sneak14
-
Posts
23 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by sneak14
-
Flash not wotking properly in firefox
sneak14 replied to sneak14's topic in Resolved Malware Removal Logs
thanks, I'll start a new topic there -
Flash not wotking properly in firefox
sneak14 replied to sneak14's topic in Resolved Malware Removal Logs
Malwarebytes' Anti-Malware 1.50 www.malwarebytes.org Database version: 5325 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 12/15/2010 10:52:32 PM mbam-log-2010-12-15 (22-52-32).txt Scan type: Quick scan Objects scanned: 152739 Time elapsed: 8 minute(s), 40 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Dan at 23:06:25.19 on Wed 12/15/2010 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.2495 [GMT -7:00] AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0} SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\PROGRA~2\AVG\AVG10\avgchsva.exe C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Windows\system32\conhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Windows\System32\StikyNot.exe C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Windows\system32\conhost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\PROGRA~2\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Dan\Desktop\dds.com C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] RAVCpl64.exe mRun-x64: [skytel] Skytel.exe mRun-x64: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - pitchfork.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: StumbleUpon: {AE93811A-5C9A-4d34-8462-F7B864FC4696} - %profile%\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} FF - Ext: Unlinker: {8ed952a0-199c-11d9-9669-0800200c9a66} - %profile%\extensions\{8ed952a0-199c-11d9-9669-0800200c9a66} FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-2-24 67616] R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\system32\regw2.exe --> C:\Windows\system32\regw2.exe [?] S3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2010-9-11 120208] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-3-25 51456888] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-7-3 1255736] =============== Created Last 30 ================ 2010-12-16 05:39:25 709456 ----a-w- C:\Windows\isRS-000.tmp 2010-12-15 06:14:06 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2010-12-15 06:14:06 2048 ----a-w- C:\Windows\System32\tzres.dll 2010-11-29 04:23:18 338432 ----a-w- C:\Windows\SysWow64\REX Shared Library.dll 2010-11-29 04:23:16 406528 ----a-w- C:\Windows\SysWow64\ReWire.dll 2010-11-29 04:15:30 -------- d-----w- C:\PROGRA~3\Propellerhead Software 2010-11-29 04:14:36 -------- d-----w- C:\Users\Dan\AppData\Roaming\Propellerhead Software 2010-11-29 04:06:14 -------- d-----w- C:\Program Files (x86)\Propellerhead 2010-11-28 14:41:00 -------- d-----w- C:\Users\Dan\AppData\Local\Apple 2010-11-27 22:10:22 -------- d-----w- C:\Program Files (x86)\ESET 2010-11-25 07:25:50 41624 ----a-w- C:\Windows\SysWow64\drivers\fsbts.sys 2010-11-25 07:25:23 574632 ----a-w- C:\Windows\SysWow64\msvcp50.dll 2010-11-25 07:24:31 -------- d-----w- C:\Program Files (x86)\F-Secure 2010-11-25 07:23:42 -------- d-----w- C:\PROGRA~3\fssg 2010-11-25 07:01:54 -------- d-----w- C:\PROGRA~3\F-Secure 2010-11-25 06:47:03 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2010-11-25 06:47:02 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2010-11-24 19:15:05 521448 ----a-w- C:\Windows\System32\deployJava1.dll 2010-11-23 23:38:43 -------- d-----w- C:\Users\Dan\AppData\Local\Adobe 2010-11-23 23:34:30 -------- d-----w- C:\Users\Dan\AppData\Local\Apple Computer 2010-11-23 22:52:06 7680 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll 2010-11-23 22:52:06 7680 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll 2010-11-19 00:35:15 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2010-11-19 00:35:14 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-18 23:47:45 -------- dc----w- C:\PROGRA~3\{E961CE1B-C3EA-4882-9F67-F859B555D097} ==================== Find3M ==================== 2010-11-10 05:20:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys 2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll 2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll 2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll 2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe 2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe 2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe 2010-10-20 05:20:01 46080 ----a-w- C:\Windows\System32\atmlib.dll 2010-10-20 04:54:18 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2010-10-20 03:09:15 3124224 ----a-w- C:\Windows\System32\win32k.sys 2010-10-20 03:05:46 367104 ----a-w- C:\Windows\System32\atmfd.dll 2010-10-20 02:58:41 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll 2010-10-19 17:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe 2010-10-16 05:23:13 112000 ----a-w- C:\Windows\System32\consent.exe 2010-10-16 05:19:41 395776 ----a-w- C:\Windows\System32\webio.dll 2010-10-16 04:36:10 314368 ----a-w- C:\Windows\SysWow64\webio.dll 2010-09-28 22:44:52 51712 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2010-09-28 22:44:52 4184352 ----a-w- C:\Windows\System32\usbaaplrc.dll ============= FINISH: 23:07:09.87 =============== UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT DDS (Ver_10-12-12.02) Microsoft Windows 7 Enterprise Boot Device: \Device\HarddiskVolume1 Install Date: 7/2/2010 4:25:55 PM System Uptime: 12/15/2010 10:41:52 PM (1 hours ago) Motherboard: Acer | | Aspire 8920 Processor: Intel® Core2 Duo CPU T7500 @ 2.20GHz | U2E1 | 2201/200mhz ==== Disk Partitions ========================= C: is FIXED (NTFS) - 298 GiB total, 76.535 GiB free. D: is CDROM () ==== Disabled Device Manager Items ============= Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1} Description: Dritek General Port I/O Device ID: ROOT\LEGACY_DRITEKPORTIO\0000 Manufacturer: Name: Dritek General Port I/O PNP Device ID: ROOT\LEGACY_DRITEKPORTIO\0000 Service: DritekPortIO Class GUID: Description: Device ID: USB\VID_138A&PID_0001\5&21DE5602&0&1 Manufacturer: Name: PNP Device ID: USB\VID_138A&PID_0001\5&21DE5602&0&1 Service: ==== System Restore Points =================== RP82: 11/24/2010 11:46:30 PM - Installed Java 6 Update 22 RP83: 11/25/2010 12:24:16 AM - is 10.51 build 106 Installation RP84: 11/26/2010 8:07:23 AM - OTL Restore Point RP85: 11/28/2010 7:00:11 PM - Windows Backup RP86: 12/5/2010 7:00:09 PM - Windows Backup RP87: 12/13/2010 3:56:08 AM - Scheduled Checkpoint RP88: 12/15/2010 3:00:16 AM - Windows Update ==== Installed Programs ====================== -
Flash not wotking properly in firefox
sneak14 replied to sneak14's topic in Resolved Malware Removal Logs
No I'm not sure if the problem is malware related. But it started to occur at the same time that several other malware problems came up. I've tried un/reinstalling firefox, flash and adobe but nothing seems to work. The post that I mentioned cleared up all the malware problems but this one persists. The problem also affects sites that have picture slideshows. If you think it isn't malware related is there a different forum you could direct me to? -
I'm having a problem with flash in firefox. Sites that use it never load the flash object properly the first time but after I refresh the page it does work. Lots of imbedded videos do not seem to load either. I've tried un/reinstalling and it doesn't help. The problem started at the same time as this problem was being fixed: http://forums.malwarebytes.org/index.php?s...&hl=sneak14 any suggestions?
-
that's ok. everything else is fine. thanks for everything.
-
no longer getting the tracking cookie warning every time I start up FF. Flash problem remains but other than that it's all good. thanks.
-
Everything is running fine. But the flash problem and the cookie warnings are still there. It's annoying but it's not a huge deal. The google redirect thing was the main problem and it looks like it's gone now. If there isn't anything else that can be done that's ok I guess.
-
Here is the log: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK And here is what was removed: C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe a variant of Win32/HotSpotShield application cleaned by deleting (after the next restart) - quarantined C:\Users\Dan\AppData\Local\Temp\NODBA91.tmp a variant of Win32/HotSpotShield application cleaned by deleting (after the next restart) - quarantined
-
All processes killed Error: Unable to interpret <[EmptyFlash]> in the current context! Error: Unable to interpret <[EmptyTemp]> in the current context! Error: Unable to interpret <[RESETHOSTS]> in the current context! Error: Unable to interpret <[purity]> in the current context! Error: Unable to interpret <[start explorer]> in the current context! Error: Unable to interpret <[Reboot]> in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11272010_030115 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
-
OTL logfile created on: 11/26/2010 8:06:47 AM - Run 2 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Dan\Desktop 64bit- Enterprise Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 58.00% Memory free 8.00 Gb Paging File | 6.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 297.99 Gb Total Space | 96.91 Gb Free Space | 32.52% Space Free | Partition Type: NTFS Computer Name: DAN-PC | User Name: Dan | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Dan\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe () PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () PRC - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Dan\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (Apple Mobile Device) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe () SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe () SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (itecir) -- C:\Windows\SysNative\drivers\itecir.sys (ITE Tech. Inc. ) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corp) DRV:64bit: - (Ntfs) -- C:\Windows\SysNative\wbem\ntfs.mof () DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics, Inc.) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corp.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/iat/us_ca.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0E 8B B6 7B 7F 87 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.selectedEngine: "Wikipedia (en)" FF - prefs.js..browser.startup.homepage: "pitchfork.com" FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.76 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1167 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q=" FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files (x86)\AVG\AVG10\Firefox\ [2010/11/24 08:04:19 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/11/23 17:27:30 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/24 23:47:03 | 000,000,000 | ---D | M] [2010/07/02 18:28:48 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Extensions [2010/11/25 22:03:10 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions [2010/09/15 06:24:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/11/11 18:21:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696} [2010/11/11 18:18:09 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/11/24 23:47:04 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions [2010/11/24 23:47:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010/11/24 23:46:50 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.) O4 - Startup: C:\Users\Dan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) - File not found O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync) - C:\Program Files (x86)\AVG\AVG10\avgchsva.exe (AVG Technologies CZ, s.r.o.) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart) - C:\Program Files (x86)\AVG\AVG10\avgrsa.exe (AVG Technologies CZ, s.r.o.) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation) Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation) Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation) Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation) Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.FFDS - ff_vfw.dll () Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation) Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation) Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation) Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation) Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation) Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation) Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation) Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation) Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler) Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/) Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation) Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation) Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll () Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation) Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation) Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation) Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll () Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation) Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation) Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation) Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2010/11/25 00:24:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\F-Secure [2010/11/25 00:23:42 | 000,000,000 | ---D | C] -- C:\ProgramData\fssg [2010/11/25 00:01:54 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure [2010/11/24 23:47:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2010/11/24 23:47:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2010/11/24 23:46:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2010/11/24 12:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2010/11/23 17:36:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2010/11/23 17:35:22 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/23 16:38:43 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Adobe [2010/11/23 16:34:30 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Apple Computer [2010/11/23 15:56:44 | 001,339,480 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\TDSSKiller.exe [2010/11/23 15:53:55 | 000,000,000 | ---D | C] -- C:\Users\Dan\Desktop\GooredFix Backups [2010/11/23 01:58:16 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe [2010/11/23 01:12:17 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW [2010/11/23 00:14:00 | 000,000,000 | R--D | C] -- C:\Users\Dan\Documents\morebass Project [2010/11/18 17:35:15 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys [2010/11/18 17:35:14 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2010/11/18 17:28:38 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Users\Dan\Desktop\HiJackThis.exe [2010/11/18 16:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\{E961CE1B-C3EA-4882-9F67-F859B555D097} [2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2010/11/14 15:34:39 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2010/11/11 02:06:10 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Local\Sunbelt Software [2010/11/11 02:04:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2010/11/11 02:04:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft [2010/11/11 02:00:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2010/11/11 02:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2010/11/11 01:58:46 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\SUPERAntiSpyware.com [2010/11/11 01:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com [2010/11/11 01:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE [2010/11/09 22:20:56 | 000,382,032 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/11/09 21:12:02 | 000,000,000 | ---D | C] -- C:\Users\Dan\AppData\Roaming\Malwarebytes [2010/11/09 21:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2010/11/09 21:11:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes ========== Files - Modified Within 30 Days ========== [2010/11/26 08:05:33 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Dan\Desktop\OTL.exe [2010/11/25 22:12:27 | 000,728,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2010/11/25 22:12:27 | 000,625,812 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2010/11/25 22:12:27 | 000,107,396 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2010/11/25 22:07:33 | 000,023,877 | ---- | M] () -- C:\Users\Dan\Documents\Kirov.docx [2010/11/25 21:53:12 | 100,210,035 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2010/11/25 21:49:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/25 21:49:19 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2010/11/25 00:27:45 | 000,041,624 | ---- | M] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010/11/25 00:25:32 | 000,750,440 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/24 23:15:46 | 000,000,293 | ---- | M] () -- C:\Users\Dan\Desktop\lamedropXPd.ini [2010/11/24 08:04:32 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2011.lnk [2010/11/23 17:37:03 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010/11/23 17:27:31 | 000,001,963 | ---- | M] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/11/23 17:27:31 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/23 15:59:00 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/23 15:58:59 | 000,010,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/23 01:32:42 | 000,630,272 | ---- | M] () -- C:\Users\Dan\Desktop\dds.scr [2010/11/23 01:31:52 | 000,000,000 | ---- | M] () -- C:\Users\Dan\defogger_reenable [2010/11/22 00:55:15 | 000,033,796 | ---- | M] () -- C:\Users\Dan\Documents\tuskegee.docx [2010/11/22 00:53:21 | 000,013,023 | ---- | M] () -- C:\Users\Dan\Documents\nurse rivers lodge.docx [2010/11/22 00:40:29 | 000,013,725 | ---- | M] () -- C:\Users\Dan\Documents\biblio tusk.docx [2010/11/19 15:39:37 | 000,011,089 | ---- | M] () -- C:\Users\Dan\Documents\best of dmt.xlsx [2010/11/18 18:40:00 | 597,093,192 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/18 17:35:18 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/18 17:28:39 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Users\Dan\Desktop\HiJackThis.exe [2010/11/18 02:05:45 | 000,013,274 | ---- | M] () -- C:\Users\Dan\Documents\Quiet Diplomacy.docx [2010/11/18 01:51:57 | 000,051,353 | ---- | M] () -- C:\Users\Dan\Documents\nic backup.docx [2010/11/17 23:57:14 | 000,014,559 | ---- | M] () -- C:\Users\Dan\Documents\bibliography.docx [2010/11/17 07:24:22 | 001,339,480 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Dan\Desktop\TDSSKiller.exe [2010/11/17 00:02:22 | 000,041,043 | ---- | M] () -- C:\Users\Dan\Documents\wtf.docx [2010/11/16 19:15:09 | 000,037,452 | ---- | M] () -- C:\Users\Dan\Documents\Nicaragua.docx [2010/11/14 15:35:19 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/11/13 18:23:40 | 000,012,644 | ---- | M] () -- C:\Users\Dan\Documents\MORE HOUSE.xlsx [2010/11/09 22:20:56 | 000,382,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys [2010/11/06 13:33:11 | 000,000,161 | ---- | M] () -- C:\Windows\AutoKMS.ini [2010/11/05 13:49:51 | 000,011,007 | ---- | M] () -- C:\Users\Dan\Documents\house.xlsx [2010/11/02 20:47:10 | 000,005,453 | ---- | M] () -- C:\Users\Dan\Desktop\dmt.png [2010/11/01 10:42:38 | 000,012,553 | ---- | M] () -- C:\Users\Dan\Documents\Lkjdsljf.docx [2010/10/28 17:41:18 | 000,011,293 | ---- | M] () -- C:\Users\Dan\Documents\halloween.xlsx ========== Files Created - No Company Name ========== [2010/11/25 13:16:24 | 000,023,877 | ---- | C] () -- C:\Users\Dan\Documents\Kirov.docx [2010/11/25 00:25:50 | 000,041,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys [2010/11/25 00:25:08 | 000,750,440 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010/11/23 17:37:03 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk [2010/11/23 17:27:31 | 000,001,963 | ---- | C] () -- C:\Users\Dan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk [2010/11/23 17:27:31 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/11/23 01:32:42 | 000,630,272 | ---- | C] () -- C:\Users\Dan\Desktop\dds.scr [2010/11/23 01:31:52 | 000,000,000 | ---- | C] () -- C:\Users\Dan\defogger_reenable [2010/11/22 00:52:00 | 000,013,023 | ---- | C] () -- C:\Users\Dan\Documents\nurse rivers lodge.docx [2010/11/22 00:40:28 | 000,013,725 | ---- | C] () -- C:\Users\Dan\Documents\biblio tusk.docx [2010/11/20 15:08:18 | 000,033,796 | ---- | C] () -- C:\Users\Dan\Documents\tuskegee.docx [2010/11/19 15:39:37 | 000,011,089 | ---- | C] () -- C:\Users\Dan\Documents\best of dmt.xlsx [2010/11/18 17:35:18 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk [2010/11/18 02:04:58 | 000,013,274 | ---- | C] () -- C:\Users\Dan\Documents\Quiet Diplomacy.docx [2010/11/17 23:28:36 | 000,014,559 | ---- | C] () -- C:\Users\Dan\Documents\bibliography.docx [2010/11/16 19:47:26 | 000,041,043 | ---- | C] () -- C:\Users\Dan\Documents\wtf.docx [2010/11/15 20:55:29 | 000,051,353 | ---- | C] () -- C:\Users\Dan\Documents\nic backup.docx [2010/11/14 15:35:19 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2010/11/13 18:23:40 | 000,012,644 | ---- | C] () -- C:\Users\Dan\Documents\MORE HOUSE.xlsx [2010/11/12 16:25:24 | 000,037,452 | ---- | C] () -- C:\Users\Dan\Documents\Nicaragua.docx [2010/11/07 18:40:57 | 000,000,293 | ---- | C] () -- C:\Users\Dan\Desktop\lamedropXPd.ini [2010/11/05 13:49:50 | 000,011,007 | ---- | C] () -- C:\Users\Dan\Documents\house.xlsx [2010/11/02 20:47:09 | 000,005,453 | ---- | C] () -- C:\Users\Dan\Desktop\dmt.png [2010/11/01 10:42:38 | 000,012,553 | ---- | C] () -- C:\Users\Dan\Documents\Lkjdsljf.docx [2010/10/28 17:41:18 | 000,011,293 | ---- | C] () -- C:\Users\Dan\Documents\halloween.xlsx [2010/10/05 17:45:09 | 000,000,161 | ---- | C] () -- C:\Windows\AutoKMS.ini [2010/07/29 11:35:53 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2010/07/29 11:35:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini [2010/07/29 11:35:52 | 000,790,528 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2010/07/29 11:35:52 | 000,134,144 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2010/07/29 11:35:52 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2010/07/02 19:56:34 | 000,001,694 | ---- | C] () -- C:\Windows\RtDefLvl.ini [2009/07/13 16:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 14:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll ========== LOP Check ========== [2010/07/02 20:54:13 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Ableton [2010/10/22 07:19:06 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\AVG10 [2010/11/25 21:52:23 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\Dropbox [2010/11/26 08:04:31 | 000,000,000 | ---D | M] -- C:\Users\Dan\AppData\Roaming\uTorrent [2009/07/13 22:08:49 | 000,027,162 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2010/11/18 17:05:49 | 000,002,376 | ---- | M] () -- C:\aaw7boot.log [2010/11/25 21:49:19 | 3219,988,480 | -HS- | M] () -- C:\hiberfil.sys [2010/11/25 21:49:19 | 4293,320,704 | -HS- | M] () -- C:\pagefile.sys [2010/11/23 15:58:47 | 000,062,772 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_15.56.51_log.txt [2010/11/23 16:15:04 | 000,062,206 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_16.14.42_log.txt [2010/11/23 16:24:53 | 000,062,206 | ---- | M] () -- C:\TDSSKiller.2.4.8.0_23.11.2010_16.17.57_log.txt < %systemroot%\system32\Spool\prtprocs\w32x86\*.dll > < %systemroot%\system32\*.wt > < %systemroot%\system32\*.ruy > < %systemroot%\Fonts\*.com > [2009/07/13 22:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont [2009/07/13 22:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont [2009/07/13 22:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont [2009/07/13 22:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont < %systemroot%\system32\spool\prtprocs\w32x86\*.tmp > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/13 18:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\FirewallAPI.dll [2010/08/31 21:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\SysWOW64\wmp.dll < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\Fonts\*.dll > < %systemroot%\Fonts\*.ini > [2009/06/10 13:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini < %systemroot%\Fonts\*.ini2 > < %systemroot%\system32\user32.dll /md5 > [2010/08/10 22:46:59 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=861C4346F9281DC0380DE72C8D55D6BE -- C:\Windows\SysWOW64\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2009/07/13 18:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2009/07/13 18:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > < End of report > This was the only text file that was created.
-
is there no way to get rid of these ones? they seem to be harmful. my computer and internet are slower and there's the problem with flash that I mentioned before.
-
I tried that several times. Warnings still kept popping up. It happens for Internet Explorer too.
-
"c:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\cookies.sqlite" "Found Tracking cookie.Revsci";"" It doesn't give me the option to remove them.
-
Did that and the problem is still there. I'm still getting avg warnings every time I open FF. This wasn't happening a few days ago.
-
I un/reinstalled firefox. There is still something that isn't working properly. Whenever I go to a site that uses flash (I think it's flash) like Beatport.com or foxsports.com it never works properly the first time; I have to refresh for the features to function properly. This seems to have started about the same time that I got the redirect virus.
-
Thanks so much for the help. I'll post back within a couple days to update you.
-
So far google is not redirecting me to other sites but it will take me a bit longer to find out for sure. Sometimes it goes away for awhile. But when I open up firefox the AVG window still pops up. It's telling me that I have a tracking cookie called cookie.7search. 7search.com is one of the websites that I have been redirected to from google.
-
Also, is it ok for me to update my adobe reader?
-
Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5178 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 11/23/2010 4:31:12 PM mbam-log-2010-11-23 (16-31-12).txt Scan type: Quick scan Objects scanned: 139401 Time elapsed: 5 minute(s), 1 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Its working fine aside from the google redirect virus. Also, whenever I open up Firefox an AVG warning pops up warning me that there is a cookie. This just started happening within a few days. 2010/11/23 16:17:57.0590 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 2010/11/23 16:17:57.0590 ================================================================================ 2010/11/23 16:17:57.0590 SystemInfo: 2010/11/23 16:17:57.0590 2010/11/23 16:17:57.0590 OS Version: 6.1.7600 ServicePack: 0.0 2010/11/23 16:17:57.0590 Product type: Workstation 2010/11/23 16:17:57.0590 ComputerName: DAN-PC 2010/11/23 16:17:57.0590 UserName: Dan 2010/11/23 16:17:57.0590 Windows directory: C:\Windows 2010/11/23 16:17:57.0590 System windows directory: C:\Windows 2010/11/23 16:17:57.0590 Running under WOW64 2010/11/23 16:17:57.0590 Processor architecture: Intel x64 2010/11/23 16:17:57.0590 Number of processors: 2 2010/11/23 16:17:57.0590 Page size: 0x1000 2010/11/23 16:17:57.0590 Boot type: Normal boot 2010/11/23 16:17:57.0590 ================================================================================ 2010/11/23 16:17:57.0590 Utility is running under WOW64 2010/11/23 16:17:58.0105 Initialize success 2010/11/23 16:17:59.0462 ================================================================================ 2010/11/23 16:17:59.0462 Scan started 2010/11/23 16:17:59.0462 Mode: Manual; 2010/11/23 16:17:59.0462 ================================================================================ 2010/11/23 16:18:01.0490 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/11/23 16:18:01.0630 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2010/11/23 16:18:01.0755 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/11/23 16:18:01.0927 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/11/23 16:18:02.0020 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2010/11/23 16:18:02.0114 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2010/11/23 16:18:02.0332 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2010/11/23 16:18:02.0691 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 2010/11/23 16:18:03.0003 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2010/11/23 16:18:03.0144 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2010/11/23 16:18:03.0175 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2010/11/23 16:18:03.0222 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2010/11/23 16:18:03.0237 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2010/11/23 16:18:03.0284 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2010/11/23 16:18:03.0300 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/11/23 16:18:03.0315 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2010/11/23 16:18:03.0362 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2010/11/23 16:18:03.0424 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2010/11/23 16:18:03.0440 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2010/11/23 16:18:03.0471 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/11/23 16:18:03.0487 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2010/11/23 16:18:03.0768 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 2010/11/23 16:18:03.0830 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 2010/11/23 16:18:03.0846 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 2010/11/23 16:18:03.0924 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys 2010/11/23 16:18:04.0064 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys 2010/11/23 16:18:04.0152 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys 2010/11/23 16:18:04.0190 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys 2010/11/23 16:18:04.0265 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2010/11/23 16:18:04.0306 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2010/11/23 16:18:04.0353 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2010/11/23 16:18:04.0418 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/11/23 16:18:04.0481 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2010/11/23 16:18:04.0528 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/11/23 16:18:04.0543 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/11/23 16:18:04.0590 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2010/11/23 16:18:04.0606 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/11/23 16:18:04.0621 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/11/23 16:18:04.0637 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/11/23 16:18:04.0684 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/11/23 16:18:04.0762 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/11/23 16:18:04.0824 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2010/11/23 16:18:04.0871 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2010/11/23 16:18:04.0964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2010/11/23 16:18:05.0058 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/11/23 16:18:05.0074 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2010/11/23 16:18:05.0105 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2010/11/23 16:18:05.0152 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2010/11/23 16:18:05.0167 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/11/23 16:18:05.0214 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/11/23 16:18:05.0261 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2010/11/23 16:18:05.0323 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2010/11/23 16:18:05.0354 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2010/11/23 16:18:05.0401 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2010/11/23 16:18:05.0526 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2010/11/23 16:18:05.0573 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2010/11/23 16:18:05.0620 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys 2010/11/23 16:18:05.0744 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2010/11/23 16:18:05.0822 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2010/11/23 16:18:05.0854 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2010/11/23 16:18:05.0900 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2010/11/23 16:18:05.0916 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2010/11/23 16:18:05.0947 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2010/11/23 16:18:05.0994 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2010/11/23 16:18:06.0025 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2010/11/23 16:18:06.0056 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/11/23 16:18:06.0103 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2010/11/23 16:18:06.0134 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2010/11/23 16:18:06.0166 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2010/11/23 16:18:06.0228 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2010/11/23 16:18:06.0306 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/11/23 16:18:06.0368 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/11/23 16:18:06.0400 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2010/11/23 16:18:06.0446 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2010/11/23 16:18:06.0493 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/11/23 16:18:06.0509 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/11/23 16:18:06.0524 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2010/11/23 16:18:06.0571 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2010/11/23 16:18:06.0602 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2010/11/23 16:18:06.0665 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/11/23 16:18:06.0727 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2010/11/23 16:18:06.0758 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2010/11/23 16:18:06.0790 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/11/23 16:18:06.0836 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/11/23 16:18:06.0883 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2010/11/23 16:18:06.0977 IntcAzAudAddService (72e789ab3fcf5099cdeeb6d1c81f61bb) C:\Windows\system32\drivers\RTKVHD64.sys 2010/11/23 16:18:07.0008 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2010/11/23 16:18:07.0039 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2010/11/23 16:18:07.0070 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/11/23 16:18:07.0102 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/11/23 16:18:07.0133 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2010/11/23 16:18:07.0164 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2010/11/23 16:18:07.0195 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2010/11/23 16:18:07.0226 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/11/23 16:18:07.0273 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys 2010/11/23 16:18:07.0351 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys 2010/11/23 16:18:07.0398 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/11/23 16:18:07.0445 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/11/23 16:18:07.0460 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2010/11/23 16:18:07.0523 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2010/11/23 16:18:07.0554 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2010/11/23 16:18:07.0601 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys 2010/11/23 16:18:07.0663 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2010/11/23 16:18:07.0726 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/11/23 16:18:07.0741 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/11/23 16:18:07.0788 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/11/23 16:18:07.0819 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/11/23 16:18:07.0866 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2010/11/23 16:18:07.0913 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2010/11/23 16:18:07.0944 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/11/23 16:18:07.0975 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2010/11/23 16:18:08.0022 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2010/11/23 16:18:08.0053 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2010/11/23 16:18:08.0084 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2010/11/23 16:18:08.0131 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2010/11/23 16:18:08.0162 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2010/11/23 16:18:08.0194 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2010/11/23 16:18:08.0225 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2010/11/23 16:18:08.0272 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/11/23 16:18:08.0303 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/11/23 16:18:08.0350 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/11/23 16:18:08.0381 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2010/11/23 16:18:08.0412 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2010/11/23 16:18:08.0459 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2010/11/23 16:18:08.0490 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2010/11/23 16:18:08.0506 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/11/23 16:18:08.0552 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2010/11/23 16:18:08.0584 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/11/23 16:18:08.0599 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2010/11/23 16:18:08.0630 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2010/11/23 16:18:08.0662 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/11/23 16:18:08.0693 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2010/11/23 16:18:08.0708 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/11/23 16:18:08.0755 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2010/11/23 16:18:08.0802 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2010/11/23 16:18:08.0864 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2010/11/23 16:18:08.0896 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/11/23 16:18:08.0942 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/11/23 16:18:08.0974 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/11/23 16:18:09.0005 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/11/23 16:18:09.0036 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2010/11/23 16:18:09.0052 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2010/11/23 16:18:09.0083 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2010/11/23 16:18:09.0286 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 2010/11/23 16:18:09.0348 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/11/23 16:18:09.0395 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2010/11/23 16:18:09.0410 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2010/11/23 16:18:09.0473 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2010/11/23 16:18:09.0520 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2010/11/23 16:18:09.0832 nvlddmkm (4c2e7e596a2a24ca92b76a94fe7a1999) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/11/23 16:18:09.0988 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/11/23 16:18:10.0034 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2010/11/23 16:18:10.0112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/11/23 16:18:10.0128 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/11/23 16:18:10.0190 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2010/11/23 16:18:10.0222 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2010/11/23 16:18:10.0253 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2010/11/23 16:18:10.0284 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2010/11/23 16:18:10.0300 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/11/23 16:18:10.0346 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2010/11/23 16:18:10.0378 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2010/11/23 16:18:10.0471 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2010/11/23 16:18:10.0502 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2010/11/23 16:18:10.0565 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2010/11/23 16:18:10.0612 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2010/11/23 16:18:10.0658 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/11/23 16:18:10.0690 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2010/11/23 16:18:10.0721 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2010/11/23 16:18:10.0752 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/11/23 16:18:10.0783 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/11/23 16:18:10.0814 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/11/23 16:18:10.0846 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2010/11/23 16:18:10.0892 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2010/11/23 16:18:10.0908 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/11/23 16:18:10.0939 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/11/23 16:18:10.0970 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2010/11/23 16:18:11.0002 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2010/11/23 16:18:11.0033 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2010/11/23 16:18:11.0064 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2010/11/23 16:18:11.0095 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2010/11/23 16:18:11.0142 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2010/11/23 16:18:11.0173 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/11/23 16:18:11.0189 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/11/23 16:18:11.0220 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2010/11/23 16:18:11.0282 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys 2010/11/23 16:18:11.0329 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2010/11/23 16:18:11.0360 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2010/11/23 16:18:11.0392 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2010/11/23 16:18:11.0423 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2010/11/23 16:18:11.0470 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2010/11/23 16:18:11.0501 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2010/11/23 16:18:11.0548 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys 2010/11/23 16:18:11.0563 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/11/23 16:18:11.0610 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/11/23 16:18:11.0641 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/11/23 16:18:11.0688 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2010/11/23 16:18:11.0719 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2010/11/23 16:18:11.0782 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2010/11/23 16:18:11.0828 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2010/11/23 16:18:11.0875 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2010/11/23 16:18:11.0922 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2010/11/23 16:18:11.0969 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/11/23 16:18:12.0000 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2010/11/23 16:18:12.0031 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2010/11/23 16:18:12.0109 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys 2010/11/23 16:18:12.0172 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 2010/11/23 16:18:12.0250 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2010/11/23 16:18:12.0359 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2010/11/23 16:18:12.0406 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2010/11/23 16:18:12.0437 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2010/11/23 16:18:12.0452 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2010/11/23 16:18:12.0484 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2010/11/23 16:18:12.0515 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2010/11/23 16:18:12.0562 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/11/23 16:18:12.0593 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2010/11/23 16:18:12.0624 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2010/11/23 16:18:12.0655 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2010/11/23 16:18:12.0686 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/11/23 16:18:12.0718 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2010/11/23 16:18:12.0733 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2010/11/23 16:18:12.0796 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2010/11/23 16:18:12.0858 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/11/23 16:18:12.0889 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2010/11/23 16:18:12.0920 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2010/11/23 16:18:12.0967 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2010/11/23 16:18:12.0998 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2010/11/23 16:18:13.0014 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2010/11/23 16:18:13.0045 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/11/23 16:18:13.0076 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/11/23 16:18:13.0139 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2010/11/23 16:18:13.0201 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/11/23 16:18:13.0248 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/11/23 16:18:13.0264 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2010/11/23 16:18:13.0295 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/11/23 16:18:13.0326 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2010/11/23 16:18:13.0357 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2010/11/23 16:18:13.0373 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/11/23 16:18:13.0404 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/11/23 16:18:13.0435 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2010/11/23 16:18:13.0451 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2010/11/23 16:18:13.0498 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/11/23 16:18:13.0544 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2010/11/23 16:18:13.0576 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2010/11/23 16:18:13.0607 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/23 16:18:13.0622 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/23 16:18:13.0669 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2010/11/23 16:18:13.0716 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2010/11/23 16:18:13.0763 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/11/23 16:18:13.0778 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2010/11/23 16:18:13.0856 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/11/23 16:18:13.0903 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2010/11/23 16:18:13.0950 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2010/11/23 16:18:13.0997 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/11/23 16:18:14.0122 ================================================================================ 2010/11/23 16:18:14.0122 Scan finished 2010/11/23 16:18:14.0122 ================================================================================
-
2010/11/23 15:56:51.0284 TDSS rootkit removing tool 2.4.8.0 Nov 17 2010 07:23:12 2010/11/23 15:56:51.0284 ================================================================================ 2010/11/23 15:56:51.0284 SystemInfo: 2010/11/23 15:56:51.0284 2010/11/23 15:56:51.0284 OS Version: 6.1.7600 ServicePack: 0.0 2010/11/23 15:56:51.0284 Product type: Workstation 2010/11/23 15:56:51.0284 ComputerName: DAN-PC 2010/11/23 15:56:51.0284 UserName: Dan 2010/11/23 15:56:51.0284 Windows directory: C:\Windows 2010/11/23 15:56:51.0284 System windows directory: C:\Windows 2010/11/23 15:56:51.0284 Running under WOW64 2010/11/23 15:56:51.0284 Processor architecture: Intel x64 2010/11/23 15:56:51.0284 Number of processors: 2 2010/11/23 15:56:51.0284 Page size: 0x1000 2010/11/23 15:56:51.0284 Boot type: Normal boot 2010/11/23 15:56:51.0284 ================================================================================ 2010/11/23 15:56:51.0284 Utility is running under WOW64 2010/11/23 15:56:54.0155 Initialize success 2010/11/23 15:57:04.0419 ================================================================================ 2010/11/23 15:57:04.0419 Scan started 2010/11/23 15:57:04.0419 Mode: Manual; 2010/11/23 15:57:04.0419 ================================================================================ 2010/11/23 15:57:05.0277 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/11/23 15:57:05.0324 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys 2010/11/23 15:57:05.0355 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/11/23 15:57:05.0402 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/11/23 15:57:05.0465 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 2010/11/23 15:57:05.0511 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 2010/11/23 15:57:05.0589 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys 2010/11/23 15:57:05.0667 AgereSoftModem (98022774d9930ecbb292e70db7601df6) C:\Windows\system32\DRIVERS\agrsm64.sys 2010/11/23 15:57:05.0730 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys 2010/11/23 15:57:05.0777 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys 2010/11/23 15:57:05.0792 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys 2010/11/23 15:57:05.0823 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 2010/11/23 15:57:05.0839 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 2010/11/23 15:57:05.0886 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys 2010/11/23 15:57:05.0901 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/11/23 15:57:05.0948 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys 2010/11/23 15:57:06.0135 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys 2010/11/23 15:57:06.0213 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 2010/11/23 15:57:06.0229 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 2010/11/23 15:57:06.0260 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/11/23 15:57:06.0276 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys 2010/11/23 15:57:06.0369 AVGIDSDriver (0f562e8bcf79facdfb58a5b3b95e5cfe) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys 2010/11/23 15:57:06.0416 AVGIDSEH (656366fd0c0e2481a89196fb3d1be49a) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys 2010/11/23 15:57:06.0525 AVGIDSFilter (fdf9f596316bc1bc10726ece268a0237) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys 2010/11/23 15:57:06.0681 Avgldx64 (ef415e445e5376624ed78685ee9647d4) C:\Windows\system32\DRIVERS\avgldx64.sys 2010/11/23 15:57:06.0744 Avgmfx64 (f5ffa3053d26c55edc112e66197eed09) C:\Windows\system32\DRIVERS\avgmfx64.sys 2010/11/23 15:57:06.0806 Avgrkx64 (5b3f127b26c08b1c7df5c5f111ca4030) C:\Windows\system32\DRIVERS\avgrkx64.sys 2010/11/23 15:57:06.0837 Avgtdia (ee472479301fef0b6a17e16d8a0deceb) C:\Windows\system32\DRIVERS\avgtdia.sys 2010/11/23 15:57:06.0915 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 2010/11/23 15:57:06.0962 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 2010/11/23 15:57:07.0009 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 2010/11/23 15:57:07.0071 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/11/23 15:57:07.0118 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys 2010/11/23 15:57:07.0149 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/11/23 15:57:07.0165 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/11/23 15:57:07.0196 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 2010/11/23 15:57:07.0227 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/11/23 15:57:07.0243 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/11/23 15:57:07.0259 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/11/23 15:57:07.0274 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/11/23 15:57:07.0321 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 2010/11/23 15:57:07.0368 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys 2010/11/23 15:57:07.0430 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 2010/11/23 15:57:07.0461 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 2010/11/23 15:57:07.0555 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/11/23 15:57:07.0571 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys 2010/11/23 15:57:07.0617 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys 2010/11/23 15:57:07.0649 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 2010/11/23 15:57:07.0695 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/11/23 15:57:07.0727 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/11/23 15:57:07.0773 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys 2010/11/23 15:57:07.0836 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys 2010/11/23 15:57:07.0867 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 2010/11/23 15:57:07.0898 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 2010/11/23 15:57:08.0007 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 2010/11/23 15:57:08.0054 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys 2010/11/23 15:57:08.0148 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys 2010/11/23 15:57:08.0257 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 2010/11/23 15:57:08.0413 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 2010/11/23 15:57:08.0444 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys 2010/11/23 15:57:08.0522 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 2010/11/23 15:57:08.0569 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 2010/11/23 15:57:08.0600 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 2010/11/23 15:57:08.0647 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 2010/11/23 15:57:08.0678 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 2010/11/23 15:57:08.0709 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/11/23 15:57:08.0741 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys 2010/11/23 15:57:08.0772 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 2010/11/23 15:57:08.0803 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys 2010/11/23 15:57:08.0865 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys 2010/11/23 15:57:08.0912 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/11/23 15:57:08.0959 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 2010/11/23 15:57:09.0006 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 2010/11/23 15:57:09.0053 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys 2010/11/23 15:57:09.0099 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/11/23 15:57:09.0115 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/11/23 15:57:09.0131 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 2010/11/23 15:57:09.0177 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 2010/11/23 15:57:09.0224 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys 2010/11/23 15:57:09.0302 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/11/23 15:57:09.0396 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys 2010/11/23 15:57:09.0443 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys 2010/11/23 15:57:09.0489 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/11/23 15:57:09.0536 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/11/23 15:57:09.0599 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 2010/11/23 15:57:09.0708 IntcAzAudAddService (72e789ab3fcf5099cdeeb6d1c81f61bb) C:\Windows\system32\drivers\RTKVHD64.sys 2010/11/23 15:57:09.0770 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys 2010/11/23 15:57:09.0817 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 2010/11/23 15:57:09.0848 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/11/23 15:57:09.0879 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/11/23 15:57:09.0895 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 2010/11/23 15:57:09.0942 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 2010/11/23 15:57:09.0973 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys 2010/11/23 15:57:10.0004 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/11/23 15:57:10.0067 itecir (729cc577a823542aad779a0f1327bdb6) C:\Windows\system32\DRIVERS\itecir.sys 2010/11/23 15:57:10.0145 JMCR (c4c054b795fcba9e070d1425dd07a4e4) C:\Windows\system32\DRIVERS\jmcr.sys 2010/11/23 15:57:10.0191 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/11/23 15:57:10.0223 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/11/23 15:57:10.0254 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys 2010/11/23 15:57:10.0301 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys 2010/11/23 15:57:10.0316 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 2010/11/23 15:57:10.0363 L1E (b8e670d7ef61615fa03104552854fac9) C:\Windows\system32\DRIVERS\L1E62x64.sys 2010/11/23 15:57:10.0425 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 2010/11/23 15:57:10.0488 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/11/23 15:57:10.0519 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/11/23 15:57:10.0550 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/11/23 15:57:10.0581 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/11/23 15:57:10.0613 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 2010/11/23 15:57:10.0659 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 2010/11/23 15:57:10.0675 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/11/23 15:57:10.0722 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 2010/11/23 15:57:10.0769 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 2010/11/23 15:57:10.0800 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 2010/11/23 15:57:10.0831 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 2010/11/23 15:57:10.0862 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys 2010/11/23 15:57:10.0893 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys 2010/11/23 15:57:10.0909 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 2010/11/23 15:57:10.0940 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys 2010/11/23 15:57:11.0003 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/11/23 15:57:11.0018 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/11/23 15:57:11.0065 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/11/23 15:57:11.0096 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys 2010/11/23 15:57:11.0127 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys 2010/11/23 15:57:11.0174 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 2010/11/23 15:57:11.0205 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 2010/11/23 15:57:11.0237 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/11/23 15:57:11.0283 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 2010/11/23 15:57:11.0299 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/11/23 15:57:11.0330 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 2010/11/23 15:57:11.0361 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys 2010/11/23 15:57:11.0393 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/11/23 15:57:11.0424 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 2010/11/23 15:57:11.0439 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/11/23 15:57:11.0471 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 2010/11/23 15:57:11.0517 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 2010/11/23 15:57:11.0580 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys 2010/11/23 15:57:11.0627 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/11/23 15:57:11.0673 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/11/23 15:57:11.0705 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/11/23 15:57:11.0736 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/11/23 15:57:11.0767 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys 2010/11/23 15:57:11.0798 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 2010/11/23 15:57:11.0829 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys 2010/11/23 15:57:12.0032 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys 2010/11/23 15:57:12.0235 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/11/23 15:57:12.0282 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 2010/11/23 15:57:12.0313 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 2010/11/23 15:57:12.0375 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys 2010/11/23 15:57:12.0453 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 2010/11/23 15:57:12.0781 nvlddmkm (4c2e7e596a2a24ca92b76a94fe7a1999) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/11/23 15:57:13.0140 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/11/23 15:57:13.0202 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys 2010/11/23 15:57:13.0280 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/11/23 15:57:13.0311 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/11/23 15:57:13.0374 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 2010/11/23 15:57:13.0405 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys 2010/11/23 15:57:13.0436 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys 2010/11/23 15:57:13.0467 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys 2010/11/23 15:57:13.0499 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/11/23 15:57:13.0514 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 2010/11/23 15:57:13.0561 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 2010/11/23 15:57:13.0686 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys 2010/11/23 15:57:13.0701 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 2010/11/23 15:57:13.0764 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys 2010/11/23 15:57:13.0811 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 2010/11/23 15:57:13.0889 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/11/23 15:57:13.0920 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 2010/11/23 15:57:13.0951 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 2010/11/23 15:57:13.0982 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/11/23 15:57:14.0013 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/11/23 15:57:14.0045 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/11/23 15:57:14.0076 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 2010/11/23 15:57:14.0107 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys 2010/11/23 15:57:14.0138 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/11/23 15:57:14.0185 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/11/23 15:57:14.0216 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys 2010/11/23 15:57:14.0247 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 2010/11/23 15:57:14.0279 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 2010/11/23 15:57:14.0310 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys 2010/11/23 15:57:14.0341 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys 2010/11/23 15:57:14.0403 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 2010/11/23 15:57:14.0435 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/11/23 15:57:14.0466 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/11/23 15:57:14.0481 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys 2010/11/23 15:57:14.0544 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\drivers\sdbus.sys 2010/11/23 15:57:14.0591 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 2010/11/23 15:57:14.0637 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 2010/11/23 15:57:14.0669 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 2010/11/23 15:57:14.0700 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 2010/11/23 15:57:14.0762 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 2010/11/23 15:57:14.0809 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 2010/11/23 15:57:14.0840 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys 2010/11/23 15:57:14.0871 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/11/23 15:57:14.0918 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/11/23 15:57:14.0949 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/11/23 15:57:14.0996 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 2010/11/23 15:57:15.0059 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 2010/11/23 15:57:15.0121 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys 2010/11/23 15:57:15.0168 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys 2010/11/23 15:57:15.0230 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys 2010/11/23 15:57:15.0277 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 2010/11/23 15:57:15.0324 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/11/23 15:57:15.0355 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\DRIVERS\storvsc.sys 2010/11/23 15:57:15.0371 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys 2010/11/23 15:57:15.0449 SynTP (05745019abf1abb5ec8e305dd836b14f) C:\Windows\system32\DRIVERS\SynTP.sys 2010/11/23 15:57:15.0542 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys 2010/11/23 15:57:15.0651 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys 2010/11/23 15:57:15.0792 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys 2010/11/23 15:57:15.0839 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys 2010/11/23 15:57:15.0885 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 2010/11/23 15:57:15.0901 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys 2010/11/23 15:57:15.0932 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys 2010/11/23 15:57:15.0963 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys 2010/11/23 15:57:16.0026 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/11/23 15:57:16.0073 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys 2010/11/23 15:57:16.0119 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 2010/11/23 15:57:16.0151 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys 2010/11/23 15:57:16.0197 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/11/23 15:57:16.0244 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys 2010/11/23 15:57:16.0260 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 2010/11/23 15:57:16.0322 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys 2010/11/23 15:57:16.0353 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/11/23 15:57:16.0400 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys 2010/11/23 15:57:16.0431 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys 2010/11/23 15:57:16.0478 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys 2010/11/23 15:57:16.0509 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys 2010/11/23 15:57:16.0541 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 2010/11/23 15:57:16.0572 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/11/23 15:57:16.0603 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/11/23 15:57:16.0665 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys 2010/11/23 15:57:16.0743 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/11/23 15:57:16.0775 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/11/23 15:57:16.0806 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 2010/11/23 15:57:16.0837 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/11/23 15:57:16.0853 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys 2010/11/23 15:57:16.0884 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\DRIVERS\vmbus.sys 2010/11/23 15:57:16.0915 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/11/23 15:57:16.0931 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/11/23 15:57:16.0977 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys 2010/11/23 15:57:16.0993 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys 2010/11/23 15:57:17.0040 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/11/23 15:57:17.0071 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 2010/11/23 15:57:17.0118 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 2010/11/23 15:57:17.0149 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/23 15:57:17.0180 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys 2010/11/23 15:57:17.0227 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 2010/11/23 15:57:17.0258 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 2010/11/23 15:57:17.0367 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/11/23 15:57:17.0399 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 2010/11/23 15:57:17.0461 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/11/23 15:57:17.0508 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 2010/11/23 15:57:17.0555 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys 2010/11/23 15:57:17.0601 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/11/23 15:57:17.0711 \HardDisk1 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/11/23 15:57:17.0726 ================================================================================ 2010/11/23 15:57:17.0726 Scan finished 2010/11/23 15:57:17.0726 ================================================================================ 2010/11/23 15:57:17.0726 Detected object count: 1 2010/11/23 15:57:36.0789 \HardDisk1 - will be cured after reboot 2010/11/23 15:57:36.0789 Rootkit.Win32.TDSS.tdl4(\HardDisk1) - User select action: Cure 2010/11/23 15:58:47.0754 Deinitialize success
-
I've seen this topic posted on here before. The solution that seems to work is to use Combofix but I'm running Win7 - 64bt so it doesn't work for me. Any suggestions? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:53:20 PM, on 11/23/2010 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16671) Boot mode: Normal Running processes: C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Ableton\Live 8.1.3\Program\Live 8.1.3.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\AVG\AVG10\avgui.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Dan\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - Startup: Dropbox.lnk = Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O13 - Gopher Prefix: O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Hotspot Shield Service (HotspotShieldService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9298 bytes DDS (Ver_10-11-10.01) - NTFS_AMD64 Run by Dan at 1:32:54.83 on Tue 11/23/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.1319 [GMT -7:00] ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RAVCpl64.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files (x86)\uTorrent\uTorrent.exe C:\Windows\System32\StikyNot.exe C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\AVG\AVG10\avgtray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe C:\Users\Dan\AppData\Local\Temp\RtkBtMnt.exe C:\Windows\system32\conhost.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Windows\SysWOW64\explorer.exe C:\Windows\SysWOW64\explorer.exe C:\Windows\system32\AUDIODG.EXE C:\Program Files (x86)\iTunes\iTunes.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\rundll32.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Program Files (x86)\Ableton\Live 8.1.3\Program\Live 8.1.3.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\AVG\AVG10\avgui.exe C:\Program Files (x86)\AVG\AVG10\avgcfgex.exe C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe C:\Program Files (x86)\AVG\AVG10\avgemca.exe C:\Program Files (x86)\AVG\AVG10\avgnsa.exe C:\Program Files (x86)\AVG\AVG10\avgchsva.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\AVG\AVG10\avgrsa.exe C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\Dan\Desktop\dds.scr C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\Users\Dan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Dan\AppData\Roaming\Dropbox\bin\Dropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll mRun-x64: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe mRun-x64: [RtHDVCpl] RAVCpl64.exe mRun-x64: [skytel] Skytel.exe mRun-x64: [bCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\ FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - pitchfork.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll FF - component: C:\Users\Dan\AppData\Roaming\Mozilla\Firefox\Profiles\ffelhzg9.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ---- FIREFOX POLICIES ---- C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-9-7 381008] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-10-11 6104656] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-9-10 265400] R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?] R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920] R3 itecir;ITECIR Infrared Receiver;C:\Windows\System32\drivers\itecir.sys [2010-2-24 67616] R3 netw5v64;Intel ark.zip Attach.zip
-
Hi, my computer has the google redirect virus. I've seen this topic several times in your forum but every solution suggests downloading combofix. However, I have Windows 7 - 64bit so it doesn't work on my OS. Any help is very much appreciated. DDS (Ver_10-11-10.01) - NTFS_AMD64 Run by Dan at 1:32:54.83 on Tue 11/23/2010 Internet Explorer: 8.0.7600.16385 Microsoft Windows 7 Enterprise 6.1.7600.0.1252.1.1033.18.4094.1319 [GMT -7:00] ============== Running Processes =============== C:Windowssystem32wininit.exe C:Windowssystem32lsm.exe C:Windowssystem32svchost.exe -k DcomLaunch C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k RPCSS C:WindowsSystem32svchost.exe -k LocalServiceNetworkRestricted C:WindowsSystem32svchost.exe -k LocalSystemNetworkRestricted C:Windowssystem32svchost.exe -k netsvcs C:Windowssystem32svchost.exe -k LocalService C:Windowssystem32nvvsvc.exe C:Windowssystem32svchost.exe -k NetworkService C:WindowsSystem32spoolsv.exe C:Windowssystem32svchost.exe -k LocalServiceNoNetwork C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceService.exe C:Program Files (x86)AVGAVG10avgwdsvc.exe C:Program Files (x86)BonjourmDNSResponder.exe C:Program Files (x86)Hotspot Shieldbinopenvpnas.exe C:Program Files (x86)Hotspot Shieldbinhsswd.exe C:Windowssystem32svchost.exe -k LocalServiceAndNoImpersonation C:Program FilesWindows Media Playerwmpnetwk.exe C:Windowssystem32SearchIndexer.exe C:Windowssystem32Dwm.exe C:WindowsExplorer.EXE C:Windowssystem32taskhost.exe C:Program FilesSynapticsSynTPSynTPEnh.exe C:WindowsRAVCpl64.exe C:Program FilesWindows Sidebarsidebar.exe C:Program Files (x86)uTorrentuTorrent.exe C:WindowsSystem32StikyNot.exe C:UsersDanAppDataRoamingDropboxbinDropbox.exe C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe C:Program Files (x86)AVGAVG10avgtray.exe C:Program FilesSynapticsSynTPSynTPHelper.exe C:Program Files (x86)iTunesiTunesHelper.exe C:Program Files (x86)AVGAVG10Identity Protectionagentbinavgidsmonitor.exe C:UsersDanAppDataLocalTempRtkBtMnt.exe C:Windowssystem32conhost.exe C:Program FilesiPodbiniPodService.exe C:WindowsSystem32svchost.exe -k LocalServicePeerNet C:Program Files (x86)Hotspot Shieldbinopenvpntray.exe C:Windowssystem32svchost.exe -k SDRSVC C:WindowsSysWOW64explorer.exe C:WindowsSysWOW64explorer.exe C:Windowssystem32AUDIODG.EXE C:Program Files (x86)iTunesiTunes.exe C:Program Files (x86)Common FilesAppleMobile Device SupportAppleMobileDeviceHelper.exe C:Windowssystem32conhost.exe C:Program Files (x86)Common FilesAppleApple Application Supportdistnoted.exe C:Windowssystem32conhost.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program FilesCommon FilesMicrosoft SharedOfficeSoftwareProtectionPlatformOSPPSVC.EXE C:Program Files (x86)AVGAVG10avgcfgex.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Windowssystem32sppsvc.exe C:Windowssystem32taskeng.exe C:Windowssystem32rundll32.exe C:Windowssystem32vssvc.exe C:WindowsSystem32svchost.exe -k swprv C:Program Files (x86)AbletonLive 8.1.3ProgramLive 8.1.3.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)Mozilla Firefoxfirefox.exe C:Program Files (x86)AVGAVG10avgui.exe C:Program Files (x86)AVGAVG10avgcfgex.exe C:Program Files (x86)AVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe C:Program Files (x86)AVGAVG10avgemca.exe C:Program Files (x86)AVGAVG10avgnsa.exe C:Program Files (x86)AVGAVG10avgchsva.exe C:Windowssystem32conhost.exe C:Program Files (x86)AVGAVG10avgrsa.exe C:Program Files (x86)AVGAVG10avgcsrva.exe C:Windowssystem32SearchProtocolHost.exe C:Windowssystem32SearchFilterHost.exe C:Windowssystem32DllHost.exe C:Windowssystem32DllHost.exe C:UsersDanDesktopdds.scr C:Windowssystem32conhost.exe C:Windowssystem32wbemwmiprvse.exe ============== Pseudo HJT Report =============== uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:Program Files (x86)Common FilesAdobeAcrobatActiveXAcroIEHelperShim.dll BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:Program Files (x86)AVGAVG10avgssie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:PROGRA~2MICROS~1Office14URLREDIR.DLL BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:Program Files (x86)Hotspot ShieldHssIEHssIE.dll uRun: [sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun uRun: [uTorrent] "C:Program Files (x86)uTorrentuTorrent.exe" uRun: [RESTART_STICKY_NOTES] C:WindowsSystem32StikyNot.exe mRun: [Adobe Reader Speed Launcher] "C:Program Files (x86)AdobeReader 9.0ReaderReader_sl.exe" mRun: [Adobe ARM] "C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe" mRun: [DivXUpdate] "C:Program Files (x86)DivXDivX UpdateDivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:Program Files (x86)QuickTimeQTTask.exe" -atboottime mRun: [AVG_TRAY] C:Program Files (x86)AVGAVG10avgtray.exe mRun: [iTunesHelper] "C:Program Files (x86)iTunesiTunesHelper.exe" mRun: [Malwarebytes Anti-Malware (reboot)] "C:Program Files (x86)Malwarebytes' Anti-Malwarembam.exe" /runcleanupscript StartupFolder: C:UsersDanAppDataRoamingMICROS~1WindowsSTARTM~1ProgramsStartupDropbox. lnk - C:UsersDanAppDataRoamingDropboxbinDropbox.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:PROGRA~1MICROS~1Office14EXCEL.EXE/3000 IE: Se&nd to OneNote - C:PROGRA~1MICROS~1Office14ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:Program Files (x86)Microsoft OfficeOffice14ONBttnIELinkedNotes.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:Program Files (x86)Common Filesmicrosoft sharedOFFICE14MSOXMLMF.DLL Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:Program Files (x86)AVGAVG10avgpp.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:PROGRA~2MICROS~1Office14GROOVEEX.DLL BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:Program Files (x86)AVGAVG10avgssiea.dll BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:PROGRA~1MICROS~1Office14GROOVEEX.DLL BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:PROGRA~1MICROS~1Office14URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:Program Files (x86)Hotspot ShieldHssIEHssIE_64.dll mRun-x64: [synTPEnh] C:Program FilesSynapticsSynTPSynTPEnh.exe mRun-x64: [RtHDVCpl] RAVCpl64.exe mRun-x64: [skytel] Skytel.exe mRun-x64: [bCSSync] "C:Program FilesMicrosoft OfficeOffice14BCSSync.exe" /DelayServices mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:Windowssystem32NvCpl.dll,NvStartup SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:PROGRA~1MICROS~1Office14GROOVEEX.DLL ================= FIREFOX =================== FF - ProfilePath - C:UsersDanAppDataRoamingMozillaFirefoxProfilesffelhzg9.default FF - prefs.js: browser.search.selectedEngine - Wikipedia (en) FF - prefs.js: browser.startup.homepage - pitchfork.com FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - component: C:Program Files (x86)AVGAVG10Firefoxcomponentsavgssff.dll FF - component: C:UsersDanAppDataRoamingMozillaFirefoxProfilesffelhzg9.defaultextension s{3112ca9c-de6d-4884-a869-9855de68056c}componentsfrozen.dll FF - plugin: C:PROGRA~2MICROS~1Office14NPAUTHZ.DLL FF - plugin: C:PROGRA~2MICROS~1Office14NPSPWRAP.DLL FF - plugin: C:Program Files (x86)DivXDivX Plus Web Playernpdivx32.dll FF - plugin: C:WindowsSysWOW64MacromedFlashNPSWF32.dll ---- FIREFOX POLICIES ---- C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); C:Program Files (x86)Mozilla Firefoxgreprefsall.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 AVGIDSEH;AVGIDSEH;C:WindowsSystem32driversAVGIDSEH.sys [2010-9-13 27216] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:WindowsSystem32driversavgrkx64.sys [2010-9-7 30288] R1 Avgldx64;AVG AVI Loader Driver;C:WindowsSystem32driversavgldx64.sys [2010-9-7 305232] R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:WindowsSystem32driversavgmfx64.sys [2010-9-7 41040] R1 Avgtdia;AVG TDI Driver;C:WindowsSystem32driversavgtdia.sys [2010-9-7 381008] R2 AVGIDSAgent;AVGIDSAgent;C:Program Files (x86)AVGAVG10Identity ProtectionAgentBinAVGIDSAgent.exe [2010-10-11 6104656] R2 avgwd;AVG WatchDog;C:Program Files (x86)AVGAVG10avgwdsvc.exe [2010-9-10 265400] R2 HssWd;Hotspot Shield Monitoring Service;C:Program Files (x86)Hotspot Shieldbinhsswd.exe -product HSS --> C:Program Files (x86)Hotspot Shieldbinhsswd.exe -product HSS [?] R3 AVGIDSDriver;AVGIDSDriver;C:WindowsSystem32driversAVGIDSDriver.sys [2010-8-19 157264] R3 AVGIDSFilter;AVGIDSFilter;C:WindowsSystem32driversAVGIDSFilter.sys [2010-8-19 35920] R3 itecir;ITECIR Infrared Receiver;C:WindowsSystem32driversitecir.sys [2010-2-24 67616] R3 netw5v64;Intel Attach.zip ark.zip