8-step Viruses/Spyware/Malware Preliminary Removal Instructions Help!

Inactive
By Megcx
Nov 21, 2010
Topic Status:
Not open for further replies.
  1. Whenever I go on google and click on a webpage, I get redirected to a different webpage...help is much appreciated:)

    21/11/2010 1:57:04 PM
    mbam-log-2010-11-21 (13-57-04).txt

    Scan type: Quick scan
    Objects scanned: 145642
    Time elapsed: 9 minute(s), 7 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 1
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
  2. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
  3. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    Gmer

    I followed instructions accordingly for the GMER, and I saved the report from the automatic quick scan...but nothing was written. Not sure why :/
  4. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Meghan at 14:19:20.52 on 21/11/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.2.1033.18.1788.965 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\SysWow64\Macromed\Flash\FlashUtil10e.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Meghan\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    mDefault_Page_URL = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    mStart Page = hxxp://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    uRun: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
    uRun: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    StartupFolder: C:\Users\Meghan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    StartupFolder: C:\Users\Meghan\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    mRun-x64: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

    ============= SERVICES / DRIVERS ===============

    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1008000.029\SymEFA64.sys [2010-2-3 402992]
    R1 BHDrvx64;Symantec Heuristics Driver;C:\Windows\System32\drivers\NISx64\1008000.029\BHDrvx64.sys [2010-2-3 334384]
    R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1008000.029\cchpx64.sys [2010-2-3 583296]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100218.001\IDSviA64.sys [2010-2-19 466992]
    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-11-5 203264]
    R2 ePowerSvc;Acer ePower Service;C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe [2009-11-5 844320]
    R2 Greg_Service;GRegService;C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe [2009-8-28 1150496]
    R2 Norton Internet Security;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe [2010-2-3 117640]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-6-17 144640]
    R2 Updater Service;Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2009-11-5 240160]
    R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);C:\Windows\System32\drivers\L1C62x64.sys [2009-11-5 58880]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
    R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-11-24 34872]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-6-17 50432]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-11-5 222208]
    S3 SYMNDISV;Symantec Network Filter Driver;C:\Windows\System32\drivers\NISx64\1008000.029\symndisv.sys [2010-2-3 56880]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-1 1255736]

    =============== Created Last 30 ================

    2010-11-21 19:11:59 8199504 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{89116273-44E4-4146-887A-D68764C12D52}\mpengine.dll
    2010-11-21 18:44:41 -------- d-----w- C:\Users\Meghan\AppData\Roaming\Malwarebytes
    2010-11-21 18:44:30 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-21 18:44:27 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-21 18:44:27 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-21 18:44:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-06 13:24:10 -------- d-----w- C:\Program Files (x86)\EarMaster
    2010-11-06 02:49:18 -------- d-----w- C:\Users\Meghan\AppData\Roaming\EarMaster
    2010-11-06 02:49:18 -------- d-----w- C:\PROGRA~3\EarMaster
    2010-10-27 11:53:16 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-27 11:53:10 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 11:53:10 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 11:53:09 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 11:53:08 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 11:53:08 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 11:53:08 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 11:53:08 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
    2010-10-23 02:20:33 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll

    ==================== Find3M ====================

    2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 15:17:46 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2010-09-08 15:17:46 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll

    ============= FINISH: 14:20:59.29 ===============
  5. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 25/12/2009 1:02:13 AM
    System Uptime: 21/11/2010 1:59:27 PM (1 hours ago)

    Motherboard: eMachines | | eMachines E627
    Processor: AMD Athlon(tm) Processor TF-20 | Socket S1G1 | 1600/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 137 GiB total, 79.407 GiB free.
    D: is CDROM ()
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP302: 21/11/2010 9:33:01 AM - Removed Java(TM) 6 Update 20
    RP303: 21/11/2010 9:41:38 AM - Removed Java(TM) 6 Update 20
    RP304: 21/11/2010 9:45:02 AM - Removed Java(TM) 6 Update 20
    RP305: 21/11/2010 9:46:45 AM - Removed Java(TM) 6 Update 20
    RP306: 21/11/2010 9:47:55 AM - Removed Java(TM) 6 Update 20
    RP307: 21/11/2010 9:51:29 AM - Removed Steam

    ==== Installed Programs ======================

    2007 Microsoft Office Suite Service Pack 2 (SP2)
    Acrobat.com
    Adobe AIR
    Adobe Bridge 1.0
    Adobe Common File Installer
    Adobe Download Manager
    Adobe Flash Player 10 ActiveX
    Adobe Help Center 1.0
    Adobe Photoshop CS2
    Adobe Stock Photos 1.0
    AIO_CDB_Software
    AIO_Scan
    AMD USB Filter Driver
    Apple Application Support
    Apple Software Update
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    BitTorrent
    BufferChm
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Compatibility Pack for the 2007 Office system
    EarMaster Pro 4
    eBay Worldwide
    eMachines Games
    eMachines Power Management
    eMachines Recovery Management
    eMachines Registration
    eMachines ScreenSaver
    eMachines Updater
    Fax
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.5.0.457
    Identity Card
    Java Auto Updater
    Java(TM) 6 Update 20
    Junk Mail filter update
    Launch Manager
    Malwarebytes' Anti-Malware
    Microsoft Choice Guard
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Works
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    Norton Online Backup
    NTI Backup Now 5
    NTI Backup Now Standard
    NTI Media Maker 8
    OpenOffice.org 3.2
    QuickTime
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Scan
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Toolbox
    UnloadSupport
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Visual C++ 8.0 Runtime Setup Package (x64)
    WebReg
    Welcome Center
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    WinZip 14.0

    ==== Event Viewer Messages From Past Week ========

    21/11/2010 8:33:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service.
    21/11/2010 1:59:53 PM, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter
    21/11/2010 1:59:53 PM, Error: atikmdag [43029] - Display is not active
    21/11/2010 1:27:02 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    20/11/2010 8:53:47 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.
    20/11/2010 8:53:43 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    19/11/2010 7:46:27 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR8.
    18/11/2010 7:21:41 AM, Error: Disk [11] - The driver detected a controller error on \...\DR7.
    18/11/2010 12:08:09 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    17/11/2010 8:01:17 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR6.
    15/11/2010 9:45:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    14/11/2010 11:22:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver skipped scanning items and is in pass through mode. This may be due to low resource conditions.

    ==== End Of File ===========================
  6. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    Thanks in advance for helping me out Broni!:)
  7. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    You're running two AV programs, Norton Internet Security and Microsoft Security Essentials.
    One of them has to go.
    If Norton, make sure to use Norton Removal Tool: http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20080710133834EN

    ========================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  8. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: eMachines
    BIOS Manufacturer: eMachines
    System Manufacturer: eMachines
    System Product Name: eMachines E627
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 188):
    0x02A61000 \SystemRoot\system32\ntoskrnl.exe
    0x02A18000 \SystemRoot\system32\hal.dll
    0x00BCA000 \SystemRoot\system32\kdcom.dll
    0x00C96000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CA3000 \SystemRoot\system32\PSHED.dll
    0x00CB7000 \SystemRoot\system32\CLFS.SYS
    0x00D15000 \SystemRoot\system32\CI.dll
    0x00E75000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F19000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01032000 \SystemRoot\System32\Drivers\splz.sys
    0x01159000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x01162000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01191000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x011E8000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x011F2000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F28000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01000000 \SystemRoot\System32\drivers\partmgr.sys
    0x01015000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x0101E000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F5B000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F70000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FCC000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00FE6000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E2A000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00E35000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E45000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00C00000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E50000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01219000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01430000 \SystemRoot\System32\Drivers\msrpc.sys
    0x0148E000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x014A8000 \SystemRoot\System32\Drivers\cng.sys
    0x0151B000 \SystemRoot\System32\drivers\pcw.sys
    0x0152C000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x016C4000 \SystemRoot\system32\drivers\ndis.sys
    0x01600000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01660000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01802000 \SystemRoot\System32\drivers\tcpip.sys
    0x017B6000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01536000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x0168B000 \SystemRoot\System32\Drivers\spldr.sys
    0x01582000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01693000 \SystemRoot\System32\Drivers\mup.sys
    0x016A5000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x015BC000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x016AE000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01400000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x015F6000 \SystemRoot\system32\DRIVERS\AtiPcie.sys
    0x00C4C000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03ADF000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x03B0C000 \SystemRoot\System32\Drivers\Null.SYS
    0x03B15000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03B1C000 \SystemRoot\System32\drivers\vga.sys
    0x03B2A000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x03B4F000 \SystemRoot\System32\drivers\watchdog.sys
    0x03B5F000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x03B68000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x03B71000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x03B7A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x03B85000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x03B96000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x03BB4000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x03A00000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03A45000 \SystemRoot\system32\drivers\afd.sys
    0x03ACF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03BC1000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03BE7000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x01200000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x00C76000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x00DD5000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x0367F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x036D0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x036DC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x036E7000 \SystemRoot\System32\drivers\discache.sys
    0x036F6000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03714000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03725000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x0374B000 \SystemRoot\system32\DRIVERS\amdk8.sys
    0x03E7D000 \SystemRoot\system32\DRIVERS\atikmdag.sys
    0x04494000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04588000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04868000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x049D9000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x049E6000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x04800000 \??\C:\Windows\system32\drivers\UBHelper.sys
    0x04808000 \??\C:\Windows\system32\drivers\NTIDrvr.sys
    0x04810000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x0481D000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04828000 \SystemRoot\system32\DRIVERS\usbfilter.sys
    0x04834000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03E56000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x04845000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x045CE000 \SystemRoot\SysWOW64\Drivers\DKbFltr.sys
    0x045DA000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x03762000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04863000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x045E9000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x037AB000 \SystemRoot\System32\Drivers\ar6zdwtu.SYS
    0x037EE000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x049F9000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x03600000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x03610000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x03626000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x0364A000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x04AAA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04AD9000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04AF4000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04B15000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04B2F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04B31000 \SystemRoot\system32\DRIVERS\ks.sys
    0x04B74000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04B86000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04BE0000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x04C0F000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x04A00000 \SystemRoot\system32\drivers\portcls.sys
    0x04A3D000 \SystemRoot\system32\drivers\drmk.sys
    0x04DEE000 \SystemRoot\system32\drivers\ksthunk.sys
    0x04C00000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x04DF4000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x04A5F000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x04A6A000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x000B0000 \SystemRoot\System32\win32k.sys
    0x04A7D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x04A89000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00490000 \SystemRoot\System32\TSDDD.dll
    0x00620000 \SystemRoot\System32\cdd.dll
    0x03656000 \SystemRoot\system32\drivers\luafv.sys
    0x013BC000 \SystemRoot\system32\drivers\WudfPf.sys
    0x013DD000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x02885000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x028D8000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x028EB000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02903000 \SystemRoot\system32\drivers\HTTP.sys
    0x029CB000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02800000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02818000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x032E8000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x03336000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x03359000 \SystemRoot\system32\drivers\peauth.sys
    0x03200000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0320B000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x03238000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0324A000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x04633000 \SystemRoot\System32\DRIVERS\srv.sys
    0x046C9000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x046D9000 \SystemRoot\system32\drivers\spsys.sys
    0x77690000 \Windows\System32\ntdll.dll
    0x48480000 \Windows\System32\smss.exe
    0xFF9B0000 \Windows\System32\apisetschema.dll
    0xFF690000 \Windows\System32\autochk.exe
    0xFF870000 \Windows\System32\rpcrt4.dll
    0xFF690000 \Windows\System32\autochk.exe
    0xFF510000 \Windows\System32\urlmon.dll
    0xFF4F0000 \Windows\System32\sechost.dll
    0xFF290000 \Windows\System32\iertutil.dll
    0xFF220000 \Windows\System32\gdi32.dll
    0xFF1A0000 \Windows\System32\difxapi.dll
    0xFF100000 \Windows\System32\comdlg32.dll
    0x77570000 \Windows\System32\kernel32.dll
    0xFF060000 \Windows\System32\msvcrt.dll
    0x77860000 \Windows\System32\psapi.dll
    0xFF010000 \Windows\System32\Wldap32.dll
    0xFE280000 \Windows\System32\shell32.dll
    0xFE170000 \Windows\System32\msctf.dll
    0xFE140000 \Windows\System32\imm32.dll
    0xFE010000 \Windows\System32\wininet.dll
    0xFDFC0000 \Windows\System32\ws2_32.dll
    0xFDFB0000 \Windows\System32\lpk.dll
    0xFDF30000 \Windows\System32\shlwapi.dll
    0xFDE50000 \Windows\System32\oleaut32.dll
    0xFDD80000 \Windows\System32\usp10.dll
    0xFDCE0000 \Windows\System32\clbcatq.dll
    0xFDAD0000 \Windows\System32\ole32.dll
    0xFD9F0000 \Windows\System32\advapi32.dll
    0x77470000 \Windows\System32\user32.dll
    0xFD9E0000 \Windows\System32\nsi.dll
    0xFD9C0000 \Windows\System32\imagehlp.dll
    0x77850000 \Windows\System32\normaliz.dll
    0xFD980000 \Windows\System32\cfgmgr32.dll
    0xFD910000 \Windows\System32\KernelBase.dll
    0xFD870000 \Windows\System32\comctl32.dll
    0xFD830000 \Windows\System32\wintrust.dll
    0xFD810000 \Windows\System32\devobj.dll
    0xFD6A0000 \Windows\System32\crypt32.dll
    0xFD690000 \Windows\System32\msasn1.dll
    0x75AA0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 73):
    0 System Idle Process
    4 System
    272 C:\Windows\System32\smss.exe
    420 csrss.exe
    492 C:\Windows\System32\wininit.exe
    500 csrss.exe
    556 C:\Windows\System32\winlogon.exe
    580 C:\Windows\System32\services.exe
    588 C:\Windows\System32\lsass.exe
    596 C:\Windows\System32\lsm.exe
    756 C:\Windows\System32\svchost.exe
    828 C:\Windows\System32\svchost.exe
    888 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    100 C:\Windows\System32\atiesrxx.exe
    648 C:\Windows\System32\svchost.exe
    592 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\audiodg.exe
    1148 C:\Windows\System32\svchost.exe
    1228 C:\Windows\System32\atieclxx.exe
    1360 C:\Windows\System32\svchost.exe
    1468 C:\Windows\System32\spoolsv.exe
    1512 C:\Windows\System32\svchost.exe
    1612 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1644 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1696 C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe
    1756 C:\Windows\System32\svchost.exe
    1812 C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    1868 C:\Windows\SysWOW64\svchost.exe
    1920 C:\Windows\System32\svchost.exe
    1968 C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    2028 C:\Windows\System32\svchost.exe
    1320 C:\Windows\System32\svchost.exe
    864 C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    2016 C:\Windows\System32\taskhost.exe
    2252 C:\Windows\System32\dwm.exe
    2276 C:\Windows\explorer.exe
    2332 C:\Windows\System32\taskeng.exe
    2428 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2436 C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe
    2448 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2456 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2464 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2472 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    2536 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    2564 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    2984 C:\Windows\System32\SearchIndexer.exe
    2636 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    932 C:\Program Files (x86)\Launch Manager\LManager.exe
    2560 C:\Program Files (x86)\iTunes\iTunesHelper.exe
    3212 C:\Windows\System32\wbem\unsecapp.exe
    3372 WmiPrvSE.exe
    3520 C:\Windows\System32\SearchProtocolHost.exe
    3528 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3764 C:\Program Files\eMachines\eMachines Power Management\ePowerEvent.exe
    3820 C:\Windows\System32\svchost.exe
    4072 C:\Program Files (x86)\Internet Explorer\iexplore.exe
    3120 C:\Program Files\Windows Media Player\wmpnetwk.exe
    972 C:\Program Files\iPod\bin\iPodService.exe
    3128 C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    4240 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    4452 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    4680 C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10e.exe
    2980 C:\Windows\System32\sppsvc.exe
    3652 WmiPrvSE.exe
    3804 C:\Windows\servicing\TrustedInstaller.exe
    2988 C:\Windows\System32\wuauclt.exe
    2908 C:\Windows\System32\SearchProtocolHost.exe
    1800 C:\Windows\System32\SearchFilterHost.exe
    2760 C:\Windows\System32\wbem\WMIADAP.exe
    4220 C:\Users\Meghan\Desktop\MBRCheck.exe
    732 C:\Windows\System32\conhost.exe
    2620 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000003`069e5800 (NTFS)

    PhysicalDrive0 Model Number: WDCWD1600BEVT-22ZCT0, Rev: 11.01A11

    Size Device Name MBR Status
    --------------------------------------------
    149 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
  9. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    OTL logfile created on: 11/21/2010 6:21:00 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Meghan\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 136.95 Gb Total Space | 79.78 Gb Free Space | 58.26% Space Free | Partition Type: NTFS

    Computer Name: MEGHAN-PC | User Name: Meghan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/21 18:16:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\OTL.exe
    PRC - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/11/05 13:44:19 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe
    PRC - [2009/08/18 04:42:08 | 001,157,128 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
    PRC - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe
    PRC - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/21 18:16:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:15:31 | 000,154,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\imagehlp.dll
    MOD - [2009/07/13 20:09:00 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\normaliz.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/03/25 22:48:42 | 000,017,424 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)
    SRV:64bit: - [2009/09/30 17:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\eMachines\eMachines Power Management\ePowerSvc.exe -- (ePowerSvc)
    SRV:64bit: - [2009/07/29 07:03:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/03 21:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe -- (Updater Service)
    SRV - [2010/08/13 11:58:56 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/29 07:51:54 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/08/28 04:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\eMachines\Registration\GregHSRW.exe -- (Greg_Service)
    SRV - [2009/06/17 20:31:58 | 000,144,640 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe -- (NTISchedulerSvc)
    SRV - [2009/06/17 20:31:46 | 000,050,432 | ---- | M] (NewTech InfoSystems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe -- (NTIBackupSvc)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\eMachines Games\eMachines Game Console\GameConsoleService.exe -- (GameConsoleService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2010/07/17 23:22:35 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/04/19 19:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2009/08/21 04:18:16 | 002,978,296 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
    DRV:64bit: - [2009/08/09 22:07:14 | 000,222,208 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/08/09 16:25:45 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
    DRV:64bit: - [2009/07/29 17:11:24 | 006,038,016 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
    DRV:64bit: - [2009/07/27 02:04:36 | 000,058,880 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20)
    DRV:64bit: - [2009/07/16 06:33:44 | 001,488,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/18 07:12:32 | 000,272,432 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/05 03:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
    DRV:64bit: - [2009/05/05 03:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
    DRV:64bit: - [2009/05/04 08:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
    DRV:64bit: - [2009/04/03 09:39:58 | 000,034,872 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
    DRV - [2009/03/25 22:16:08 | 000,025,608 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\Drivers\DKbFltr.sys -- (DKbFltr) Dritek Keyboard Filter Driver (64-bit)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.emachines.com/rdr.aspx?b=ACEW&l=1009&m=e627&r=273612090315l0344z155r48j2330o
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg64.dll (Google Inc.)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
    O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Program Files\eMachines\eMachines Power Management\ePowerTray.exe (Acer Incorporated)
    O4:64bit: - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
    O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files (x86)\Common Files\Adobe\Updater\AdobeUpdater.exe (Adobe Systems Incorporated)
    O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O4 - Startup: C:\Users\Meghan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O8:64bit: - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
    O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (get_atlcom Class)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O32 - HKLM CDRom: AutoRun - 1
    O33 - MountPoints2\{b444a623-9224-11df-814d-806e6f6e6963}\Shell - "" = AutoRun
    O33 - MountPoints2\{b444a623-9224-11df-814d-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.vorbis - C:\Windows\SysWow64\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/21 18:16:35 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Meghan\Desktop\OTL.exe
    [2010/11/21 13:44:41 | 000,000,000 | ---D | C] -- C:\Users\Meghan\AppData\Roaming\Malwarebytes
    [2010/11/21 13:44:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/21 13:44:27 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/21 13:44:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/21 13:44:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/21 13:43:04 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Meghan\Desktop\mbam-setup-1.46.exe
    [2010/11/21 13:25:12 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Meghan\Desktop\TFC.exe
    [2010/11/07 18:23:36 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2010/11/06 08:24:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EarMaster
    [2010/11/05 21:49:18 | 000,000,000 | ---D | C] -- C:\Users\Meghan\AppData\Roaming\EarMaster
    [2010/11/05 21:49:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EarMaster
    [2010/10/27 18:30:24 | 000,000,000 | ---D | C] -- C:\Users\Meghan\Desktop\DCIM
    [2010/10/22 21:19:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime

    ========== Files - Modified Within 30 Days ==========

    [2010/11/21 18:16:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\OTL.exe
    [2010/11/21 18:16:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/21 18:16:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/21 18:14:24 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/21 18:14:24 | 000,628,460 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/21 18:14:24 | 000,110,612 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/21 18:12:12 | 000,080,384 | ---- | M] () -- C:\Users\Meghan\Desktop\MBRCheck.exe
    [2010/11/21 18:09:26 | 000,000,894 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2010/11/21 18:08:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/21 18:08:46 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/21 18:02:00 | 000,000,898 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2010/11/21 15:24:10 | 320,003,711 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/21 14:03:41 | 000,296,448 | ---- | M] () -- C:\Users\Meghan\Desktop\qt9thgos.exe
    [2010/11/21 13:44:33 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/21 13:43:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meghan\Desktop\mbam-setup-1.46.exe
    [2010/11/21 13:25:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\TFC.exe
    [2010/11/21 09:32:38 | 000,000,334 | ---- | M] () -- C:\Windows\wininit.ini
    [2010/11/21 09:31:05 | 001,720,086 | ---- | M] () -- C:\Windows\SysWow64\TmpA937187269
    [2010/11/19 08:37:04 | 000,149,504 | ---- | M] () -- C:\Users\Meghan\Desktop\cover sheet.doc
    [2010/11/18 15:42:21 | 000,132,932 | ---- | M] () -- C:\Users\Meghan\Desktop\cover sheet.docx
    [2010/11/13 21:00:40 | 000,012,370 | ---- | M] () -- C:\Users\Meghan\Documents\Band List.docx
    [2010/11/06 08:24:13 | 000,001,070 | ---- | M] () -- C:\Users\Meghan\Desktop\EarMaster Pro 4.lnk
    [2010/11/05 22:01:47 | 000,009,728 | ---- | M] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2010/11/03 12:52:45 | 004,367,872 | ---- | M] () -- C:\Users\Meghan\Desktop\Opera.ppt
    [2010/10/22 21:20:04 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk

    ========== Files Created - No Company Name ==========

    [2010/11/21 18:12:08 | 000,080,384 | ---- | C] () -- C:\Users\Meghan\Desktop\MBRCheck.exe
    [2010/11/21 14:03:34 | 000,296,448 | ---- | C] () -- C:\Users\Meghan\Desktop\qt9thgos.exe
    [2010/11/21 13:44:33 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/21 09:31:05 | 001,720,086 | ---- | C] () -- C:\Windows\SysWow64\TmpA937187269
    [2010/11/19 08:36:58 | 000,149,504 | ---- | C] () -- C:\Users\Meghan\Desktop\cover sheet.doc
    [2010/11/13 21:00:36 | 000,012,370 | ---- | C] () -- C:\Users\Meghan\Documents\Band List.docx
    [2010/11/12 21:19:07 | 000,132,932 | ---- | C] () -- C:\Users\Meghan\Desktop\cover sheet.docx
    [2010/11/07 18:23:19 | 320,003,711 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2010/11/06 08:24:13 | 000,001,070 | ---- | C] () -- C:\Users\Meghan\Desktop\EarMaster Pro 4.lnk
    [2010/11/05 21:45:05 | 000,009,728 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll
    [2010/11/03 12:52:16 | 004,367,872 | ---- | C] () -- C:\Users\Meghan\Desktop\Opera.ppt
    [2010/10/22 21:20:04 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
    [2010/07/24 11:55:55 | 000,000,601 | ---- | C] () -- C:\ProgramData\hpzinstall.log
    [2010/03/27 22:26:31 | 000,000,334 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/01/17 11:38:42 | 000,000,550 | ---- | C] () -- C:\Users\Meghan\AppData\Roaming\wklnhst.dat
    [2009/12/31 22:20:33 | 000,000,002 | -HS- | C] () -- C:\Users\Meghan\AppData\Roaming\evf2
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/03/18 16:14:32 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\Audacity
    [2010/03/11 07:22:01 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\AVG9
    [2010/11/21 13:18:22 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\BitTorrent
    [2010/07/17 23:34:45 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\DAEMON Tools Pro
    [2010/11/05 22:46:33 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\EarMaster
    [2010/07/19 14:51:43 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\FileZilla
    [2010/03/07 18:36:19 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\FMZilla
    [2010/03/16 11:26:01 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\OpenOffice.org
    [2010/07/18 09:38:44 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\Opera
    [2010/03/21 12:26:12 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\REAPER
    [2010/01/17 11:39:16 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\Template
    [2009/12/25 02:20:53 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\WildTangent
    [2010/11/10 08:18:21 | 000,028,634 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/11/05 13:11:19 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/11/21 18:08:46 | 1406,177,280 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/21 18:08:50 | 1874,907,136 | -HS- | M] () -- C:\pagefile.sys

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 12:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/25 01:23:12 | 000,000,221 | -HS- | M] () -- C:\Users\Meghan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/21 13:43:12 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Meghan\Desktop\mbam-setup-1.46.exe
    [2010/11/21 18:12:12 | 000,080,384 | ---- | M] () -- C:\Users\Meghan\Desktop\MBRCheck.exe
    [2010/11/21 18:16:45 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\OTL.exe
    [2010/11/21 14:03:41 | 000,296,448 | ---- | M] () -- C:\Users\Meghan\Desktop\qt9thgos.exe
    [2010/11/21 13:25:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Meghan\Desktop\TFC.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/04 14:41:08 | 000,000,402 | -HS- | M] () -- C:\Users\Meghan\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/07/24 12:12:41 | 000,000,601 | ---- | M] () -- C:\ProgramData\hpzinstall.log

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < >

    < End of report >
  10. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    OTL Extras logfile created on: 11/21/2010 6:21:00 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Meghan\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 60.00% Memory free
    3.00 Gb Paging File | 2.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 136.95 Gb Total Space | 79.78 Gb Free Space | 58.26% Space Free | Partition Type: NTFS

    Computer Name: MEGHAN-PC | User Name: Meghan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{33EB1061-ABF1-4470-A540-32E97A610536}" = Apple Mobile Device Support
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{41BF0DE4-5BAE-4B88-AFD3-86A30B222186}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{95C9C76F-ECF3-40FA-94F8-5DDFB6BAF40D}" = Microsoft Security Essentials
    "{9F560BEB-021F-43AC-825F-AA60442D8DE4}" = 64 Bit HP CIO Components Installer
    "{ACCA82EB-7088-919E-5E1C-100A24F11CCF}" = ATI Catalyst Install Manager
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{B812FCC0-6192-4BFA-A9C6-1E8578F255DA}" = iTunes
    "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
    "{E2FCA441-6D7B-CD78-3ADF-42EA9FA06065}" = ccc-utility64
    "{E62A1F01-07B7-4541-A835-EE5B0BF064C2}" = Microsoft Antimalware
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "SynTPDeinstKey" = Synaptics Pointing Device Driver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
    "{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
    "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
    "{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
    "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
    "{183F0908-AD5E-8B3B-5F06-28B1A8C65C62}" = CCC Help Japanese
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "{23E9588B-05ED-BC2F-EB69-101A96511EF1}" = ccc-core-static
    "{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "{2484D1EA-CBA4-60BB-82B9-F8477D25C47A}" = CCC Help Dutch
    "{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
    "{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
    "{29802D65-9514-DB20-36CD-E47A94C8AEB9}" = Catalyst Control Center Graphics Full Existing
    "{2F61E9D7-CD05-643E-A04E-CC1A8B6610BA}" = CCC Help Finnish
    "{2FA3CDD8-1436-497D-6339-789936561E99}" = CCC Help German
    "{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}" = Visual C++ 8.0 Runtime Setup Package (x64)
    "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    "{34123E80-BE96-6282-1167-6696730AF6D2}" = CCC Help Korean
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{3D20EF26-2E9A-D388-851D-E7675BBACFF5}" = Catalyst Control Center Core Implementation
    "{3D5044A5-97B8-45C0-B956-BB2376569188}" = Windows Live Movie Maker
    "{3DB0448D-AD82-4923-B305-D001E521A964}" = eMachines Power Management
    "{4024F49B-65D4-D6B2-2A1D-6DBF6F09F181}" = CCC Help Greek
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{49A63237-FD38-AE77-6DF6-FFB41499A4E6}" = CCC Help Hungarian
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F0FC827-B693-F166-612E-EA89D798540C}" = CCC Help Chinese Traditional
    "{52FBF90E-D2EF-A2A3-1CCA-6984596B1B02}" = CCC Help English
    "{628CBFE4-3823-67FB-26D2-566899C3BB5C}" = CCC Help Italian
    "{63F26DAE-CB0D-98B6-3019-D4FC3D0DD203}" = Catalyst Control Center InstallProxy
    "{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
    "{652EB559-6865-DEF4-2409-D506963C15FD}" = CCC Help Polish
    "{67E03279-F703-408F-B4BF-46B5FC8D70CD}" = Microsoft Works
    "{68987945-A387-4C25-0C59-21F2AF657E65}" = CCC Help Thai
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6ADD0603-16EF-400D-9F9E-486432835002}" = OpenOffice.org 3.2
    "{6B45E33B-6BB4-234B-2F5F-65B1A103801D}" = CCC Help Russian
    "{6B99737C-9FDC-50F9-C9A4-AB7DA5C9A336}" = Catalyst Control Center Graphics Full New
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{786C5747-1033-0000-B58E-000000000001}" = Adobe Stock Photos 1.0
    "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
    "{7BE74C0E-F300-D0A6-780B-C93BB78DE58C}" = CCC Help Norwegian
    "{7E75ACC5-B0EC-7006-183A-374974019911}" = Catalyst Control Center Graphics Light
    "{7F811A54-5A09-4579-90E1-C93498E230D9}" = eMachines Recovery Management
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{82809116-D1EE-443C-AE31-F19E709DDF7A}" = AMD USB Filter Driver
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8EDBA74D-0686-4C99-BFDD-F894678E5B39}" = Adobe Common File Installer
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = 2007 Microsoft Office Suite Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
    "{97124B44-C17B-C352-44B1-403D0D706173}" = CCC Help Czech
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9ACA8261-11D1-F8A1-C154-7F8B23515C79}" = CCC Help Swedish
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{A9574A7E-C024-EED1-7A81-CC4786A1915A}" = CCC Help Portuguese
    "{AA32D2A6-1299-0F05-BF8D-04075A9F69EB}" = CCC Help Turkish
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B74D4E10-6884-0000-0000-000000000103}" = Adobe Bridge 1.0
    "{BCC05B1F-7397-799A-9EDB-AC10123BB17A}" = CCC Help Chinese Standard
    "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
    "{BEF4FD8A-29FF-C250-468A-5FC55F0E3451}" = Catalyst Control Center Localization All
    "{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
    "{C716522C-3731-4667-8579-40B098294500}" = Toolbox
    "{CD95F661-A5C4-44F5-A6AA-ECDD91C240BB}" = WinZip 14.0
    "{CF7A62B6-F712-412E-9914-D80033A7F8B8}" = Catalyst Control Center - Branding
    "{D41301F8-90FD-9CE8-CD2C-ED2B9D5F07E3}" = CCC Help Spanish
    "{D43AD08C-BE76-8C5B-FD90-4B665EF60E2E}" = CCC Help Danish
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DA4CA661-5ABF-9218-6E42-84BF89F43655}" = CCC Help French
    "{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
    "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
    "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
    "{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}" = eBay Worldwide
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
    "{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
    "{E9787678-1033-0000-8E67-000000000001}" = Adobe Help Center 1.0
    "{EE171732-BEB4-4576-887D-CB62727F01CA}" = eMachines Updater
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}" = Adobe Photoshop CS2
    "BitTorrent" = BitTorrent
    "EarMaster Pro 4_is1" = EarMaster Pro 4
    "eMachines Registration" = eMachines Registration
    "eMachines Screensaver" = eMachines ScreenSaver
    "eMachines Welcome Center" = Welcome Center
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007
    "Identity Card" = Identity Card
    "InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
    "InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
    "LManager" = Launch Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "WildTangent emachines Master Uninstall" = eMachines Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "GoToMeeting" = GoToMeeting 4.5.0.457

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/14/2010 2:29:26 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7220865

    Error - 11/14/2010 2:29:28 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2010 2:29:28 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7222206

    Error - 11/14/2010 2:29:28 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7222206

    Error - 11/14/2010 2:29:29 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2010 2:29:29 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7223486

    Error - 11/14/2010 2:29:29 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7223486

    Error - 11/14/2010 2:35:15 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: Continuously busy for more than a second

    Error - 11/14/2010 2:35:15 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledEvent 7569761

    Error - 11/14/2010 2:35:15 PM | Computer Name = Meghan-PC | Source = Bonjour Service | ID = 100
    Description = Task Scheduling Error: m->NextScheduledSPRetry 7569761

    [ System Events ]
    Error - 9/18/2010 10:14:31 AM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/18/2010 5:01:48 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/18/2010 5:24:39 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/18/2010 5:49:01 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/18/2010 6:21:13 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/18/2010 9:38:29 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/19/2010 9:28:19 AM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/19/2010 9:59:44 AM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/19/2010 1:04:16 PM | Computer Name = Meghan-PC | Source = atikmdag | ID = 43029
    Description = Display is not active

    Error - 9/19/2010 1:04:19 PM | Computer Name = Meghan-PC | Source = Service Control Manager | ID = 7011
    Description = A timeout (30000 milliseconds) was reached while waiting for a transaction
    response from the ShellHWDetection service.


    < End of report >
  11. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Which browser is getting redirected?

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
      [2010/03/11 07:22:01 | 000,000,000 | ---D | M] -- C:\Users\Meghan\AppData\Roaming\AVG9
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    Check for redirections, please.
     
  12. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    I use Internet Explorer, so is that the browser that's being redirected? :/
  13. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Run the above fix and re-check for redirection.
  14. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    I'm a bit stuck with trying to remove the old Java version. I downloaded JavaRa and I clicked on 'Remove older versions of Java", and it gives me a few messages that I click 'ok' to. But then it tries searching for the C:/JavaRa.log file, but it cannot be found. It gives me the option to create a new file, but a blank Notepad pops up. Does that mean there's no older versions still installed?
  15. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Go to "Programs & Features" in Control Panel and uninstall any Java version, but Java 6 Update 22 (if anything listed).
  16. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    Only Java Update 22 is listed. Should I run OTL now?
  17. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Please do.
  18. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
    64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
    C:\Users\Meghan\AppData\Roaming\AVG9\cfgall folder moved successfully.
    C:\Users\Meghan\AppData\Roaming\AVG9 folder moved successfully.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Temp folder emptied: 26523238 bytes
    ->Temporary Internet Files folder emptied: 49599511 bytes
    ->Java cache emptied: 2027 bytes
    ->Flash cache emptied: 1091 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 549020 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 630272 bytes

    Total Files Cleaned = 74.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Meghan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11222010_064934

    Files\Folders moved on Reboot...
    C:\Users\Meghan\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  19. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    I just tried googling some random things and I'm still getting redirected to other websites...
  20. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Go Start>Run (Start search in Vista), type in:
    cmd
    Click OK (in Vista and Windows 7, while holding CTRL, and SHIFT, press Enter).

    In Command Prompt window, type in following commands, and hit Enter after each one:
    ipconfig /flushdns
    ipconfig /registerdns
    ipconfig /release
    ipconfig /renew
    net stop "dns client"
    net start "dns client"


    Turn the computer off.

    On your router, you'll find a pinhole marked "Reset".
    Keep pushing the hole, using a pencil, or a paperclip until all lights briefly come off and on.
    NOTE. Simple router disconnecting from a power source will NOT do.
    Restart computer and check for redirections.

    NOTE. You may need to re-check your router security settings, as described HERE
  21. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    Yes! So far I'm not being rediriected and pages from google are loading a lot faster. Thanks so much for your help!<3
  22. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Very good :)

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  23. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Windows Defender MSMpEng.exe
    Microsoft Security Essentials msseces.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    GREAT! (Not vulnerable to DNS cache poisoning)

    ``````````End of Log````````````
  24. Megcx

    Megcx Newcomer, in training Topic Starter Posts: 21

    The ESET online scaner found no threats. Also, last night I was working on a research project and I looked at about 10-20 sites from google, and only once was I redirected. I've checked a few other sites just now, but it so far I've only been redirected the one time.
  25. Broni

    Broni Malware Annihilator Posts: 46,171   +251

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.