TechSpot

Browser redirect and files hidden

By noodles79
Oct 10, 2011
  1. Hello!

    I did something stupid about a week ago, and clicked a bad hyperlink. Now my browser is in trouble. Google searches are being redirected to websites that are sketchy. Also, in the early stages, a lot of my music files were hidden, but I was able to fix that. Here are my scan logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7917

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/10/2011 1:52:11 PM
    mbam-log-2011-10-10 (13-52-11).txt

    Scan type: Quick scan
    Objects scanned: 195691
    Time elapsed: 3 minute(s), 15 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-10 14:44:44
    Windows 6.1.7601 Service Pack 1
    Running: opxtcvd4.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DK9FLRHC\iframe3[1].htm 692 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLH0PCUA\afr[1].htm 4068 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLH0PCUA\afr[2].htm 5573 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KLH0PCUA\data_sync[1].htm 26 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LII14C1E\cm[1].gif 42 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M37155AX\st[3] 4589 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUINQ6H0\afr[1].htm 959 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUINQ6H0\st[1] 4589 bytes
    File C:\Users\betsy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YJ5XWJSJ\ddc[1].htm 11616 bytes
    File C:\Users\betsy\AppData\Roaming\Microsoft\Windows\Cookies\C3BT2XOW.txt 2081 bytes
    File C:\Users\betsy\AppData\Roaming\Microsoft\Windows\Cookies\N6ZLHK0K.txt 133 bytes
    File C:\Users\betsy\AppData\Roaming\Microsoft\Windows\Cookies\OJAWFBZQ.txt 967 bytes
    File C:\Users\betsy\AppData\Roaming\Microsoft\Windows\Cookies\63DT6CAT.txt 110 bytes

    ---- EOF - GMER 1.0.15 ----


    S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-7-8 401920]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-10 1038088]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-10 17:46:36 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\Avira
    2011-10-10 17:18:09 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-10-10 17:18:08 -------- d-----w- C:\ProgramData\Avira
    2011-10-10 17:18:08 -------- d-----w- C:\Program Files (x86)\Avira
    2011-10-10 16:37:11 -------- d-----w- C:\ProgramData\Panda Security
    2011-10-10 16:37:01 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
    2011-10-10 16:26:01 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-10 15:57:43 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76873CFC-6482-4840-8FF2-83BAA5A0EEAD}\offreg.dll
    2011-10-09 16:27:50 -------- d-----w- C:\ProgramData\EA Logs
    2011-10-09 00:59:25 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\Malwarebytes
    2011-10-09 00:59:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-09 00:59:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-09 00:36:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-10-09 00:36:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-10-07 13:58:13 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{76873CFC-6482-4840-8FF2-83BAA5A0EEAD}\mpengine.dll
    2011-10-06 18:27:54 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-09-30 22:21:00 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-30 22:20:49 -------- d-----w- C:\ProgramData\!SASCORE
    .
    ==================== Find3M ====================
    .
    2011-09-07 16:03:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-13 15:53:11 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-13 15:53:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    .
    ============= FINISH: 14:54:54.04 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/9/2010 1:38:07 PM
    System Uptime: 10/10/2011 11:55:14 AM (3 hours ago)
    .
    Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | 785GTM-E45 (MS-7549)
    Processor: AMD Athlon(tm) II X4 620 Processor | CPU 1 | 2600/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 73 GiB total, 18.058 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 858 GiB total, 629.213 GiB free.
    F: is CDROM ()
    G: is FIXED (NTFS) - 298 GiB total, 168.607 GiB free.
    I: is Removable
    J: is Removable
    K: is Removable
    L: is Removable
    M: is FIXED (NTFS) - 466 GiB total, 240.105 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    ĀµTorrent
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Download Manager
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.1)
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Amazon Games & Software Downloader
    Apple Application Support
    Apple Software Update
    AVCWare Ringtone Maker
    Avira AntiVir Personal - Free Antivirus
    BlackBerry App World Browser Plugin
    BlackBerry Desktop Software 6.0.1
    Bulkr
    Canon Camera Access Library
    Canon Camera Support Core Library
    Canon Camera Window DC_DV 5 for ZoomBrowser EX
    Canon Camera Window DC_DV 6 for ZoomBrowser EX
    Canon Camera Window MC 6 for ZoomBrowser EX
    Canon RAW Image Task for ZoomBrowser EX
    Canon RemoteCapture Task for ZoomBrowser EX
    Canon Utilities Digital Photo Professional 3.10
    Canon Utilities EOS Utility
    Canon Utilities PhotoStitch
    Canon Utilities ZoomBrowser EX
    CanoScan Toolbox Ver4.1
    Connect
    D3DX10
    DivX Setup
    FINAL FANTASY XI
    FINAL FANTASY XI: Chains of Promathia
    FINAL FANTASY XI: Rise of the Zilart
    FINAL FANTASY XI: Treasures of Aht Urhgan
    FINAL FANTASY XI: Wings of the Goddess
    FINAL FANTASY XIV
    Fraps
    GDPAddinSetup
    GDPHome
    Gregg College Keyboarding & Document Processing Home 10
    High-Definition Video Playback
    HP Deskjet 3000 J310 series Help
    Java Auto Updater
    Java(TM) 6 Update 23
    Juniper Networks Host Checker
    Juniper Networks Setup Client
    Juniper Networks Setup Client Activex Control
    kuler
    Malwarebytes' Anti-Malware version 1.51.2.1300
    MicroDicom 0.2.2
    Microsoft .NET Framework 1.1
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft WSE 3.0 Runtime
    Migratr
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB973685)
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero Kwik Media
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    NeroKwikMedia Help (CHM)
    neroxml
    Neverwinter Nights 2
    NVIDIA 3D Vision Controller Driver
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    Panda USB Vaccine 1.0.1.4
    PDF Settings CS4
    Photoshop Camera Raw
    Picasa 3
    PlayOnline Viewer & Tetra Master
    PMB
    PMB Updater
    Prism Video File Converter
    QuickTime
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Sony Image Data Suite
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    TI Connect 1.6
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2553110)
    VC80CRTRedist - 8.0.50727.4053
    VideoPad Video Editor
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinRAR 4.00 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/9/2011 8:08:36 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    10/9/2011 3:50:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 11:17:26 AM, Error: Service Control Manager [7034] - The Canon Camera Access Library 8 service terminated unexpectedly. It has done this 1 time(s).
    10/9/2011 1:51:35 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
    10/9/2011 1:43:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/9/2011 1:43:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/9/2011 1:43:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/9/2011 1:43:11 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/9/2011 1:43:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/9/2011 1:43:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC DhaHelper discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx VWiFiFlt Wanarpv6 WfpLwf
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/9/2011 1:42:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/7/2011 10:51:14 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR9.
    10/7/2011 10:14:37 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR8.
    10/10/2011 11:55:35 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: DhaHelper
    10/10/2011 11:55:20 AM, Error: Application Popup [1060] - \??\C:\Windows\SysWow64\drivers\dhahelper.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
    10/10/2011 1:18:31 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for Start with the following error: Access is denied.
    .
    ==== End Of File ===========================

    Thanks in advance!
     
  2. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    DDS.txt log is incomplete.
    Please repost it.
     
  3. noodles79

    noodles79 TS Rookie Topic Starter

    Sorry about that, I will try again..
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_23
    Run by Besty Wirgan at 11:26:55 on 2011-10-11
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2625 [GMT -4:00]
    .
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Canon\CAL\CALMAIN.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Nero\Update\NASvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    uRun: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    uRun: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe -mini
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
    DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{14C5C162-DC00-4E74-BD51-032E3408EE22} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{C6A76560-6C8B-4366-A619-E97220CE002C} : DhcpNameServer = 72.240.13.7 72.240.13.6 156.154.70.43
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
    BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
    mRun-x64: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    mRun-x64: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=
    FF - component: C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
    FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
    FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
    FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-18 140672]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-10 136360]
    R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-10 269480]
    R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
    R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-3-29 598312]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-26 2255464]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-3-15 428384]
    R2 RalinkRegistryWriter64;Ralink Registry Writer 64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2010-12-9 211232]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys --> C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-7-8 401920]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-10 1038088]
    S3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;C:\Windows\system32\DRIVERS\libusb0.sys --> C:\Windows\system32\DRIVERS\libusb0.sys [?]
    S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\system32\DRIVERS\MijXfilt.sys --> C:\Windows\system32\DRIVERS\MijXfilt.sys [?]
    S3 nosGetPlusHelper;getPlus(R) Helper 3004;C:\Windows\System32\svchost.exe -k nosGetPlusHelper [2009-7-13 20992]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;C:\Windows\system32\DRIVERS\tinspusb.sys --> C:\Windows\system32\DRIVERS\tinspusb.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-11 15:18:39 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7B6B00B-95AA-498A-81F1-B8BF9F86CE38}\offreg.dll
    2011-10-11 15:18:38 9049936 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C7B6B00B-95AA-498A-81F1-B8BF9F86CE38}\mpengine.dll
    2011-10-10 17:46:36 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\Avira
    2011-10-10 17:18:09 88288 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
    2011-10-10 17:18:08 -------- d-----w- C:\ProgramData\Avira
    2011-10-10 17:18:08 -------- d-----w- C:\Program Files (x86)\Avira
    2011-10-10 16:37:11 -------- d-----w- C:\ProgramData\Panda Security
    2011-10-10 16:37:01 -------- d-----w- C:\Program Files (x86)\Panda USB Vaccine
    2011-10-10 16:26:01 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-09 16:27:50 -------- d-----w- C:\ProgramData\EA Logs
    2011-10-09 00:59:25 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\Malwarebytes
    2011-10-09 00:59:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-10-09 00:59:08 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-10-09 00:36:19 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-10-09 00:36:19 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-10-06 18:27:54 200976 ----a-w- C:\Windows\SysWow64\drivers\tmcomm.sys
    2011-09-30 22:21:00 -------- d-----w- C:\Users\Besty Wirgan\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-30 22:20:49 -------- d-----w- C:\ProgramData\!SASCORE
    .
    ==================== Find3M ====================
    .
    2011-09-07 16:03:41 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-03 07:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    2011-07-22 05:42:23 2303488 ----a-w- C:\Windows\System32\jscript9.dll
    2011-07-22 05:36:16 1389056 ----a-w- C:\Windows\System32\wininet.dll
    2011-07-22 05:32:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-07-22 02:54:43 1797632 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-07-22 02:48:26 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-07-22 02:44:36 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-07-13 15:53:11 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-07-13 15:53:11 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    .
    ============= FINISH: 11:34:36.73 ===============
     
  4. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  5. noodles79

    noodles79 TS Rookie Topic Starter

    ComboFix 11-10-11.02 - Besty Wirgan 10/11/2011 12:36:06.1.4 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4095.2685 [GMT -4:00]
    Running from: c:\users\Besty Wirgan\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    E:\setup.exe
    M:\Autorun.inf
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-11 to 2011-10-11 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-11 17:11 . 2011-10-11 17:11 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7B6B00B-95AA-498A-81F1-B8BF9F86CE38}\offreg.dll
    2011-10-11 17:06 . 2011-10-11 17:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-10-11 17:06 . 2011-10-11 17:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-11 15:18 . 2011-09-13 00:26 9049936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C7B6B00B-95AA-498A-81F1-B8BF9F86CE38}\mpengine.dll
    2011-10-10 17:46 . 2011-10-10 17:46 -------- d-----w- c:\users\Besty Wirgan\AppData\Roaming\Avira
    2011-10-10 17:18 . 2011-07-21 16:15 123784 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-10-10 17:18 . 2011-07-21 16:15 88288 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-10-10 17:18 . 2011-10-10 17:18 -------- d-----w- c:\programdata\Avira
    2011-10-10 17:18 . 2011-10-10 17:18 -------- d-----w- c:\program files (x86)\Avira
    2011-10-10 16:37 . 2011-10-10 16:37 -------- d-----w- c:\programdata\Panda Security
    2011-10-10 16:37 . 2011-10-10 16:37 -------- d-----w- c:\program files (x86)\Panda USB Vaccine
    2011-10-10 16:26 . 2011-10-10 16:26 -------- d-----w- C:\TDSSKiller_Quarantine
    2011-10-09 16:27 . 2011-10-09 16:27 -------- d-----w- c:\programdata\EA Logs
    2011-10-09 00:59 . 2011-10-09 00:59 -------- d-----w- c:\users\Besty Wirgan\AppData\Roaming\Malwarebytes
    2011-10-09 00:59 . 2011-10-09 00:59 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-09 00:59 . 2011-10-09 00:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2011-10-09 00:36 . 2011-10-09 00:52 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-09 00:36 . 2011-10-09 00:38 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2011-10-06 18:27 . 2011-06-21 04:09 200976 ----a-w- c:\windows\SysWow64\drivers\tmcomm.sys
    2011-09-30 22:21 . 2011-09-30 22:21 -------- d-----w- c:\users\Besty Wirgan\AppData\Roaming\SUPERAntiSpyware.com
    2011-09-30 22:20 . 2011-09-30 22:20 -------- d-----w- c:\programdata\!SASCORE
    2011-09-20 14:58 . 2011-09-20 14:58 -------- d-----w- c:\windows\Sun
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-09-07 16:03 . 2011-05-13 15:35 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-08-03 11:50 . 2011-04-08 03:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-04-08 03:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2011-04-08 03:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-03 11:50 . 2011-04-08 03:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-04-08 03:19 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-08-03 11:50 . 2010-12-09 18:55 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-08-03 11:50 . 2010-12-09 18:55 2758760 ----a-w- c:\windows\system32\nvapi64.dll
    2011-08-03 11:50 . 2010-07-09 21:27 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-08-03 07:31 . 2011-08-03 07:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    2011-07-22 05:42 . 2011-08-11 05:13 2303488 ----a-w- c:\windows\system32\jscript9.dll
    2011-07-22 05:36 . 2011-08-11 05:12 1389056 ----a-w- c:\windows\system32\wininet.dll
    2011-07-22 05:32 . 2011-08-11 05:13 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-07-22 02:54 . 2011-08-11 05:13 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
    2011-07-22 02:48 . 2011-08-11 05:12 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
    2011-07-22 02:44 . 2011-08-11 05:13 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-07-16 05:41 . 2011-08-10 15:46 362496 ----a-w- c:\windows\system32\wow64win.dll
    2011-07-16 05:41 . 2011-08-10 15:46 243200 ----a-w- c:\windows\system32\wow64.dll
    2011-07-16 05:41 . 2011-08-10 15:46 13312 ----a-w- c:\windows\system32\wow64cpu.dll
    2011-07-16 05:39 . 2011-08-10 15:46 16384 ----a-w- c:\windows\system32\ntvdm64.dll
    2011-07-16 05:37 . 2011-08-10 15:46 421888 ----a-w- c:\windows\system32\KernelBase.dll
    2011-07-16 05:21 . 2011-08-10 15:46 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 05:21 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 04:29 . 2011-08-10 15:46 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
    2011-07-16 04:26 . 2011-08-10 15:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2011-07-16 04:25 . 2011-08-10 15:46 25600 ----a-w- c:\windows\SysWow64\setup16.exe
    2011-07-16 04:24 . 2011-08-10 15:46 5120 ----a-w- c:\windows\SysWow64\wow32.dll
    2011-07-16 04:24 . 2011-08-10 15:46 272384 ----a-w- c:\windows\SysWow64\KernelBase.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
    2011-07-16 04:15 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
    2011-07-16 02:21 . 2011-08-10 15:46 7680 ----a-w- c:\windows\SysWow64\instnm.exe
    2011-07-16 02:21 . 2011-08-10 15:46 2048 ----a-w- c:\windows\SysWow64\user.exe
    2011-07-16 02:17 . 2011-08-10 15:46 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 15:46 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 15:46 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-07-16 02:17 . 2011-08-10 15:46 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DS3 Tool"="c:\program files\MotioninJoy\ds3\DS3_Tool.exe" [2011-01-01 110352]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-09-30 5492096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
    "DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
    "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
    "NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-04-08 1406248]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
    R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-10 1038088]
    R3 libusb0;LibUsb-Win32 - Kernel Driver 03/20/2007, 0.1.12.1;c:\windows\system32\DRIVERS\libusb0.sys [x]
    R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys [x]
    R3 MSICDSetup;MSICDSetup;F:\CDriver64.sys [x]
    R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [2009-07-14 27136]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 USBTINSP;TI-Nspire(TM) Handheld or TI Network Bridge Device Driver;c:\windows\system32\DRIVERS\tinspusb.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-09-30 140672]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-03-29 598312]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
    S2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [2009-07-15 211232]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 ALSysIO;ALSysIO;c:\users\BESTYW~1\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-06 8158240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,7c,0c,cc,88,47,d5,48,82,49,c3,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,f4,7c,0c,cc,88,47,d5,48,82,49,c3,\
    .
    [HKEY_USERS\S-1-5-21-2864006334-3454763267-3216989857-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    @Allowed: (Read) (RestrictedCode)
    "??"=hex:a2,04,83,a0,68,69,e8,af,92,06,11,14,0f,ee,72,d9,bc,47,35,1d,58,00,e0,
    f0,32,c4,71,53,3a,19,28,e3,58,14,19,56,0f,48,b9,71,39,82,5f,58,0a,4a,00,45,\
    "??"=hex:be,08,25,10,f8,f6,c6,2c,ef,74,6a,28,7c,82,5d,34
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Bonjour\mDNSResponder.exe
    c:\program files (x86)\Canon\CAL\CALMAIN.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-11 13:31:01 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-11 17:30
    .
    Pre-Run: 17,739,870,208 bytes free
    Post-Run: 17,803,792,384 bytes free
    .
    - - End Of File - - 943A88987794783196458E42BCEAE899
     
  6. noodles79

    noodles79 TS Rookie Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 12:05:44
    -----------------------------
    12:05:44.051 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:05:44.051 Number of processors: 4 586 0x502
    12:05:44.051 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    12:05:45.748 Initialize success
    12:06:48.553 AVAST engine defs: 11101101
    12:07:07.804 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 13:34:49
    -----------------------------
    13:34:49.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:49.284 Number of processors: 4 586 0x502
    13:34:49.284 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    13:34:50.111 Initialize success
    13:36:48.602 AVAST engine defs: 11101101
    13:37:13.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4
    13:37:13.230 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
    13:37:13.230 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    13:37:13.230 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
    13:37:13.245 Disk 0 MBR read successfully
    13:37:13.245 Disk 0 MBR scan
    13:37:13.261 Disk 0 MBR:Alureon-I [Rtk]
    13:37:13.261 Disk 0 TDL4@MBR code has been found
    13:37:13.261 Disk 0 Windows 7 default MBR code found via API
    13:37:13.261 Disk 0 MBR hidden
    13:37:13.261 Disk 0 MBR [TDL4] **ROOTKIT**
    13:37:13.261 Disk 0 trace - called modules:
    13:37:13.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a31254]<<
    13:37:13.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1c060]
    13:37:13.776 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047a29b0]
    13:37:13.791 5 ACPI.sys[fffff88000e767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa80047bb060]
    13:37:13.807 \Driver\atapi[0xfffffa80046a5300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a31254
    13:37:14.763 AVAST engine scan C:\Windows
    13:37:19.354 AVAST engine scan C:\Windows\system32
    13:39:13.561 AVAST engine scan C:\Windows\system32\drivers
    13:39:24.122 AVAST engine scan C:\Users\Besty Wirgan
    13:39:32.515 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:39:32.530 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 13:34:49
    -----------------------------
    13:34:49.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:49.284 Number of processors: 4 586 0x502
    13:34:49.284 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    13:34:50.111 Initialize success
    13:36:48.602 AVAST engine defs: 11101101
    13:37:13.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4
    13:37:13.230 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
    13:37:13.230 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    13:37:13.230 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
    13:37:13.245 Disk 0 MBR read successfully
    13:37:13.245 Disk 0 MBR scan
    13:37:13.261 Disk 0 MBR:Alureon-I [Rtk]
    13:37:13.261 Disk 0 TDL4@MBR code has been found
    13:37:13.261 Disk 0 Windows 7 default MBR code found via API
    13:37:13.261 Disk 0 MBR hidden
    13:37:13.261 Disk 0 MBR [TDL4] **ROOTKIT**
    13:37:13.261 Disk 0 trace - called modules:
    13:37:13.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a31254]<<
    13:37:13.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1c060]
    13:37:13.776 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047a29b0]
    13:37:13.791 5 ACPI.sys[fffff88000e767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa80047bb060]
    13:37:13.807 \Driver\atapi[0xfffffa80046a5300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a31254
    13:37:14.763 AVAST engine scan C:\Windows
    13:37:19.354 AVAST engine scan C:\Windows\system32
    13:39:13.561 AVAST engine scan C:\Windows\system32\drivers
    13:39:24.122 AVAST engine scan C:\Users\Besty Wirgan
    13:39:32.515 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:39:32.530 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"
    13:42:18.969 AVAST engine scan C:\ProgramData
    13:43:07.406 Scan finished successfully
    13:43:25.202 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:43:25.202 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"
     
  7. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  8. noodles79

    noodles79 TS Rookie Topic Starter

    14:28:16.0947 3372 TDSS rootkit removing tool 2.6.7.0 Oct 10 2011 09:40:06
    14:28:17.0317 3372 ============================================================
    14:28:17.0317 3372 Current date / time: 2011/10/11 14:28:17.0317
    14:28:17.0317 3372 SystemInfo:
    14:28:17.0317 3372
    14:28:17.0317 3372 OS Version: 6.1.7601 ServicePack: 1.0
    14:28:17.0317 3372 Product type: Workstation
    14:28:17.0317 3372 ComputerName: BESTYWIRGAN-PC
    14:28:17.0318 3372 UserName: Besty Wirgan
    14:28:17.0318 3372 Windows directory: C:\Windows
    14:28:17.0318 3372 System windows directory: C:\Windows
    14:28:17.0318 3372 Running under WOW64
    14:28:17.0318 3372 Processor architecture: Intel x64
    14:28:17.0318 3372 Number of processors: 4
    14:28:17.0318 3372 Page size: 0x1000
    14:28:17.0318 3372 Boot type: Normal boot
    14:28:17.0318 3372 ============================================================
    14:28:23.0036 3372 Initialize success
    14:28:25.0327 4844 ============================================================
    14:28:25.0327 4844 Scan started
    14:28:25.0327 4844 Mode: Manual;
    14:28:25.0327 4844 ============================================================
    14:28:26.0073 4844 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    14:28:26.0078 4844 1394ohci - ok
    14:28:26.0105 4844 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    14:28:26.0112 4844 ACPI - ok
    14:28:26.0131 4844 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    14:28:26.0132 4844 AcpiPmi - ok
    14:28:26.0162 4844 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
    14:28:26.0165 4844 adfs - ok
    14:28:26.0235 4844 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    14:28:26.0244 4844 adp94xx - ok
    14:28:26.0361 4844 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    14:28:26.0368 4844 adpahci - ok
    14:28:26.0395 4844 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    14:28:26.0399 4844 adpu320 - ok
    14:28:26.0462 4844 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    14:28:26.0472 4844 AFD - ok
    14:28:26.0581 4844 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    14:28:26.0583 4844 agp440 - ok
    14:28:26.0604 4844 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    14:28:26.0606 4844 aliide - ok
    14:28:26.0669 4844 ALSysIO - ok
    14:28:26.0727 4844 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    14:28:26.0729 4844 amdide - ok
    14:28:26.0766 4844 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    14:28:26.0769 4844 AmdK8 - ok
    14:28:26.0858 4844 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    14:28:26.0859 4844 AmdPPM - ok
    14:28:26.0885 4844 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    14:28:26.0888 4844 amdsata - ok
    14:28:26.0909 4844 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    14:28:26.0914 4844 amdsbs - ok
    14:28:26.0931 4844 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    14:28:26.0933 4844 amdxata - ok
    14:28:27.0086 4844 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    14:28:27.0088 4844 AppID - ok
    14:28:27.0174 4844 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    14:28:27.0177 4844 arc - ok
    14:28:27.0198 4844 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    14:28:27.0201 4844 arcsas - ok
    14:28:27.0243 4844 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    14:28:27.0244 4844 AsyncMac - ok
    14:28:27.0336 4844 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    14:28:27.0338 4844 atapi - ok
    14:28:27.0381 4844 avgntflt (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
    14:28:27.0382 4844 avgntflt - ok
    14:28:27.0404 4844 avipbb (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
    14:28:27.0406 4844 avipbb - ok
    14:28:27.0452 4844 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    14:28:27.0458 4844 b06bdrv - ok
    14:28:27.0473 4844 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    14:28:27.0476 4844 b57nd60a - ok
    14:28:27.0499 4844 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    14:28:27.0499 4844 Beep - ok
    14:28:27.0670 4844 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    14:28:27.0672 4844 blbdrive - ok
    14:28:27.0741 4844 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    14:28:27.0743 4844 bowser - ok
    14:28:27.0759 4844 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    14:28:27.0761 4844 BrFiltLo - ok
    14:28:27.0780 4844 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    14:28:27.0781 4844 BrFiltUp - ok
    14:28:27.0872 4844 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    14:28:27.0877 4844 Brserid - ok
    14:28:27.0926 4844 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    14:28:27.0927 4844 BrSerWdm - ok
    14:28:27.0955 4844 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    14:28:27.0956 4844 BrUsbMdm - ok
    14:28:27.0974 4844 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    14:28:27.0975 4844 BrUsbSer - ok
    14:28:27.0991 4844 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    14:28:27.0992 4844 BTHMODEM - ok
    14:28:28.0133 4844 catchme - ok
    14:28:28.0247 4844 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    14:28:28.0249 4844 cdfs - ok
    14:28:28.0328 4844 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    14:28:28.0332 4844 cdrom - ok
    14:28:28.0368 4844 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    14:28:28.0370 4844 circlass - ok
    14:28:28.0400 4844 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    14:28:28.0406 4844 CLFS - ok
    14:28:28.0535 4844 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    14:28:28.0537 4844 CmBatt - ok
    14:28:28.0554 4844 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    14:28:28.0556 4844 cmdide - ok
    14:28:28.0600 4844 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    14:28:28.0606 4844 CNG - ok
    14:28:28.0626 4844 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    14:28:28.0627 4844 Compbatt - ok
    14:28:28.0762 4844 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    14:28:28.0764 4844 CompositeBus - ok
    14:28:28.0804 4844 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    14:28:28.0806 4844 crcdisk - ok
    14:28:28.0927 4844 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    14:28:28.0930 4844 DfsC - ok
    14:28:28.0951 4844 DhaHelper - ok
    14:28:28.0976 4844 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    14:28:28.0977 4844 discache - ok
    14:28:29.0082 4844 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    14:28:29.0084 4844 Disk - ok
    14:28:29.0143 4844 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    14:28:29.0144 4844 drmkaud - ok
    14:28:29.0187 4844 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    14:28:29.0198 4844 DXGKrnl - ok
    14:28:29.0347 4844 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    14:28:29.0379 4844 ebdrv - ok
    14:28:29.0450 4844 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    14:28:29.0461 4844 elxstor - ok
    14:28:29.0554 4844 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    14:28:29.0555 4844 ErrDev - ok
    14:28:29.0624 4844 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    14:28:29.0629 4844 exfat - ok
    14:28:29.0726 4844 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    14:28:29.0730 4844 fastfat - ok
    14:28:29.0790 4844 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    14:28:29.0792 4844 fdc - ok
    14:28:29.0817 4844 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    14:28:29.0819 4844 FileInfo - ok
    14:28:29.0870 4844 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    14:28:29.0871 4844 Filetrace - ok
    14:28:29.0971 4844 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    14:28:29.0972 4844 flpydisk - ok
    14:28:30.0019 4844 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    14:28:30.0025 4844 FltMgr - ok
    14:28:30.0097 4844 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    14:28:30.0099 4844 FsDepends - ok
    14:28:30.0117 4844 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    14:28:30.0118 4844 Fs_Rec - ok
    14:28:30.0210 4844 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    14:28:30.0215 4844 fvevol - ok
    14:28:30.0236 4844 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    14:28:30.0238 4844 gagp30kx - ok
    14:28:30.0269 4844 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    14:28:30.0272 4844 GEARAspiWDM - ok
    14:28:30.0347 4844 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    14:28:30.0348 4844 hcw85cir - ok
    14:28:30.0397 4844 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    14:28:30.0404 4844 HdAudAddService - ok
    14:28:30.0508 4844 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    14:28:30.0510 4844 HDAudBus - ok
    14:28:30.0535 4844 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    14:28:30.0537 4844 HidBatt - ok
    14:28:30.0581 4844 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    14:28:30.0584 4844 HidBth - ok
    14:28:30.0600 4844 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    14:28:30.0601 4844 HidIr - ok
    14:28:30.0736 4844 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    14:28:30.0738 4844 HidUsb - ok
    14:28:30.0791 4844 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    14:28:30.0793 4844 HpSAMD - ok
    14:28:30.0835 4844 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    14:28:30.0845 4844 HTTP - ok
    14:28:30.0860 4844 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    14:28:30.0862 4844 hwpolicy - ok
    14:28:30.0955 4844 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    14:28:30.0958 4844 i8042prt - ok
    14:28:31.0019 4844 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    14:28:31.0027 4844 iaStorV - ok
    14:28:31.0059 4844 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    14:28:31.0061 4844 iirsp - ok
    14:28:31.0223 4844 IntcAzAudAddService (ee64207f2f5c20bfe5f73db2566c4601) C:\Windows\system32\drivers\RTKVHD64.sys
    14:28:31.0246 4844 IntcAzAudAddService - ok
    14:28:31.0295 4844 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    14:28:31.0296 4844 intelide - ok
    14:28:31.0323 4844 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    14:28:31.0324 4844 intelppm - ok
    14:28:31.0465 4844 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    14:28:31.0468 4844 IpFilterDriver - ok
    14:28:31.0494 4844 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    14:28:31.0496 4844 IPMIDRV - ok
    14:28:31.0529 4844 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    14:28:31.0532 4844 IPNAT - ok
    14:28:31.0579 4844 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    14:28:31.0580 4844 IRENUM - ok
    14:28:31.0687 4844 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    14:28:31.0689 4844 isapnp - ok
    14:28:31.0718 4844 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    14:28:31.0723 4844 iScsiPrt - ok
    14:28:31.0753 4844 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    14:28:31.0755 4844 kbdclass - ok
    14:28:31.0776 4844 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
    14:28:31.0778 4844 kbdhid - ok
    14:28:31.0829 4844 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    14:28:31.0832 4844 KSecDD - ok
    14:28:31.0869 4844 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    14:28:31.0872 4844 KSecPkg - ok
    14:28:31.0963 4844 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    14:28:31.0965 4844 ksthunk - ok
    14:28:32.0033 4844 libusb0 (7e51c8cfafbb674184097a4147f4699c) C:\Windows\system32\DRIVERS\libusb0.sys
    14:28:32.0034 4844 libusb0 - ok
    14:28:32.0080 4844 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    14:28:32.0082 4844 lltdio - ok
    14:28:32.0120 4844 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    14:28:32.0123 4844 LSI_FC - ok
    14:28:32.0138 4844 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    14:28:32.0139 4844 LSI_SAS - ok
    14:28:32.0237 4844 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    14:28:32.0239 4844 LSI_SAS2 - ok
    14:28:32.0270 4844 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    14:28:32.0273 4844 LSI_SCSI - ok
    14:28:32.0300 4844 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    14:28:32.0302 4844 luafv - ok
    14:28:32.0348 4844 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    14:28:32.0350 4844 megasas - ok
    14:28:32.0374 4844 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    14:28:32.0378 4844 MegaSR - ok
    14:28:32.0486 4844 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    14:28:32.0487 4844 Modem - ok
    14:28:32.0515 4844 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    14:28:32.0516 4844 monitor - ok
    14:28:32.0558 4844 MotioninJoyXFilter (fc44ad48746ffa5fd640ef1260ab5ec2) C:\Windows\system32\DRIVERS\MijXfilt.sys
    14:28:32.0560 4844 MotioninJoyXFilter - ok
    14:28:32.0607 4844 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    14:28:32.0608 4844 mouclass - ok
    14:28:32.0627 4844 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    14:28:32.0629 4844 mouhid - ok
    14:28:32.0657 4844 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    14:28:32.0659 4844 mountmgr - ok
    14:28:32.0740 4844 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    14:28:32.0743 4844 mpio - ok
    14:28:32.0768 4844 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    14:28:32.0771 4844 mpsdrv - ok
    14:28:32.0811 4844 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    14:28:32.0813 4844 MRxDAV - ok
    14:28:32.0860 4844 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    14:28:32.0862 4844 mrxsmb - ok
    14:28:32.0957 4844 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    14:28:32.0963 4844 mrxsmb10 - ok
    14:28:32.0986 4844 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    14:28:32.0989 4844 mrxsmb20 - ok
    14:28:33.0029 4844 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    14:28:33.0030 4844 msahci - ok
    14:28:33.0058 4844 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    14:28:33.0060 4844 msdsm - ok
    14:28:33.0110 4844 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    14:28:33.0111 4844 Msfs - ok
    14:28:33.0184 4844 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    14:28:33.0186 4844 mshidkmdf - ok
    14:28:33.0201 4844 MSICDSetup - ok
    14:28:33.0219 4844 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    14:28:33.0220 4844 msisadrv - ok
    14:28:33.0253 4844 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    14:28:33.0254 4844 MSKSSRV - ok
    14:28:33.0262 4844 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    14:28:33.0263 4844 MSPCLOCK - ok
    14:28:33.0272 4844 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    14:28:33.0272 4844 MSPQM - ok
    14:28:33.0299 4844 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    14:28:33.0302 4844 MsRPC - ok
    14:28:33.0408 4844 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    14:28:33.0409 4844 mssmbios - ok
    14:28:33.0433 4844 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    14:28:33.0434 4844 MSTEE - ok
    14:28:33.0456 4844 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    14:28:33.0458 4844 MTConfig - ok
    14:28:33.0485 4844 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    14:28:33.0488 4844 Mup - ok
    14:28:33.0601 4844 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    14:28:33.0608 4844 NativeWifiP - ok
    14:28:33.0683 4844 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    14:28:33.0692 4844 NDIS - ok
    14:28:33.0727 4844 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    14:28:33.0728 4844 NdisCap - ok
    14:28:33.0806 4844 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    14:28:33.0808 4844 NdisTapi - ok
    14:28:33.0836 4844 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    14:28:33.0839 4844 Ndisuio - ok
    14:28:33.0884 4844 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    14:28:33.0888 4844 NdisWan - ok
    14:28:33.0919 4844 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    14:28:33.0921 4844 NDProxy - ok
    14:28:33.0973 4844 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    14:28:33.0975 4844 NetBIOS - ok
    14:28:34.0010 4844 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    14:28:34.0015 4844 NetBT - ok
    14:28:34.0152 4844 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    14:28:34.0154 4844 nfrd960 - ok
    14:28:34.0214 4844 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    14:28:34.0216 4844 Npfs - ok
    14:28:34.0253 4844 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    14:28:34.0255 4844 nsiproxy - ok
    14:28:34.0377 4844 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    14:28:34.0398 4844 Ntfs - ok
    14:28:34.0496 4844 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    14:28:34.0498 4844 Null - ok
    14:28:34.0540 4844 NVHDA (960e39a54e525df58cb29193147dffa1) C:\Windows\system32\drivers\nvhda64v.sys
    14:28:34.0544 4844 NVHDA - ok
    14:28:34.0767 4844 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    14:28:34.0935 4844 nvlddmkm - ok
    14:28:35.0054 4844 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    14:28:35.0058 4844 nvraid - ok
    14:28:35.0081 4844 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    14:28:35.0083 4844 nvstor - ok
    14:28:35.0128 4844 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    14:28:35.0129 4844 nv_agp - ok
    14:28:35.0149 4844 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    14:28:35.0150 4844 ohci1394 - ok
    14:28:35.0296 4844 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    14:28:35.0299 4844 Parport - ok
    14:28:35.0329 4844 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    14:28:35.0332 4844 partmgr - ok
    14:28:35.0373 4844 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    14:28:35.0378 4844 pci - ok
    14:28:35.0465 4844 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    14:28:35.0467 4844 pciide - ok
    14:28:35.0515 4844 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    14:28:35.0519 4844 pcmcia - ok
    14:28:35.0543 4844 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    14:28:35.0545 4844 pcw - ok
    14:28:35.0579 4844 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    14:28:35.0591 4844 PEAUTH - ok
    14:28:35.0831 4844 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    14:28:35.0834 4844 PptpMiniport - ok
    14:28:35.0914 4844 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    14:28:35.0917 4844 Processor - ok
    14:28:36.0005 4844 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    14:28:36.0009 4844 Psched - ok
    14:28:36.0120 4844 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    14:28:36.0148 4844 ql2300 - ok
    14:28:36.0167 4844 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    14:28:36.0169 4844 ql40xx - ok
    14:28:36.0187 4844 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    14:28:36.0188 4844 QWAVEdrv - ok
    14:28:36.0316 4844 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    14:28:36.0317 4844 RasAcd - ok
    14:28:36.0358 4844 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    14:28:36.0360 4844 RasAgileVpn - ok
    14:28:36.0391 4844 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    14:28:36.0393 4844 Rasl2tp - ok
    14:28:36.0414 4844 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    14:28:36.0416 4844 RasPppoe - ok
    14:28:36.0434 4844 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    14:28:36.0436 4844 RasSstp - ok
    14:28:36.0568 4844 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    14:28:36.0574 4844 rdbss - ok
    14:28:36.0599 4844 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    14:28:36.0601 4844 rdpbus - ok
    14:28:36.0619 4844 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    14:28:36.0621 4844 RDPCDD - ok
    14:28:36.0657 4844 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    14:28:36.0659 4844 RDPENCDD - ok
    14:28:36.0682 4844 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    14:28:36.0684 4844 RDPREFMP - ok
    14:28:36.0721 4844 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    14:28:36.0724 4844 RDPWD - ok
    14:28:36.0856 4844 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    14:28:36.0861 4844 rdyboost - ok
    14:28:36.0908 4844 RimUsb (71700b4c5797da5412e9250e26894586) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    14:28:36.0910 4844 RimUsb - ok
    14:28:36.0950 4844 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
    14:28:36.0952 4844 RimVSerPort - ok
    14:28:37.0068 4844 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
    14:28:37.0070 4844 ROOTMODEM - ok
    14:28:37.0121 4844 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    14:28:37.0122 4844 rspndr - ok
    14:28:37.0152 4844 RT2500 - ok
    14:28:37.0185 4844 rt61x64 (60eb8a87357ca5b088b422d1e55a2405) C:\Windows\system32\DRIVERS\WMP54Gv41x64.sys
    14:28:37.0190 4844 rt61x64 - ok
    14:28:37.0299 4844 RTL8167 (baefee35d27a5440d35092ce10267bec) C:\Windows\system32\DRIVERS\Rt64win7.sys
    14:28:37.0304 4844 RTL8167 - ok
    14:28:37.0373 4844 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    14:28:37.0380 4844 SASDIFSV - ok
    14:28:37.0421 4844 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    14:28:37.0428 4844 SASKUTIL - ok
    14:28:37.0457 4844 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    14:28:37.0460 4844 sbp2port - ok
    14:28:37.0564 4844 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    14:28:37.0566 4844 scfilter - ok
    14:28:37.0645 4844 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    14:28:37.0647 4844 secdrv - ok
    14:28:37.0680 4844 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    14:28:37.0681 4844 Serenum - ok
    14:28:37.0703 4844 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    14:28:37.0704 4844 Serial - ok
    14:28:37.0729 4844 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    14:28:37.0730 4844 sermouse - ok
    14:28:37.0824 4844 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    14:28:37.0826 4844 sffdisk - ok
    14:28:37.0862 4844 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    14:28:37.0864 4844 sffp_mmc - ok
    14:28:37.0896 4844 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    14:28:37.0897 4844 sffp_sd - ok
    14:28:37.0926 4844 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    14:28:37.0928 4844 sfloppy - ok
    14:28:38.0018 4844 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    14:28:38.0020 4844 SiSRaid2 - ok
    14:28:38.0046 4844 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    14:28:38.0047 4844 SiSRaid4 - ok
    14:28:38.0083 4844 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    14:28:38.0084 4844 Smb - ok
    14:28:38.0132 4844 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    14:28:38.0133 4844 spldr - ok
    14:28:38.0172 4844 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    14:28:38.0177 4844 srv - ok
    14:28:38.0200 4844 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    14:28:38.0204 4844 srv2 - ok
    14:28:38.0223 4844 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    14:28:38.0225 4844 srvnet - ok
    14:28:38.0406 4844 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    14:28:38.0408 4844 stexstor - ok
    14:28:38.0469 4844 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    14:28:38.0471 4844 swenum - ok
    14:28:38.0624 4844 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    14:28:38.0647 4844 Tcpip - ok
    14:28:38.0698 4844 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    14:28:38.0711 4844 TCPIP6 - ok
    14:28:38.0813 4844 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    14:28:38.0815 4844 tcpipreg - ok
    14:28:38.0853 4844 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    14:28:38.0855 4844 TDPIPE - ok
    14:28:38.0902 4844 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    14:28:38.0904 4844 TDTCP - ok
    14:28:38.0959 4844 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    14:28:38.0962 4844 tdx - ok
    14:28:39.0048 4844 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    14:28:39.0050 4844 TermDD - ok
    14:28:39.0105 4844 TIEHDUSB (199c2e87d9a5ec58d0bcd94e893bf629) C:\Windows\system32\DRIVERS\tiehdusb.sys
    14:28:39.0108 4844 TIEHDUSB - ok
    14:28:39.0169 4844 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    14:28:39.0170 4844 tssecsrv - ok
    14:28:39.0220 4844 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    14:28:39.0221 4844 TsUsbFlt - ok
    14:28:39.0324 4844 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    14:28:39.0326 4844 tunnel - ok
    14:28:39.0351 4844 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    14:28:39.0352 4844 uagp35 - ok
    14:28:39.0393 4844 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    14:28:39.0397 4844 udfs - ok
    14:28:39.0454 4844 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    14:28:39.0455 4844 uliagpkx - ok
    14:28:39.0505 4844 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    14:28:39.0506 4844 umbus - ok
    14:28:39.0585 4844 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    14:28:39.0586 4844 UmPass - ok
    14:28:39.0619 4844 USBAAPL64 (54d4b48d443e7228bf64cf7cdc3118ac) C:\Windows\system32\Drivers\usbaapl64.sys
    14:28:39.0620 4844 USBAAPL64 - ok
    14:28:39.0639 4844 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    14:28:39.0641 4844 usbccgp - ok
    14:28:39.0676 4844 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    14:28:39.0678 4844 usbcir - ok
    14:28:39.0696 4844 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    14:28:39.0698 4844 usbehci - ok
    14:28:39.0737 4844 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    14:28:39.0741 4844 usbhub - ok
    14:28:39.0829 4844 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
    14:28:39.0831 4844 usbohci - ok
    14:28:39.0872 4844 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    14:28:39.0874 4844 usbprint - ok
    14:28:39.0905 4844 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    14:28:39.0907 4844 usbscan - ok
    14:28:39.0938 4844 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    14:28:39.0940 4844 USBSTOR - ok
    14:28:40.0020 4844 USBTINSP (c44d96b1cdde705b23f55ab423cca73d) C:\Windows\system32\DRIVERS\tinspusb.sys
    14:28:40.0023 4844 USBTINSP - ok
    14:28:40.0102 4844 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
    14:28:40.0104 4844 usbuhci - ok
    14:28:40.0144 4844 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    14:28:40.0145 4844 vdrvroot - ok
    14:28:40.0196 4844 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    14:28:40.0197 4844 vga - ok
    14:28:40.0238 4844 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    14:28:40.0240 4844 VgaSave - ok
    14:28:40.0270 4844 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    14:28:40.0275 4844 vhdmp - ok
    14:28:40.0379 4844 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    14:28:40.0381 4844 viaide - ok
    14:28:40.0410 4844 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    14:28:40.0412 4844 volmgr - ok
    14:28:40.0446 4844 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    14:28:40.0454 4844 volmgrx - ok
    14:28:40.0480 4844 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    14:28:40.0484 4844 volsnap - ok
    14:28:40.0516 4844 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    14:28:40.0518 4844 vsmraid - ok
    14:28:40.0568 4844 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    14:28:40.0570 4844 vwifibus - ok
    14:28:40.0650 4844 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    14:28:40.0652 4844 VWiFiFlt - ok
    14:28:40.0683 4844 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    14:28:40.0685 4844 WacomPen - ok
    14:28:40.0724 4844 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:28:40.0726 4844 WANARP - ok
    14:28:40.0731 4844 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    14:28:40.0733 4844 Wanarpv6 - ok
    14:28:40.0776 4844 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    14:28:40.0777 4844 Wd - ok
    14:28:40.0899 4844 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
    14:28:40.0901 4844 WDC_SAM - ok
    14:28:40.0930 4844 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    14:28:40.0939 4844 Wdf01000 - ok
    14:28:41.0083 4844 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    14:28:41.0085 4844 WfpLwf - ok
    14:28:41.0117 4844 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    14:28:41.0119 4844 WIMMount - ok
    14:28:41.0201 4844 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
    14:28:41.0202 4844 WinUsb - ok
    14:28:41.0219 4844 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    14:28:41.0220 4844 WmiAcpi - ok
    14:28:41.0340 4844 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    14:28:41.0342 4844 ws2ifsl - ok
    14:28:41.0389 4844 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    14:28:41.0390 4844 WudfPf - ok
    14:28:41.0410 4844 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    14:28:41.0412 4844 WUDFRd - ok
    14:28:41.0464 4844 xnacc (4a5ce13408945e525503b5f73d29b9c5) C:\Windows\system32\DRIVERS\xnacc.sys
    14:28:41.0471 4844 xnacc - ok
    14:28:41.0495 4844 xusb21 (2c6bc21b2d5b58d8b1d638c1704cb494) C:\Windows\system32\DRIVERS\xusb21.sys
    14:28:41.0496 4844 xusb21 - ok
    14:28:41.0525 4844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    14:28:41.0530 4844 \Device\Harddisk0\DR0 - ok
    14:28:41.0556 4844 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk1\DR1
    14:28:41.0561 4844 \Device\Harddisk1\DR1 - ok
    14:28:41.0574 4844 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk6\DR6
    14:28:42.0362 4844 \Device\Harddisk6\DR6 - ok
    14:28:42.0369 4844 Boot (0x1200) (acf90e35ad73a35889192b7a53d0ddc4) \Device\Harddisk0\DR0\Partition0
    14:28:42.0371 4844 \Device\Harddisk0\DR0\Partition0 - ok
    14:28:42.0388 4844 Boot (0x1200) (e7c48a681feedfef0cc5a47ffa582ec7) \Device\Harddisk0\DR0\Partition1
    14:28:42.0389 4844 \Device\Harddisk0\DR0\Partition1 - ok
    14:28:42.0392 4844 Boot (0x1200) (44a8285ccffdfab5bac7e3b25ea131bf) \Device\Harddisk1\DR1\Partition0
    14:28:42.0393 4844 \Device\Harddisk1\DR1\Partition0 - ok
    14:28:42.0407 4844 Boot (0x1200) (5f563027b5d167fb6eb4fed857c2da9c) \Device\Harddisk6\DR6\Partition0
    14:28:42.0409 4844 \Device\Harddisk6\DR6\Partition0 - ok
    14:28:42.0409 4844 ============================================================
    14:28:42.0409 4844 Scan finished
    14:28:42.0409 4844 ============================================================
    14:28:42.0422 4612 Detected object count: 0
    14:28:42.0422 4612 Actual detected object count: 0
     
  9. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new aswMBR log.
     
  10. noodles79

    noodles79 TS Rookie Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 12:05:44
    -----------------------------
    12:05:44.051 OS Version: Windows x64 6.1.7601 Service Pack 1
    12:05:44.051 Number of processors: 4 586 0x502
    12:05:44.051 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    12:05:45.748 Initialize success
    12:06:48.553 AVAST engine defs: 11101101
    12:07:07.804 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 13:34:49
    -----------------------------
    13:34:49.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:49.284 Number of processors: 4 586 0x502
    13:34:49.284 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    13:34:50.111 Initialize success
    13:36:48.602 AVAST engine defs: 11101101
    13:37:13.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4
    13:37:13.230 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
    13:37:13.230 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    13:37:13.230 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
    13:37:13.245 Disk 0 MBR read successfully
    13:37:13.245 Disk 0 MBR scan
    13:37:13.261 Disk 0 MBR:Alureon-I [Rtk]
    13:37:13.261 Disk 0 TDL4@MBR code has been found
    13:37:13.261 Disk 0 Windows 7 default MBR code found via API
    13:37:13.261 Disk 0 MBR hidden
    13:37:13.261 Disk 0 MBR [TDL4] **ROOTKIT**
    13:37:13.261 Disk 0 trace - called modules:
    13:37:13.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a31254]<<
    13:37:13.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1c060]
    13:37:13.776 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047a29b0]
    13:37:13.791 5 ACPI.sys[fffff88000e767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa80047bb060]
    13:37:13.807 \Driver\atapi[0xfffffa80046a5300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a31254
    13:37:14.763 AVAST engine scan C:\Windows
    13:37:19.354 AVAST engine scan C:\Windows\system32
    13:39:13.561 AVAST engine scan C:\Windows\system32\drivers
    13:39:24.122 AVAST engine scan C:\Users\Besty Wirgan
    13:39:32.515 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:39:32.530 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-11 13:34:49
    -----------------------------
    13:34:49.284 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:34:49.284 Number of processors: 4 586 0x502
    13:34:49.284 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    13:34:50.111 Initialize success
    13:36:48.602 AVAST engine defs: 11101101
    13:37:13.230 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-4
    13:37:13.230 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
    13:37:13.230 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    13:37:13.230 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
    13:37:13.245 Disk 0 MBR read successfully
    13:37:13.245 Disk 0 MBR scan
    13:37:13.261 Disk 0 MBR:Alureon-I [Rtk]
    13:37:13.261 Disk 0 TDL4@MBR code has been found
    13:37:13.261 Disk 0 Windows 7 default MBR code found via API
    13:37:13.261 Disk 0 MBR hidden
    13:37:13.261 Disk 0 MBR [TDL4] **ROOTKIT**
    13:37:13.261 Disk 0 trace - called modules:
    13:37:13.276 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8004a31254]<<
    13:37:13.776 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a1c060]
    13:37:13.776 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047a29b0]
    13:37:13.791 5 ACPI.sys[fffff88000e767a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-4[0xfffffa80047bb060]
    13:37:13.807 \Driver\atapi[0xfffffa80046a5300] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8004a31254
    13:37:14.763 AVAST engine scan C:\Windows
    13:37:19.354 AVAST engine scan C:\Windows\system32
    13:39:13.561 AVAST engine scan C:\Windows\system32\drivers
    13:39:24.122 AVAST engine scan C:\Users\Besty Wirgan
    13:39:32.515 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:39:32.530 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"
    13:42:18.969 AVAST engine scan C:\ProgramData
    13:43:07.406 Scan finished successfully
    13:43:25.202 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    13:43:25.202 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-12 10:12:38
    -----------------------------
    10:12:38.080 OS Version: Windows x64 6.1.7601 Service Pack 1
    10:12:38.080 Number of processors: 4 586 0x502
    10:12:38.080 ComputerName: BESTYWIRGAN-PC UserName: Besty Wirgan
    10:12:41.434 Initialize success
    10:12:48.111 AVAST engine defs: 11101101
    10:13:03.586 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T1L0-5
    10:13:03.586 Disk 0 Vendor: Hitachi_HDS721010CLA332 JP4OA39C Size: 953869MB BusType: 3
    10:13:03.586 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP2T0L0-3
    10:13:03.586 Disk 1 Vendor: WDC_WD3200AAJB-00J3A0 01.03E01 Size: 305245MB BusType: 3
    10:13:05.614 Disk 0 MBR read successfully
    10:13:05.614 Disk 0 MBR scan
    10:13:05.614 Disk 0 Windows 7 default MBR code
    10:13:05.614 Service scanning
    10:13:07.080 Service MSICDSetup F:\CDriver64.sys **LOCKED** 21
    10:13:07.798 Modules scanning
    10:13:07.798 Disk 0 trace - called modules:
    10:13:07.798 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
    10:13:07.814 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a39060]
    10:13:07.814 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> [0xfffffa80047bd9b0]
    10:13:07.814 5 ACPI.sys[fffff88000e8d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T1L0-5[0xfffffa80047df060]
    10:13:08.422 AVAST engine scan C:\Windows
    10:13:10.653 AVAST engine scan C:\Windows\system32
    10:14:39.823 AVAST engine scan C:\Windows\system32\drivers
    10:14:51.507 AVAST engine scan C:\Users\Besty Wirgan
    10:17:56.055 AVAST engine scan C:\ProgramData
    10:18:37.863 Scan finished successfully
    10:18:46.537 Disk 0 MBR has been saved successfully to "C:\Users\Besty Wirgan\Desktop\MBR.dat"
    10:18:46.553 The log file has been saved successfully to "C:\Users\Besty Wirgan\Desktop\aswMBR.txt"
     
  11. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Good job :)

    How is computer doing?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. noodles79

    noodles79 TS Rookie Topic Starter

    OTL logfile created on: 10/13/2011 10:45:00 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Besty Wirgan\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 57.68% Memory free
    8.00 Gb Paging File | 6.06 Gb Available in Paging File | 75.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 73.24 Gb Total Space | 17.49 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive E: | 858.27 Gb Total Space | 629.21 Gb Free Space | 73.31% Space Free | Partition Type: NTFS
    Drive G: | 298.09 Gb Total Space | 168.61 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
    Drive M: | 465.76 Gb Total Space | 240.45 Gb Free Space | 51.63% Space Free | Partition Type: NTFS

    Computer Name: BESTYWIRGAN-PC | User Name: Besty Wirgan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/13 10:43:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Besty Wirgan\Desktop\OTL.exe
    PRC - [2011/09/30 10:59:36 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2011/07/21 12:14:17 | 000,581,288 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe
    PRC - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    PRC - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    PRC - [2011/04/08 08:50:36 | 001,406,248 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    PRC - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
    PRC - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    PRC - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    PRC - [2011/03/15 14:44:28 | 000,650,080 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    PRC - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    PRC - [2009/09/23 16:45:50 | 001,287,176 | ---- | M] (Panda Security) -- C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    PRC - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/30 10:59:36 | 001,833,944 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    MOD - [2011/08/03 03:31:28 | 000,255,592 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll
    MOD - [2011/03/21 14:57:34 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
    MOD - [2011/03/21 14:56:16 | 001,230,704 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
    MOD - [2010/11/17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/30 18:21:44 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/12/10 14:02:15 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
    SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/08/03 07:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/08/03 03:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2011/07/21 12:12:16 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
    SRV - [2011/04/21 07:53:48 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2011/03/29 15:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
    SRV - [2011/03/15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
    SRV - [2010/12/10 14:02:10 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/11/29 11:42:56 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
    SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [On_Demand | Stopped] -- C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
    SRV - [2009/07/14 22:53:32 | 000,211,232 | ---- | M] (Ralink Technology, Corp.) [Auto | Running] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
    SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2005/09/30 20:22:50 | 000,096,341 | ---- | M] (Canon Inc.) [Auto | Running] -- C:\Program Files (x86)\Canon\CAL\CALMAIN.exe -- (CCALib8)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/07/22 12:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2011/07/21 12:15:16 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
    DRV:64bit: - [2011/07/21 12:15:15 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
    DRV:64bit: - [2011/07/12 17:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2011/05/25 02:09:17 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/01/01 10:12:24 | 000,097,040 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
    DRV:64bit: - [2010/11/20 09:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/06/16 14:38:08 | 000,092,160 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV:64bit: - [2010/04/07 13:14:50 | 000,446,304 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WMP54Gv41x64.sys -- (rt61x64)
    DRV:64bit: - [2010/03/29 17:31:18 | 000,142,848 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tinspusb.sys -- (USBTINSP) TI-Nspire(TM)
    DRV:64bit: - [2009/09/03 16:30:20 | 000,128,512 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tiehdusb.sys -- (TIEHDUSB)
    DRV:64bit: - [2009/08/21 02:52:10 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/13 20:10:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rootmdm.sys -- (ROOTMODEM)
    DRV:64bit: - [2009/07/13 20:01:09 | 000,679,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xnacc.sys -- (xnacc)
    DRV:64bit: - [2009/07/07 18:53:02 | 000,032,256 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\libusb0.sys -- (libusb0)
    DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/01/09 17:02:08 | 000,031,744 | ---- | M] (Research in Motion Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RimSerial_AMD64.sys -- (RimVSerPort)
    DRV:64bit: - [2008/06/27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs)
    DRV:64bit: - [2008/05/06 16:06:00 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
    DRV - [2011/05/28 20:40:12 | 000,007,168 | ---- | M] (MPlayer <http://svn.mplayerhq.hu/mplayer/trunk/vidix/dhahelperwin/>) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\dhahelper.sys -- (DhaHelper)
    DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
     
  13. noodles79

    noodles79 TS Rookie Topic Starter

    IE - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    IE - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 16 81 56 48 88 CC 01 [binary data]
    IE - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.search.defaultthis.engineName: "ZoneAlarm Security Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "www.yahoo.com"
    FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
    FF - prefs.js..extensions.enabledItems: adblockpopups@jessehakanen.net:0.2.3
    FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&q="

    FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/09/29 01:09:21 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/09/30 10:59:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/09/18 11:20:38 | 000,000,000 | ---D | M]

    [2010/12/09 14:44:24 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Extensions
    [2011/10/10 23:23:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions
    [2011/09/29 01:09:35 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    [2011/09/29 01:09:35 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
    [2011/10/10 23:23:07 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
    [2011/09/29 01:09:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\extensions\nostmp
    [2010/12/02 01:19:16 | 000,000,939 | -H-- | M] () -- C:\Users\Besty Wirgan\AppData\Roaming\Mozilla\Firefox\Profiles\50519cph.default\searchplugins\conduit.xml
    [2011/09/29 10:43:03 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/01/21 14:09:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\BESTY WIRGAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50519CPH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
    () (No name found) -- C:\USERS\BESTY WIRGAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\50519CPH.DEFAULT\EXTENSIONS\ADBLOCKPOPUPS@JESSEHAKANEN.NET.XPI
    [2011/09/30 10:59:36 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
    [2011/01/21 14:09:08 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/22 21:16:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

    O1 HOSTS File: ([2011/10/11 13:09:55 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
    O3 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
    O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
    O4 - HKLM..\Run: [NBAgent] C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG)
    O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
    O4 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000..\Run: [DS3 Tool] C:\Program Files\MotioninJoy\ds3\DS3_Tool.exe (www.motioninjoy.com)
    O4 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
    O4 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1002..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1002..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1002\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package)
    O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPID.cab (Creative Software AutoUpdate Support Package)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{14C5C162-DC00-4E74-BD51-032E3408EE22}: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C6A76560-6C8B-4366-A619-E97220CE002C}: DhcpNameServer = 72.240.13.7 72.240.13.6 156.154.70.43
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2010/03/01 19:32:21 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
    Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/13 10:43:42 | 000,582,656 | ---- | C] (OldTimer Tools) -- C:\Users\Besty Wirgan\Desktop\OTL.exe
    [2011/10/13 03:02:06 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/10/11 15:02:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/10/11 14:10:10 | 001,558,832 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Besty Wirgan\Desktop\tdsskiller.exe
    [2011/10/11 13:31:39 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/10/11 12:28:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/11 12:28:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/11 12:28:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/11 12:27:13 | 000,000,000 | ---D | C] -- C:\ComboFix
    [2011/10/11 12:20:52 | 004,253,749 | R--- | C] (Swearware) -- C:\Users\Besty Wirgan\Desktop\ComboFix.exe
    [2011/10/11 12:13:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/11 12:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/11 11:42:01 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Besty Wirgan\Desktop\aswMBR.exe
    [2011/10/10 13:46:36 | 000,000,000 | ---D | C] -- C:\Users\Besty Wirgan\AppData\Roaming\Avira
    [2011/10/10 13:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/10/10 13:18:09 | 000,123,784 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
    [2011/10/10 13:18:09 | 000,088,288 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
    [2011/10/10 13:18:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/10/10 13:18:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
    [2011/10/10 12:37:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security
    [2011/10/10 12:37:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Panda USB Vaccine
    [2011/10/10 12:37:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    [2011/10/10 12:26:01 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
    [2011/10/09 12:27:50 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
    [2011/10/08 20:59:25 | 000,000,000 | ---D | C] -- C:\Users\Besty Wirgan\AppData\Roaming\Malwarebytes
    [2011/10/08 20:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/08 20:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/10/08 20:59:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2011/10/08 20:36:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
    [2011/10/08 20:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/10/08 20:36:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
    [2011/10/06 14:27:54 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\SysWow64\drivers\tmcomm.sys
    [2011/09/30 18:21:00 | 000,000,000 | ---D | C] -- C:\Users\Besty Wirgan\AppData\Roaming\SUPERAntiSpyware.com
    [2011/09/30 18:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    [2011/09/30 18:20:49 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2011/09/30 18:17:54 | 000,000,000 | ---D | C] -- C:\Users\Besty Wirgan\Desktop\shortcuts
    [2011/09/30 18:15:48 | 000,067,176 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
    [2011/09/30 18:15:48 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
    [2011/09/21 10:17:27 | 000,000,000 | ---D | C] -- C:\Users\Besty Wirgan\Desktop\PL Bot
    [2011/09/20 10:58:11 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/13 10:49:30 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/13 10:49:30 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/13 10:47:24 | 007,976,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/10/13 10:47:24 | 002,604,712 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/10/13 10:47:24 | 000,006,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/10/13 10:43:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Besty Wirgan\Desktop\OTL.exe
    [2011/10/13 10:42:40 | 000,001,184 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\CoreTemp.ini
    [2011/10/13 10:41:58 | 003,026,360 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/10/13 10:41:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/13 10:41:27 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2011/10/12 10:18:46 | 000,000,512 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\MBR.dat
    [2011/10/11 14:10:22 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Besty Wirgan\Desktop\tdsskiller.exe
    [2011/10/11 13:09:55 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/10/11 12:23:40 | 004,253,749 | R--- | M] (Swearware) -- C:\Users\Besty Wirgan\Desktop\ComboFix.exe
    [2011/10/11 11:42:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Besty Wirgan\Desktop\aswMBR.exe
    [2011/10/10 13:49:47 | 000,302,592 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\opxtcvd4.exe
    [2011/10/10 13:18:18 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/10/08 20:59:13 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/08 20:36:23 | 000,001,299 | ---- | M] () -- C:\Users\Besty Wirgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/10/08 20:36:23 | 000,001,275 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\Spybot - Search & Destroy.lnk
    [2011/10/07 22:49:30 | 003,557,168 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\detroit.mp3
    [2011/10/07 22:49:18 | 002,788,959 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\hat.mp3
    [2011/10/07 22:49:10 | 003,076,932 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\thanks whiskey.mp3
    [2011/10/07 19:50:34 | 016,501,823 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\111007_004.mp3
    [2011/10/06 14:32:31 | 000,164,047 | ---- | M] () -- C:\Users\Besty Wirgan\AppData\Local\census.cache
    [2011/10/06 14:32:21 | 000,108,506 | ---- | M] () -- C:\Users\Besty Wirgan\AppData\Local\ars.cache
    [2011/10/06 14:27:19 | 000,000,036 | ---- | M] () -- C:\Users\Besty Wirgan\AppData\Local\housecall.guid.cache
    [2011/09/30 14:26:56 | 000,002,069 | ---- | M] () -- C:\Users\Besty Wirgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/09/29 20:18:38 | 000,000,960 | ---- | M] () -- C:\Users\Besty Wirgan\Application Data\Microsoft\Internet Explorer\Quick Launch\DS3 Tool.lnk
    [2011/09/29 00:59:08 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/09/29 00:57:40 | 000,000,288 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/09/29 00:57:40 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/09/21 22:14:16 | 005,709,699 | -H-- | M] () -- C:\Users\Besty Wirgan\Desktop\110921_002.mp3
    [3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/11 13:39:32 | 000,000,512 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\MBR.dat
    [2011/10/11 12:28:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/11 12:28:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/11 12:28:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/11 12:28:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/11 12:28:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/10 13:49:32 | 000,302,592 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\opxtcvd4.exe
    [2011/10/10 13:18:18 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/10/09 20:13:39 | 000,065,664 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\Ubuntu.dds
    [2011/10/08 20:59:13 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/08 20:36:23 | 000,001,299 | ---- | C] () -- C:\Users\Besty Wirgan\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
    [2011/10/08 20:36:23 | 000,001,275 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\Spybot - Search & Destroy.lnk
    [2011/10/07 22:51:28 | 003,076,932 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\thanks whiskey.mp3
    [2011/10/07 22:51:26 | 002,788,959 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\hat.mp3
    [2011/10/07 22:51:24 | 003,557,168 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\detroit.mp3
    [2011/10/07 22:14:00 | 016,501,823 | ---- | C] () -- C:\Users\Besty Wirgan\Desktop\111007_004.mp3
    [2011/10/06 14:32:31 | 000,164,047 | ---- | C] () -- C:\Users\Besty Wirgan\AppData\Local\census.cache
    [2011/10/06 14:32:21 | 000,108,506 | ---- | C] () -- C:\Users\Besty Wirgan\AppData\Local\ars.cache
    [2011/10/06 14:27:19 | 000,000,036 | ---- | C] () -- C:\Users\Besty Wirgan\AppData\Local\housecall.guid.cache
    [2011/09/29 00:57:40 | 000,000,200 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/09/29 00:57:39 | 000,000,288 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/09/29 00:57:22 | 000,000,448 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/09/23 22:41:18 | 005,709,699 | -H-- | C] () -- C:\Users\Besty Wirgan\Desktop\110921_002.mp3
    [2011/08/03 03:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/07/15 12:13:23 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
    [2011/07/03 14:09:24 | 000,000,128 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/07/01 16:06:36 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
    [2011/04/25 21:21:59 | 000,004,608 | ---- | C] () -- C:\Users\Besty Wirgan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/03/26 17:24:00 | 000,006,394 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/02/18 20:50:53 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
    [2010/12/10 18:52:51 | 000,001,250 | ---- | C] () -- C:\Users\Besty Wirgan\AppData\Roaming\System Monitor II_Settings.ini
    [2010/12/09 17:05:56 | 000,052,864 | R--- | C] () -- C:\Windows\SysWow64\SetupWizard.exe
    [2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
    [2007/06/12 11:25:54 | 000,000,920 | ---- | C] () -- C:\Windows\SysWow64\WLAN.INI

    ========== LOP Check ==========

    [2011/09/29 01:08:03 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\AVCWare
    [2010/12/10 13:49:02 | 000,000,000 | -H-D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\Canon
    [2010/12/09 14:58:49 | 000,000,000 | -H-D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\CheckPoint
    [2011/03/17 01:17:32 | 000,000,000 | -H-D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1
    [2011/09/29 01:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\gtk-2.0
    [2011/09/29 01:09:34 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\Juniper Networks
    [2011/07/26 15:31:14 | 000,000,000 | -H-D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\MotioninJoy
    [2011/09/29 01:08:09 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\Research In Motion
    [2011/10/09 13:41:36 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\uTorrent
    [2011/09/29 01:09:35 | 000,000,000 | ---D | M] -- C:\Users\Besty Wirgan\AppData\Roaming\ZumoDrive
    [2011/09/08 15:01:57 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2010/03/01 19:32:21 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/09/24 16:54:42 | 000,000,223 | -H-- | M] () -- C:\Boot.BAK
    [2010/12/09 17:17:37 | 000,000,367 | RHS- | M] () -- C:\Boot.ini.saved
    [2010/11/20 08:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2010/12/09 17:17:39 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/10/11 13:31:21 | 000,023,356 | ---- | M] () -- C:\ComboFix.txt
    [2010/03/01 19:32:21 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2011/10/13 10:41:27 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
    [2010/03/01 19:32:21 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/03/01 19:32:21 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/03/01 19:46:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2010/03/02 01:45:26 | 000,250,048 | RHS- | M] () -- C:\ntldr
    [2011/10/13 10:41:29 | 4294,107,136 | -HS- | M] () -- C:\pagefile.sys
    [2011/10/11 12:25:13 | 000,000,531 | ---- | M] () -- C:\rkill.log
    [2011/10/10 12:26:04 | 000,227,642 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_10.10.2011_12.24.02_log.txt
    [2011/10/11 11:25:29 | 000,152,772 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_11.22.50_log.txt
    [2011/10/11 14:52:35 | 000,077,412 | ---- | M] () -- C:\TDSSKiller.2.6.7.0_11.10.2011_14.28.16_log.txt
    [2010/11/19 16:12:54 | 000,133,970 | ---- | M] () -- C:\wlrepair.log

    < %systemroot%\Fonts\*.com >
    [2009/07/14 01:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 01:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 01:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/11/10 03:28:46 | 000,301,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/14 00:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >
    [2008/06/23 17:36:24 | 000,773,120 | ---- | M] () -- C:\Windows\system32\NEROINSTAEC43759.DB

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/06/12 12:48:17 | 000,000,221 | -HS- | M] () -- C:\Users\Besty Wirgan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/11 11:42:18 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Besty Wirgan\Desktop\aswMBR.exe
    [2011/10/11 12:23:40 | 004,253,749 | R--- | M] (Swearware) -- C:\Users\Besty Wirgan\Desktop\ComboFix.exe
    [2010/10/03 02:14:22 | 000,563,728 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\Core Temp.exe
    [2011/01/01 11:16:16 | 002,334,928 | ---- | M] (www.motioninjoy.com ) -- C:\Users\Besty Wirgan\Desktop\MotioninJoy_060003_amd64_signed.exe
    [2011/10/10 13:49:47 | 000,302,592 | ---- | M] () -- C:\Users\Besty Wirgan\Desktop\opxtcvd4.exe
    [2011/10/13 10:43:43 | 000,582,656 | ---- | M] (OldTimer Tools) -- C:\Users\Besty Wirgan\Desktop\OTL.exe
    [2011/10/11 14:10:22 | 001,558,832 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Besty Wirgan\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 17:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/07/13 12:02:58 | 000,000,402 | -HS- | M] () -- C:\Users\Besty Wirgan\Favorites\desktop.ini
    [2011/06/13 15:43:16 | 000,000,298 | ---- | M] () -- C:\Users\Besty Wirgan\Favorites\NCH Software Download.lnk

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/09/29 00:59:08 | 000,000,448 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/07/03 14:09:24 | 000,000,128 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
    [2011/09/29 00:57:40 | 000,000,288 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/09/29 00:57:40 | 000,000,200 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  14. noodles79

    noodles79 TS Rookie Topic Starter

    OTL Extras logfile created on: 10/13/2011 10:45:00 AM - Run 1
    OTL by OldTimer - Version 3.2.29.1 Folder = C:\Users\Besty Wirgan\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    4.00 Gb Total Physical Memory | 2.31 Gb Available Physical Memory | 57.68% Memory free
    8.00 Gb Paging File | 6.06 Gb Available in Paging File | 75.84% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 73.24 Gb Total Space | 17.49 Gb Free Space | 23.89% Space Free | Partition Type: NTFS
    Drive E: | 858.27 Gb Total Space | 629.21 Gb Free Space | 73.31% Space Free | Partition Type: NTFS
    Drive G: | 298.09 Gb Total Space | 168.61 Gb Free Space | 56.56% Space Free | Partition Type: NTFS
    Drive M: | 465.76 Gb Total Space | 240.45 Gb Free Space | 51.63% Space Free | Partition Type: NTFS

    Computer Name: BESTYWIRGAN-PC | User Name: Besty Wirgan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
    http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [Digital Photo Professional] -- C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
    "{18155797-EF2E-4699-9A16-FE787C4C10DB}" = iTunes
    "{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
    "{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
    "{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
    "{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy ds3 driver version 0.6.0003
    "{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
    "{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
    "{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
    "{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
    "{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{8F473675-D702-45F9-8EBC-342B40C17BF5}" = Apple Mobile Device Support
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.23.3
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{C77B1ED4-A026-4E2F-8C91-184AEF5D1D87}" = HP Deskjet 3000 J310 series Basic Device Software
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
    "{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
    "{D9C50188-12D5-4D3E-8F00-682346C2AA5F}" = Microsoft Xbox 360 Accessories 1.2
    "{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "7511B29C86C398B4D11A0B0E4176CAD68D1B7057" = Windows Driver Package - Texas Instruments Inc. (TIEHDUSB) USB (09/02/2009 1.0.0.1)
    "EC3E466026556D3EB760B01C4772277614354E11" = Windows Driver Package - Texas Instruments Inc. (SilvrLnk) USB (06/11/2009 1.0.0.0)
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0D67A4E4-5BE0-4C9A-8AD8-AB552B433F23}" = Adobe Setup
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
    "{16E16F01-2E2D-4248-A42F-76261C147B6C}" = Adobe Drive CS4
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
    "{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    "{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1F7D9F37-C39C-486C-BDF8-8F440FFB3352}" = Nero Kwik Media
    "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
    "{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
    "{26A24AE4-039D-4CA4-87B4-2F83216023FF}" = Java(TM) 6 Update 23
    "{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
    "{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
    "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
    "{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
    "{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
    "{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
    "{359FCAA7-B544-4147-AE3B-8C8A526E2427}" = Sony Image Data Suite
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{466AEFCE-F1C0-6ADF-142E-FB2A40F4E9D4}" = Bulkr
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
    "{54855FDF-8D9C-44C8-87E9-A5FED0006942}" = GDPHome
    "{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1" = Panda USB Vaccine 1.0.1.4
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
    "{580A32F5-E0C4-4F5C-BBFA-4FA001E822D5}" = Gregg College Keyboarding & Document Processing Home 10
    "{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
    "{598420E8-E9F9-4FAE-9B6C-599FDF2F611A}" = BlackBerry App World Browser Plugin
    "{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
    "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
    "{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{654A65DA-7173-4B51-ACEB-F855201EE033}" = HP Deskjet 3000 J310 series Help
    "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
    "{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
    "{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
    "{67F0E67A-8E93-4C2C-B29D-47C48262738A}" = Adobe Device Central CS4
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
    "{68AB6930-5BFF-4FF6-923B-516A91984FE6}" = Nero BackItUp 10
    "{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
    "{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
    "{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
    "{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
    "{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
    "{7F486528-5581-452C-8D92-4C45DE8ABDA8}" = GDPAddinSetup
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{84A78614-0E4B-4A4E-BA8C-2B0A05A08E4E}" = BlackBerry Desktop Software 6.0.1
    "{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8B973103-BAA5-465F-ADFE-55A9E9D1130D}" = Migratr
    "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
    "{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISER_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISER_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISER_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISER_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISER_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
    "{91120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
    "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
    "{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{A0BB1E68-1DD0-4acd-AD82-EDA0E49F0615}" = PMB Updater
    "{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
    "{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
    "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
    "{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BCE46757-7674-4416-BEDB-68205A60409E}" = CanoScan Toolbox Ver4.1
    "{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
    "{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
    "{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
    "{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
    "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
    "{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
    "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
    "{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
    "{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
    "{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E4848436-0345-47E2-B648-8B522FCDA623}" = Adobe Photoshop CS4
    "{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
    "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F20C1251-1D0A-4944-B2AE-678581B33B19}" = Neverwinter Nights 2
    "{F2C4E6E0-EB78-4824-A212-6DF6AF0E8E82}" = FINAL FANTASY XIV
    "{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
    "{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
    "{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
    "{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
    "{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe_faf656ef605427ee2f42989c3ad31b8" = Adobe Photoshop CS4
    "Amazon Games & Software Downloader_is1" = Amazon Games & Software Downloader
    "AVCWare Ringtone Maker" = AVCWare Ringtone Maker
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "BlackBerry_Desktop" = BlackBerry Desktop Software 6.0.1
    "CAL" = Canon Camera Access Library
    "CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
    "CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
    "CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "com.prakaz.project.photogettr.FBAB9E68ED32BC183252F597C39DBF71CF315A79.1" = Bulkr
    "CSCLIB" = Canon Camera Support Core Library
    "DivX Setup.divx.com" = DivX Setup
    "DPP" = Canon Utilities Digital Photo Professional 3.10
    "ENTERPRISER" = Microsoft Office Enterprise 2007
    "EOS Utility" = Canon Utilities EOS Utility
    "Fraps" = Fraps
    "InstallShield_{3C0619B4-4A2C-4244-8077-488E420DF907}" = FINAL FANTASY XI: Chains of Promathia
    "InstallShield_{47004155-7376-403E-89E9-4C9F44AAF0D0}" = PlayOnline Viewer & Tetra Master
    "InstallShield_{5B037ED7-0755-48D4-9554-808E5AF50F17}" = FINAL FANTASY XI: Wings of the Goddess
    "InstallShield_{678F6475-D227-432A-94FF-806178A34520}" = FINAL FANTASY XI
    "InstallShield_{6FC76C41-8C1D-4B43-85E7-0BAA2002F1BE}" = FINAL FANTASY XI: Rise of the Zilart
    "InstallShield_{A606C6FF-12E7-40BE-B777-D8F360FF00CD}" = FINAL FANTASY XI: Treasures of Aht Urhgan
    "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "MicroDicom" = MicroDicom 0.2.2
    "Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "PhotoStitch" = Canon Utilities PhotoStitch
    "Picasa 3" = Picasa 3
    "Prism" = Prism Video File Converter
    "RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
    "RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
    "uTorrent" = ĀµTorrent
    "VideoPad" = VideoPad Video Editor
    "WinLiveSuite" = Windows Live Essentials
    "WinRAR archiver" = WinRAR 4.00 (32-bit)
    "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2864006334-3454763267-3216989857-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Juniper_Setup_Client" = Juniper Networks Setup Client
    "Neoteris_Host_Checker" = Juniper Networks Host Checker

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/13/2011 3:02:09 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 10/13/2011 3:02:09 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
    (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
    code.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service SMSvcHost 4.0.0.0
    (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error
    code.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service MSDTC Bridge
    4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
    the error code.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 10/13/2011 3:02:10 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service MSDTC Bridge
    4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains
    the error code.

    Error - 10/13/2011 10:47:20 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
    Description = The performance strings in the Performance registry value is corrupted
    when process Performance extension counter provider. The BaseIndex value from the
    Performance registry is the first DWORD in the Data section, LastCounter value
    is the second DWORD in the Data section, and LastHelp value is the third DWORD in
    the Data section.

    Error - 10/13/2011 10:47:20 AM | Computer Name = BestyWirgan-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
    Description = Unloading the performance counter strings for service WmiApRpl (WmiApRpl)
    failed. The first DWORD in the Data section contains the error code.

    [ System Events ]
    Error - 10/12/2011 9:49:51 AM | Computer Name = BestyWirgan-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    DhaHelper

    Error - 10/12/2011 10:02:58 AM | Computer Name = BestyWirgan-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\drivers\dhahelper.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 10/12/2011 10:03:20 AM | Computer Name = BestyWirgan-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    DhaHelper

    Error - 10/12/2011 10:11:53 AM | Computer Name = BestyWirgan-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\drivers\dhahelper.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 10/12/2011 10:12:35 AM | Computer Name = BestyWirgan-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    DhaHelper

    Error - 10/13/2011 12:20:07 AM | Computer Name = BestyWirgan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/13/2011 12:20:10 AM | Computer Name = BestyWirgan-PC | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk0\DR0, has a bad block.

    Error - 10/13/2011 12:23:46 AM | Computer Name = BestyWirgan-PC | Source = volsnap | ID = 393252
    Description = The shadow copies of volume C: were aborted because the shadow copy
    storage could not grow due to a user imposed limit.

    Error - 10/13/2011 10:41:24 AM | Computer Name = BestyWirgan-PC | Source = Application Popup | ID = 1060
    Description = \??\C:\Windows\SysWow64\drivers\dhahelper.sys has been blocked from
    loading due to incompatibility with this system. Please contact your software vendor
    for a compatible version of the driver.

    Error - 10/13/2011 10:42:18 AM | Computer Name = BestyWirgan-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    DhaHelper


    < End of report >
     
  15. noodles79

    noodles79 TS Rookie Topic Starter

    So far, my computer has been running normally since booting from the OS disk. I hope I haven't jinxed it :)
     
  16. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Very well :)

    1. Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    2. Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O3 - HKU\S-1-5-21-2864006334-3454763267-3216989857-1000\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
      O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
      [3 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =============================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  17. noodles79

    noodles79 TS Rookie Topic Starter

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is disabled!)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 27
    Out of date Java installed!
    Adobe Flash Player 10.3.183.7
    Adobe Reader X (10.1.1)
    Mozilla Firefox (x86 en-US..) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  18. noodles79

    noodles79 TS Rookie Topic Starter

    I have to rescan with ESET because I forgot to export the text :( I will post when it is complete.
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    OK..................
     
  20. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Still with me?
     
  21. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    The issue seems to be resolved.
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...