll
0xFD160000 \Windows\System32\comctl32.dll
0xFD120000 \Windows\System32\wintrust.dll
0xFD0B0000 \Windows\System32\KernelBase.dll
0xFD0A0000 \Windows\System32\msasn1.dll
0x758C0000 \Windows\SysWOW64\normaliz.dll

Processes (total 92):
0 System Idle Process
4 System
272 C:\Windows\System32\smss.exe
404 csrss.exe
476 C:\Windows\System32\wininit.exe
496 csrss.exe
536 C:\Windows\System32\services.exe
560 C:\Windows\System32\winlogon.exe
588 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
808 C:\Windows\System32\svchost.exe
908 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
952 C:\Windows\System32\atiesrxx.exe
108 C:\Windows\System32\svchost.exe
412 C:\Windows\System32\svchost.exe
468 C:\Windows\System32\svchost.exe
660 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe
1168 C:\Windows\System32\svchost.exe
1268 C:\Windows\System32\svchost.exe
1368 C:\Windows\System32\atieclxx.exe
1440 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1804 C:\Windows\System32\spoolsv.exe
1840 C:\Windows\System32\svchost.exe
1940 C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe
1968 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2040 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1088 C:\Windows\System32\svchost.exe
1216 C:\Windows\SysWOW64\svchost.exe
1496 C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
2516 C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe
2592 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
2296 C:\Windows\System32\svchost.exe
2080 C:\Windows\System32\svchost.exe
3728 C:\Program Files\Windows Media Player\wmpnetwk.exe
3772 C:\Windows\System32\SearchIndexer.exe
2696 C:\Windows\System32\taskhost.exe
3404 C:\Windows\System32\dwm.exe
3064 C:\Windows\explorer.exe
2108 C:\Program Files\Dell\QuickSet\quickset.exe
644 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
2776 WmiPrvSE.exe
3020 C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe
2980 C:\Program Files\IDT\WDM\sttray64.exe
2720 C:\Program Files\Microsoft Security Client\msseces.exe
2420 C:\Windows\System32\StikyNot.exe
2700 C:\Users\MTOMIN\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
388 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
1424 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3880 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
2724 C:\Users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe
3624 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3992 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
3132 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3948 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3036 C:\Program Files\iPod\bin\iPodService.exe
3664 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
3512 C:\Windows\System32\svchost.exe
4144 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
4224 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
4340 C:\Windows\System32\audiodg.exe
1328 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
512 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
6936 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
6056 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
3184 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5896 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
2496 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
6588 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
4528 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5136 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5888 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5768 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
2416 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
7236 C:\Windows\SysWOW64\ctfmon.exe
7888 C:\Program Files (x86)\iTunes\iTunes.exe
2348 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
8152 C:\Windows\System32\conhost.exe
6436 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
3032 C:\Windows\System32\conhost.exe
5736 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
6720 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5456 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
7248 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
6320 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
5800 C:\Users\MTOMIN\AppData\Local\Google\Chrome\Application\chrome.exe
8024 C:\Windows\System32\taskhost.exe
2796 C:\Windows\System32\svchost.exe
5828 C:\Windows\System32\svchost.exe
7260 C:\Users\MTOMIN\Desktop\MBRCheck.exe
5096 C:\Windows\System32\conhost.exe
8160 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`08c00000 (NTFS)

PhysicalDrive0 Model Number: WDCWD5000BEVT-75ZAT0, Rev: 01.01A01

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

#6 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 01 January 2011 - 11:06 PM

MVTZ:

Posted Image Download Combofix from either of the links below, and save it to your desktop.

Link 1
Link 2

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
--------------------------------------------------------------------

Double click on ComboFix.exe & follow the prompts.
  • If you have trouble, stop and post back. Do not try to repeatedly run comboFix!
  • When finished, it will produce a report for you.
.
Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#7 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2011 - 08:54 PM

At one point during the process I got a notification that PEV.cfxxe was unresponsive and would shut down.

ComboFix 11-01-02.02 - MTOMIN 01/02/2011 17:33:34.1.2 - x64
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.4061.2733 [GMT -8:00]
Running from: c:\users\MTOMIN\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 01:46 . 2011-01-03 01:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-02 20:23 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{8E0FA7F4-6858-420F-A80B-B82AA086ED2F}\mpengine.dll
2010-12-24 22:51 . 2010-12-24 22:51 -------- d-----w- c:\users\MTOMIN\AppData\Roaming\U3
2010-12-22 22:22 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2010-12-22 08:18 . 2010-12-22 08:17 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B11D0D59-4C9E-4E57-9962-E598DDC71C20}\gapaengine.dll
2010-12-22 03:12 . 2010-12-22 03:12 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2010-12-22 03:12 . 2010-12-22 03:12 -------- d-----w- c:\program files\Microsoft Security Client
2010-12-21 21:15 . 2010-11-10 05:35 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7D016436-558E-4CD3-A1B1-D9EB7032E603}\mpengine.dll
2010-12-21 00:53 . 2010-09-07 16:12 38848 ----a-w- c:\windows\avastSS.scr
2010-12-21 00:53 . 2010-09-07 16:11 167592 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-21 00:53 . 2010-12-21 00:53 -------- d-----w- c:\programdata\Alwil Software
2010-12-21 00:53 . 2010-12-21 00:53 -------- d-----w- c:\program files\Alwil Software
2010-12-14 20:23 . 2010-12-14 20:23 -------- d-----w- c:\program files (x86)\Common Files\HP

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 05:50 . 2010-11-29 05:50 388096 ----a-r- c:\users\MTOMIN\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\MTOMIN\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-03-01 135664]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-06 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-11-11 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

c:\users\MTOMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe [2010-2-25 21979992]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files (x86)\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files (x86)\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R1 SASDIFSV;SASDIFSV;c:\program files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [2010-02-17 66632]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-04-14 1038088]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 40832]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-25 72064]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 19544]
R3 SASENUM;SASENUM;c:\program files (x86)\SUPERAntiSpyware\SASENUM.SYS [2010-02-17 12872]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-01 1255736]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-01 834544]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-06-26 203264]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 NACAgent;Cisco NAC Agent;c:\program files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe [2010-02-06 742144]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Windows7FirewallService;Windows7FirewallService;c:\program files\Windows7FirewallControl\Windows7FirewallService.exe [2009-06-29 545792]
S3 itecir;ITECIR Infrared Receiver;c:\windows\system32\DRIVERS\itecir.sys [2010-01-25 67616]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-07 317480]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\DRIVERS\OA001Ufd.sys [2009-03-06 159840]
S3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\DRIVERS\OA001Vid.sys [2009-03-09 319840]
S3 VSTWinDriver6;VSTWinDriver6;c:\windows\system32\drivers\VSTwindrvr6.sys [2008-07-04 252928]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909662321-3128694333-4025140343-1000Core.job
- c:\users\MTOMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 19:29]

2011-01-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1909662321-3128694333-4025140343-1000UA.job
- c:\users\MTOMIN\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-01 19:29]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 97792 ----a-w- c:\users\MTOMIN\AppData\Roaming\Dropbox\bin\DropboxExt64.13.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2009-07-03 3180624]
"Windows7FirewallControl"="c:\program files\Windows7FirewallControl\Windows7FirewallControl.exe" [2009-06-29 1021440]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-21 487424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.jzip.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-02 17:52:54
ComboFix-quarantined-files.txt 2011-01-03 01:52

Pre-Run: 335,751,364,608 bytes free
Post-Run: 336,091,828,224 bytes free

- - End Of File - - F2CF7CB2B01B7C4C1CC3EA6754F4B404

#8 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 02 January 2011 - 09:44 PM

MVTZ:

Do you use a router? If so, what is the make and model (ie: Linksys WRT54G)?

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#9 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 02 January 2011 - 10:25 PM

I do use a router. Right now I am at home from college on winter break and am using a Dlink DGL-4300. When I am up at school I have a trendnet n router I just bought. I am unsure of the exact model though at the moment. The problems began while I was up at school meaning it was while I was using the trendnet router.

#10 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 03 January 2011 - 08:40 PM

MVTZ:

So you've had the same issue while on both routers, right? Please do this:

Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of the OTL.txt log into your next post.
Please include the following in your next post:
  • OTL.txt log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#11 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 04 January 2011 - 12:38 AM

Yes same problem on both routers. It even happens when I am on campus and using the school network.


OTL logfile created on: 1/3/2011 9:27:36 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\MTOMIN\Desktop
64bit- An unknown product (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

4.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 66.00% Memory free
8.00 Gb Paging File | 6.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.62 Gb Total Space | 312.90 Gb Free Space | 67.20% Space Free | Partition Type: NTFS

Computer Name: MTOMIN-PC | User Name: MTOMIN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found -- C:\Windows\SysWow64\atibtmon.exe
PRC - [2011/01/03 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MTOMIN\Desktop\OTL.exe
PRC - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/10/15 00:48:49 | 000,134,808 | ---- | M] (Google Inc.) -- C:\Users\MTOMIN\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
PRC - [2010/09/07 08:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/02/05 16:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe


========== Modules (SafeList) ==========

MOD - [2011/01/03 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MTOMIN\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV:64bit: - [2010/11/11 14:36:38 | 000,282,616 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2010/11/11 14:36:38 | 000,012,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010/09/07 08:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010/04/13 23:40:55 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV:64bit: - [2010/01/21 03:10:00 | 000,244,736 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 17:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/06/29 15:43:12 | 000,545,792 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Program Files\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV:64bit: - [2009/06/25 18:48:28 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/03/03 01:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_0057cbec48a2d7cf\AESTSr64.exe -- (AESTFilters)
SRV - [2010/11/09 20:04:19 | 000,403,240 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/10/16 00:40:40 | 000,037,664 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/04/13 23:40:49 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/05 16:28:26 | 000,742,144 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco NAC Agent\NACAgent.exe -- (NACAgent)
SRV - [2009/09/20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/10/24 21:25:38 | 000,072,064 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2010/09/28 15:44:52 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/09/07 07:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010/03/01 13:55:04 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010/01/25 02:48:40 | 000,067,616 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\itecir.sys -- (itecir)
DRV:64bit: - [2010/01/21 03:10:00 | 000,505,856 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009/10/22 14:10:30 | 000,069,320 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2009/10/22 14:09:12 | 000,084,808 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2009/09/28 02:02:38 | 000,019,544 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\PeerBlock\pbfilter.sys -- (pbfilter)
DRV:64bit: - [2009/08/24 11:20:22 | 000,285,744 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009/07/13 17:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/13 17:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 17:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 16:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
DRV:64bit: - [2009/07/13 15:31:10 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2009/06/25 19:24:30 | 006,036,480 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009/06/25 17:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
DRV:64bit: - [2009/06/25 16:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
DRV:64bit: - [2009/06/25 16:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
DRV:64bit: - [2009/06/10 12:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 12:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel®
DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/07 00:36:46 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink ™
DRV:64bit: - [2009/06/05 05:20:26 | 000,114,192 | ---- | M] (ATI Research Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/03/09 01:06:00 | 000,319,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Vid.sys -- (OA001Vid)
DRV:64bit: - [2009/03/06 15:33:58 | 000,159,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\OA001Ufd.sys -- (OA001Ufd)
DRV:64bit: - [2009/01/09 14:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
DRV:64bit: - [2008/07/03 23:49:26 | 000,252,928 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VSTwindrvr6.sys -- (VSTWinDriver6)
DRV:64bit: - [2008/05/20 18:33:36 | 000,028,416 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV:64bit: - [2007/05/01 02:00:00 | 000,052,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010/02/17 10:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2010/02/17 10:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 10:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/14 06:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.jzip.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 5D 8E E9 67 00 B9 CA 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: calendar-timezones@mozilla.org:1.2009p
FF - prefs.js..extensions.enabledItems: {e2fda1a4-762b-4020-b5ad-a41df1933103}:1.0b1

FF - HKLM\software\mozilla\Mozilla Sunbird 1.0b1\extensions\\Components: C:\Program Files (x86)\Mozilla Sunbird\components [2010/10/10 23:28:13 | 000,000,000 | ---D | M]

[2010/07/11 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MTOMIN\AppData\Roaming\Mozilla\Extensions
[2010/03/18 16:48:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MTOMIN\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/07/11 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MTOMIN\AppData\Roaming\Mozilla\Extensions\{718e30fb-e89b-41dd-9da7-e25a45638b28}
[2010/07/11 23:15:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MTOMIN\AppData\Roaming\Mozilla\Sunbird\Profiles\z5dj402s.default\extensions
[2010/06/24 22:49:38 | 000,000,000 | ---D | M] (Lightning stub extension for Sunbird) -- C:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\{E2FDA1A4-762B-4020-B5AD-A41DF1933103}
[2010/06/24 22:49:38 | 000,000,000 | ---D | M] (Timezone Definitions for Mozilla Calendar) -- C:\PROGRAM FILES (X86)\MOZILLA SUNBIRD\EXTENSIONS\CALENDAR-TIMEZONES@MOZILLA.ORG

O1 HOSTS File: ([2009/06/10 13:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Program Files\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\MTOMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MTOMIN\AppData\Roaming\Dropbox\bin\Dropbox.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll - C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/01/03 21:23:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MTOMIN\Desktop\OTL.exe
[2011/01/02 21:48:30 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/02 21:39:48 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\new years okay
[2011/01/02 17:31:00 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/02 17:31:00 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/02 17:31:00 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/02 17:30:50 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/02 17:29:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/02 17:29:08 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/01 15:36:23 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\new years
[2010/12/29 19:06:14 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Massive Attack - Heligoland
[2010/12/29 15:19:01 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Resident Evil Afterlife
[2010/12/29 15:15:30 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\The American
[2010/12/25 02:01:42 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Mac Dre All Albums
[2010/12/25 02:00:59 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Daybreakers
[2010/12/25 01:46:16 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Brad Sucks - Out of It
[2010/12/25 01:46:08 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\Andre Nickatina
[2010/12/24 14:51:23 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\AppData\Roaming\U3
[2010/12/23 02:48:36 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Desktop\New Stuff
[2010/12/21 19:12:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Security Client
[2010/12/21 19:12:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/20 16:54:32 | 000,020,048 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2010/12/20 16:54:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2010/12/20 16:54:31 | 000,121,936 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2010/12/20 16:54:29 | 000,028,752 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2010/12/20 16:54:26 | 000,051,280 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2010/12/20 16:54:22 | 000,061,008 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2010/12/20 16:53:22 | 000,167,592 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2010/12/20 16:53:22 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2010/12/20 16:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2010/12/20 16:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2010/12/14 12:36:59 | 000,000,000 | ---D | C] -- C:\Users\MTOMIN\Documents\My Scans
[2010/12/14 12:25:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2010/12/14 12:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2010/12/07 18:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO

========== Files - Modified Within 30 Days ==========

[2011/01/03 21:23:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MTOMIN\Desktop\OTL.exe
[2011/01/03 21:09:30 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1909662321-3128694333-4025140343-1000UA.job
[2011/01/03 21:09:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/03 01:53:01 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1909662321-3128694333-4025140343-1000Core.job
[2011/01/02 17:22:04 | 000,050,210 | ---- | M] () -- C:\Users\MTOMIN\Desktop\166877_1594523456455_1036980109_2715293_6212390_n.jpg
[2011/01/02 17:20:59 | 000,051,604 | ---- | M] () -- C:\Users\MTOMIN\Desktop\166858_1594520296376_1036980109_2715274_6619455_n.jpg
[2011/01/02 13:07:55 | 004,012,504 | R--- | M] () -- C:\Users\MTOMIN\Desktop\ComboFix.exe
[2011/01/02 12:27:21 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/02 12:27:21 | 000,014,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/01 21:51:29 | 015,296,304 | ---- | M] () -- C:\Users\MTOMIN\Desktop\02-nero-this_way-xtc.mp3
[2011/01/01 19:27:44 | 000,729,688 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011/01/01 19:27:44 | 000,626,278 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011/01/01 19:27:44 | 000,107,522 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011/01/01 19:22:15 | 3193,585,664 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/01 18:27:59 | 000,080,384 | ---- | M] () -- C:\Users\MTOMIN\Desktop\MBRCheck.exe
[2011/01/01 15:41:47 | 002,883,406 | ---- | M] () -- C:\Users\MTOMIN\Desktop\IMG_3554.JPG
[2010/12/30 10:52:47 | 012,997,213 | ---- | M] () -- C:\Users\MTOMIN\Desktop\Blue Scholars - The Internetz.zip
[2010/12/25 01:19:12 | 002,933,952 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2010/12/25 01:10:47 | 000,000,020 | ---- | M] () -- C:\Users\MTOMIN\defogger_reenable
[2010/12/21 19:12:50 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2010/12/21 19:12:37 | 000,743,534 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 16:54:22 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2010/12/19 12:05:25 | 000,025,088 | ---- | M] () -- C:\Users\MTOMIN\Documents\letter to professor.doc
[2010/12/14 12:28:27 | 000,221,392 | ---- | M] () -- C:\Windows\hpoins19.dat
[2010/12/14 12:24:23 | 000,002,099 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

========== Files Created - No Company Name ==========

[2011/01/02 21:37:46 | 002,883,406 | ---- | C] () -- C:\Users\MTOMIN\Desktop\IMG_3554.JPG
[2011/01/02 17:31:00 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/02 17:31:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/02 17:31:00 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/02 17:31:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/02 17:31:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/02 17:22:07 | 000,050,210 | ---- | C] () -- C:\Users\MTOMIN\Desktop\166877_1594523456455_1036980109_2715293_6212390_n.jpg
[2011/01/02 17:21:02 | 000,051,604 | ---- | C] () -- C:\Users\MTOMIN\Desktop\166858_1594520296376_1036980109_2715274_6619455_n.jpg
[2011/01/02 13:07:44 | 004,012,504 | R--- | C] () -- C:\Users\MTOMIN\Desktop\ComboFix.exe
[2011/01/01 21:51:04 | 015,296,304 | ---- | C] () -- C:\Users\MTOMIN\Desktop\02-nero-this_way-xtc.mp3
[2011/01/01 18:27:57 | 000,080,384 | ---- | C] () -- C:\Users\MTOMIN\Desktop\MBRCheck.exe
[2010/12/30 10:52:30 | 012,997,213 | ---- | C] () -- C:\Users\MTOMIN\Desktop\Blue Scholars - The Internetz.zip
[2010/12/25 01:10:45 | 000,000,020 | ---- | C] () -- C:\Users\MTOMIN\defogger_reenable
[2010/12/21 19:12:50 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2010/12/21 19:12:37 | 000,743,534 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/12/20 16:54:22 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2010/12/18 23:18:25 | 000,025,088 | ---- | C] () -- C:\Users\MTOMIN\Documents\letter to professor.doc
[2010/12/14 12:24:23 | 000,002,099 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2010/12/14 12:20:06 | 000,221,392 | ---- | C] () -- C:\Windows\hpoins19.dat
[2010/12/14 12:20:06 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2010/08/25 15:00:32 | 000,000,033 | ---- | C] () -- C:\ProgramData\{081230F8-EA50-42A9-983C-D22ABC2EED3B}.ini
[2010/08/24 23:40:40 | 000,010,118 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2010/03/25 00:32:26 | 000,001,074 | ---- | C] () -- C:\ProgramData\ss.ini
[2010/03/03 19:23:37 | 000,076,407 | ---- | C] () -- C:\Users\MTOMIN\AppData\Roaming\Smiley.ico
[2010/03/01 14:04:12 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== LOP Check ==========

[2010/03/01 00:09:39 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\CiscoCAA
[2010/03/01 20:45:34 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\DAEMON Tools Lite
[2011/01/01 19:22:58 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\Dropbox
[2010/10/17 16:52:42 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\FrostWire
[2010/03/01 12:22:04 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\HorizonWimba
[2010/05/19 12:47:46 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\IM
[2010/03/20 12:57:55 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\Research In Motion
[2010/03/18 16:48:05 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\Thunderbird
[2011/01/01 18:27:40 | 000,000,000 | ---D | M] -- C:\Users\MTOMIN\AppData\Roaming\uTorrent
[2009/07/13 21:08:49 | 000,015,650 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

Edited by MVTZ, 04 January 2011 - 12:41 AM.


#12 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 04 January 2011 - 02:53 AM

Also when browsing the internet in the last week, avast pops up notifications every now and then that it has blocked a trojan horse.

Here is the most recent one.

Avast! Web Shield has blocked a harmful webpage or file.
object: ...://serw.clicksor.com/newServing/showbanner.php?nid=1&t4270
Infection: HTML:RedirME-inf[Trj]
Action: Connection Aborted
Process: C:\Users\MTOMIN\AppData\Local\Google\Chrome...\chrome.exe


This happens when I am visiting sites such as facebook or pinkbike.

#13 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 05 January 2011 - 01:09 AM

MVTZ:

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :OTL
    PRC - File not found -- C:\Windows\SysWow64\atibtmon.exe
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
    O18:64bit: - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28:64bit: - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [EmptyFlash]
    [EmptyTemp]
    [Purity]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Posted Image Download Flush Flash Cookies by Bobbi Flekman.
  • Select the Windows version and save flushflash.exe to your Desktop.
  • Double-click flushflash.exe to run it.
  • Select Everything but Site settings.
  • Click Make it so!.
  • When the "Killed off all Flash cookies" window opens, click OK.
  • Close Flush Flash Cookie
Posted Image Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full Scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Uncheck any entries from C:\System Volume Information or C:\Qoobox
  • Be sure that everything else is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post the results.
Please include the following in your next post:
  • OTL Fix log
  • MBAM log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#14 MVTZ

MVTZ
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:02:21 AM

Posted 07 January 2011 - 09:41 PM

I tried to run the fix on OTL but the program failed. It wouldn't be able to find c:\windows\syswow4\atibtmon.exe and then it would freeze up.

The other two ran fine.
Heres the log.


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5481

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/7/2011 6:14:30 PM
mbam-log-2011-01-07 (18-14-30).txt

Scan type: Full scan (C:\|)
Objects scanned: 328381
Time elapsed: 1 hour(s), 21 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

The redirects have been getting worse. More and more pages I open in chrome will cause a new tab to open with a redirected site.

Would it be easier to just wipe the drive? I have everything backed up on an external drive. My only problem is that I upgrade my OS using a MSDN license that we were given at school. I still have the installation DVD but have lost the paper with my serial key on it. Know of any reliable software to pull the serial key out of my registry?

#15 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:21 AM

Posted 07 January 2011 - 09:55 PM

MVTZ:

I'd never discourage anyone with an infection from doing a reinstall of Windows, but try this first:

Posted Image Download TDSSKiller.zip and extract TDSSKiller.exe to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found then ensure Cure is selected. Important - If there is no option to "Cure" it is critical that you select "Skip"
  • Then click Continue > Reboot now
  • Once complete, a log will be produced in c:\. It will be named for example, TDSSKiller.2.4.0.0_24.07.2010_13.10.52_log.txt
  • Attach that log, please.
Please include the following in your next post:
  • TDSSKiller log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users