TechSpot

Downloading problem with Malwarebytes Anti-Malware 1.46

By ashley11493
Nov 14, 2010
  1. I just tried to download Malwarebytes Anti-Malware 1.46. An error appeared saying "Run-time error 339 vbalsgrid6.ocx is not correctly registered: a file is missing or invalid". How can I fix this problem so I can down the program?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Leave MBAM alone for now.
    Please, complete all other steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  3. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    Step 1 and 2

    step 1: I have Avast, and the full system scan came up clean.


    step 2:

    Getting user folders.

    Stopping running processes.

    Emptying Temp folders.


    User: gemma
    ->Temp folder emptied: 947412 bytes
    ->Temporary Internet Files folder emptied: 49288 bytes
    ->Java cache emptied: 80480 bytes
    ->FireFox cache emptied: 65527019 bytes
    ->Flash cache emptied: 4889 bytes

    User: Public

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 882 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68488 bytes

    Emptying RecycleBin. Do not interrupt.

    RecycleBin emptied: 0 bytes
    Process complete!

    Total Files Cleaned = 64.00 mb




    I also believe after reading the forum that I have a google redirect virus.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Go on......
     
  5. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    it won't let me post a reply
     
  6. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    reply with the information from steps 3 and 4*
     
  7. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-14 13:03:23
    Windows 6.1.7600
    Running: rt67byto.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg@s2 285507792
    Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced@HideFileExt 0

    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\r33 0 bytes
    File C:\## aswSnx private storage\snx_rhive 5505024 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{87616e6f-f00a-11df-a5d6-001b249f5f61}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\webStorage 0 bytes
    File C:\## aswSnx private storage\webStorage\attrib 0 bytes
    File C:\## aswSnx private storage\webStorage\image 0 bytes
    File C:\## aswSnx private storage\webStorage\image\$RECYCLE.BIN 0 bytes
    File C:\## aswSnx private storage\webStorage\image\$RECYCLE.BIN\S-1-5-21-3689666590-410104271-3580811442-1005 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\changes.rtf 1113 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\german.lng 9880 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\belarusian.lng 8878 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\bosnian.lng 8744 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\bulgarian.lng 8948 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\catalan.lng 9353 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\chineseSI.lng 5468 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\chineseTR.lng 6054 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\croatian.lng 8726 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\czech.lng 8401 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\danish.lng 8832 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\dutch.lng 9325 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\english.lng 8089 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\estonian.lng 8323 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\finnish.lng 8287 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\french.lng 9901 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\greek.lng 9663 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\hebrew.lng 6252 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\hungarian.lng 9404 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\italian.lng 9309 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\korean.lng 7082 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\latvian.lng 8878 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\macedonian.lng 9662 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\norwegian.lng 8147 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\polish.lng 8624 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng 9284 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng 9392 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\romanian.lng 9331 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\russian.lng 8742 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\serbian.lng 8771 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\slovak.lng 8355 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\slovenian.lng 8078 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\spanish.lng 9911 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\swedish.lng 8658 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\Languages\turkish.lng 8414 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\license.txt 4124 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.chm 35157 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.dll 350544 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbam.exe 1090952 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamext.dll 96592 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe 437584 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 304464 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\ssubtmr6.dll 46416 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.dat 10200 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.exe 716624 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\unins000.msg 10562 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 496976 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files\Malwarebytes' Anti-Malware\zlib.dll 79696 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86) 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\changes.rtf 1113 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\german.lng 9880 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\belarusian.lng 8878 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bosnian.lng 8744 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\bulgarian.lng 8948 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\catalan.lng 9353 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseSI.lng 5468 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\chineseTR.lng 6054 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\croatian.lng 8726 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\czech.lng 8401 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\danish.lng 8832 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\dutch.lng 9325 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\english.lng 8089 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\estonian.lng 8323 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\finnish.lng 8287 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\french.lng 9901 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\greek.lng 9663 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hebrew.lng 6252 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\hungarian.lng 9404 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\italian.lng 9309 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\korean.lng 7082 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\latvian.lng 8878 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\macedonian.lng 9662 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\norwegian.lng 8147 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\polish.lng 8624 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portugueseBR.lng 9284 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\portuguesePT.lng 9392 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\romanian.lng 9331 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\russian.lng 8742 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\serbian.lng 8771 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovak.lng 8355 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\slovenian.lng 8078 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\spanish.lng 9911 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\swedish.lng 8658 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\Languages\turkish.lng 8414 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\license.txt 4124 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.chm 35157 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll 350544 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe 1090952 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamext.dll 96592 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe 437584 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe 304464 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\ssubtmr6.dll 46416 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.dat 10467 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe 716624 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.msg 10562 bytes
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\vbalsgrid6.ocx 496976 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Program Files (x86)\Malwarebytes' Anti-Malware\zlib.dll 79696 bytes executable
    File C:\## aswSnx private storage\webStorage\image\ProgramData 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\config.dat 740 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\local.dat 87 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref 4783102 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware 0 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware Help.lnk 987 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes' Anti-Malware.lnk 987 bytes
    File C:\## aswSnx private storage\webStorage\image\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Uninstall Malwarebytes' Anti-Malware.lnk 1011 bytes
    File C:\## aswSnx private storage\webStorage\image\Users 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History\History.IE5 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat 16384 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKDTYA1D 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DKDTYA1D\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGTGICXN 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MGTGICXN\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUPPU3FB 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UUPPU3FB\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEOO2684 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZEOO2684\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\03DD2DD3d01 17831 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\13DC100Bd01 16754 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\465E4AE3d01 37136 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\60338443d01 26769 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\6D70BCACd01 55054 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\7CE25DA4d01 20687 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\99DFD6F9d01 127103 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\AF3F69EFd01 35027 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BB86F350d01 18155 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BC5CA455d01 296448 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\BE23704Cd01 19797 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\D2CA0B36d01 27636 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\D3EA8443d01 36259 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\E4588211d01 22320 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\E8CE93ADd01 29245 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\F27F33F0d01 23338 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\FB4AB2F5d01 56501 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_001_ 439224 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_002_ 260659 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_003_ 428800 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\Cache\_CACHE_MAP_ 16660 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\XPC.mfl 1832890 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Mozilla\Firefox\Profiles\zbdje4ge.default\XUL.mfl 1143213 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Temp 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Local\Temp\uglcqpoc.sys 94848 bytes executable
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\4DD39726D4B55AC3B4119B35A893323C_EB65230B7A1EE7FF17EA7D24B7D6C011 1716 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\4DD39726D4B55AC3B4119B35A893323C_EB65230B7A1EE7FF17EA7D24B7D6C011 408 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 342 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_4DD1053BCC726DA41115FFF4C7D6E9CC 404 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java\Deployment 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Macromedia 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Macromedia\Flash Player 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\Cookies 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\Cookies\index.dat 16384 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\IETldCache 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Users\gemma\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat 16384 bytes
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    GMER log is incomplete.
     
  9. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\29605f30-479b5c67 3703 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\29605f30-479b5c67.idx 536 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f1e833-2b991589 24140 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f1e833-2b991589.idx 508 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\44d72c77-1c6c48a8 3738 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55\44d72c77-1c6c48a8.idx 540 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\lastAccessed 1 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin 0 bytes
    File C:\Users\gemma\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com\soundData.sol 49 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\3KVZPHJC\s.ytimg.com\videostats.sol 85 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com 0 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol 81 bytes
    File C:\Users\gemma\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol 4674 bytes
    File C:\Windows\CSC\v2.0.6 0 bytes
    File C:\Windows\CSC\v2.0.6\namespace 0 bytes
    File C:\Windows\CSC\v2.0.6\pq 64 bytes
    File C:\Windows\CSC\v2.0.6\sm 4 bytes
    File C:\Windows\CSC\v2.0.6\temp 0 bytes
    File C:\Windows\CSC\v2.0.6\temp\ea-{4f02fb9d-6a99-11df-970d-a0da9750880e} 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\01GP9IB7\IDR_XML_DEFAULT_TRANSFORM[1] 17163 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5\IDR_XML_DEFAULT_TRANSFORM[1] 17163 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE1ZZRBM 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AE1ZZRBM\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S\Communications[1].asmx 480 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\G67RNB0S\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat 32768 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y 0 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y\desktop.ini 67 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OQXI6F6Y\update[1].asmx 445 bytes
    File C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini 67 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl 0 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl 72 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession7.etl 0 bytes
    File C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTUBPM.etl 72 bytes
    File C:\Windows\Temp\MpCmdRun.log 882 bytes
    File C:\Windows\Temp\_avast5_ 0 bytes
    File C:\Windows\Temp\_avast5_\Webshlock.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Please, disable "word wrap" in Notepad. Some of your logs are hard to read.

    ========================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

    =======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  11. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by gemma at 13:41:55.70 on Sun 11/14/2010
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Extreme Edition R1 - x64 6.1.7600.0.1252.1.1033.18.2038.957 [GMT -5:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\Alwil Software\Avast5\afwServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\gemma\Downloads\9u7zpd3m.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Users\gemma\Downloads\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.mystart.com?pr=oovoo2_2
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No File
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
    uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
    uRun: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRunOnce: [MessengerPlusLiveUninstall] "C:\Users\gemma\AppData\Local\Temp\MsgPlusUninstall.exe" /Cleanup
    StartupFolder: C:\Users\gemma\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
    mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    SSODL-X64: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll
    STS-X64: Windows DreamScene: {E31004D1-A431-41B8-826F-E902F9D95C81} - %SystemRoot%\System32\DreamScene.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\gemma\AppData\Roaming\Mozilla\Firefox\Profiles\zbdje4ge.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Opera\program\plugins\np_gp.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\System32\drivers\aswNdis.sys [2010-5-28 12368]
    R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\System32\drivers\aswNdis2.sys [2010-10-28 250448]
    R1 aswFW;avast! TDI Firewall driver;C:\Windows\System32\drivers\aswFW.sys [2010-10-28 125520]
    R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2010-10-28 472656]
    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-5-28 121936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-5-28 20048]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-5-28 61008]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
    R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2010-10-28 119200]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2010-11-14 1153368]
    R3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
    R3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-10-28 40384]
    R3 NETw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-12-1 6816256]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-12-1 239616]
    S0 johci;JMicron 1394 Filter Driver;C:\Windows\System32\drivers\johci.sys [2009-12-1 18784]
    S0 xfiltx64;VIA SATA IDE Hot-plug Driver;C:\Windows\System32\drivers\xfiltx64.sys [2009-12-1 25752]
    S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2009-12-1 44032]
    S3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-12-1 70424]
    S3 hptmv;hptmv;C:\Windows\System32\drivers\hptmv.sys [2009-12-1 93472]
    S3 IAMTVE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTVE.sys [2009-12-1 43416]
    S3 IAMTXPE;Driver for Intel(R) Active Management Technology - KCS;C:\Windows\System32\drivers\IAMTXPE.sys [2009-12-1 51096]
    S3 ioatdma;Intel(R) QuickData Technology device;C:\Windows\System32\drivers\qd260x64.sys [2009-12-1 41096]
    S3 ioatdma1;ioatdma1;C:\Windows\System32\drivers\qd162x64.sys [2009-12-1 40144]
    S3 ioatdma2;Intel(R) QuickData Technology device ver.2;C:\Windows\System32\drivers\qd262x64.sys [2009-12-1 41680]
    S3 iSSetup;iSSetup;C:\Windows\System32\drivers\iSSetup.sys [2009-12-1 175328]
    S3 MegaSR1;MegaSR1;C:\Windows\System32\drivers\MegaSR1.sys [2009-12-1 461320]
    S3 nvamacpi;nvamacpi;C:\Windows\System32\drivers\nvamacpi.sys [2009-12-1 28192]
    S3 O2MDRDR;O2MDRDR;C:\Windows\System32\drivers\o2mdx64.sys [2009-12-1 56664]
    S3 O2SDRDR;O2SDRDR;C:\Windows\System32\drivers\o2sdx64.sys [2009-12-1 56096]
    S3 Pnp680;Pnp680;C:\Windows\System32\drivers\PnP680.sys [2009-12-1 80424]
    S3 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2009-12-1 60416]
    S3 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2009-12-1 80896]
    S3 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2009-12-1 55808]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-12-1 225280]
    S3 SI3112r;SI3112r;C:\Windows\System32\drivers\SI3112r.sys [2009-12-1 164656]
    S3 SI3114;SI3114;C:\Windows\System32\drivers\SI3114.sys [2009-12-1 99120]
    S3 SI3124;SI3124;C:\Windows\System32\drivers\SI3124.sys [2009-12-1 113456]
    S3 Si3124r5;Si3124r5;C:\Windows\System32\drivers\Si3124r5.sys [2009-12-1 334640]
    S3 Si3531;Si3531;C:\Windows\System32\drivers\Si3531.sys [2009-12-1 330544]
    S3 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2009-12-1 136192]
    S3 ViBusX64;ViBusX64;C:\Windows\System32\drivers\ViBusX64.sys [2009-12-1 25240]
    S3 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2009-12-1 15000]
    S3 ViPrtX64;ViPrtX64;C:\Windows\System32\drivers\ViPrtX64.sys [2009-12-1 67224]
    S3 vm3dmp;vm3dmp;C:\Windows\System32\drivers\vm3dmp.sys [2009-11-29 86576]
    S3 vmmouse;VMware Pointing Device;C:\Windows\System32\drivers\vmmouse.sys [2009-11-29 13872]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-8-31 1255736]
     
  12. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    =============== Created Last 30 ================

    2010-11-14 16:02:50 -------- d-----w- C:\Program Files\Spybot - Search & Destroy
    2010-11-14 16:02:50 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy
    2010-11-14 08:01:50 -------- d-----w- C:\Program Files\CCleaner
    2010-11-13 16:20:10 -------- d-----w- C:\Users\gemma\AppData\Local\Help
    2010-11-12 23:47:13 8006480 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{ABD6CFA6-0E69-4DEC-8E73-987C7F434C24}\mpengine.dll
    2010-10-30 04:06:59 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2010-10-30 04:06:59 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2010-10-28 19:10:15 472656 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2010-10-28 19:10:15 125520 ----a-w- C:\Windows\System32\drivers\aswFW.sys
    2010-10-28 19:10:08 250448 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
    2010-10-28 19:10:06 38848 ----a-w- C:\Windows\avastSS.scr
    2010-10-26 21:50:56 -------- d-----w- C:\Users\gemma\AppData\Roaming\LockHunter
    2010-10-21 17:36:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-10-21 17:36:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-10-21 17:36:11 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2010-10-21 17:36:11 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
    2010-10-21 17:35:59 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2010-10-21 17:35:58 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2010-10-21 17:35:57 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2010-10-21 17:35:56 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2010-10-21 17:35:45 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-10-21 17:35:45 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-10-21 17:35:38 339456 ----a-w- C:\Windows\System32\schannel.dll
    2010-10-21 17:35:32 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-10-21 17:35:31 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-10-21 17:34:46 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-10-21 17:34:46 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-10-21 17:34:10 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-10-21 17:34:10 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll

    ==================== Find3M ====================

    2010-10-19 15:41:44 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:28:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:47:01 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-07 14:47:33 61008 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2010-09-01 08:10:52 144384 ----a-w- C:\Windows\SysWow64\wmpps.dll
    2010-09-01 08:10:07 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
    2010-09-01 08:10:07 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
    2010-09-01 08:09:22 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
    2010-09-01 08:03:54 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 05:16:44 479232 ----a-w- C:\Windows\System32\wmpps.dll
    2010-09-01 05:15:29 5120 ----a-w- C:\Windows\System32\msdxm.ocx
    2010-09-01 05:15:29 5120 ----a-w- C:\Windows\System32\dxmasf.dll
    2010-09-01 05:14:30 9728 ----a-w- C:\Windows\System32\spwmp.dll
    2010-09-01 05:06:55 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-20 04:30:08 224256 ----a-w- C:\Windows\SysWow64\schannel.dll

    ============= FINISH: 13:43:01.83 ===============
     
  13. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Extreme Edition R1 - x64
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/28/2010 2:21:05 PM
    System Uptime: 11/14/2010 2:42:39 AM (11 hours ago)

    Motherboard: Quanta | | 30CC
    Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | U2E1 | 1500/667mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 225 GiB total, 192.688 GiB free.
    D: is FIXED (NTFS) - 8 GiB total, 1.823 GiB free.

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: ACPI\HPQ0006\4&1D8D756B&0
    Manufacturer:
    Name:
    PNP Device ID: ACPI\HPQ0006\4&1D8D756B&0
    Service:

    ==== System Restore Points ===================

    RP78: 10/29/2010 11:26:43 PM - Windows Update
    RP79: 11/2/2010 8:59:41 PM - Windows Update
    RP80: 11/3/2010 9:36:26 PM - Windows Update
    RP81: 11/5/2010 11:23:19 PM - Windows Update
    RP82: 11/10/2010 1:55:08 AM - Windows Update
    RP83: 11/10/2010 6:35:30 PM - Windows Update
    RP84: 11/12/2010 6:45:58 PM - Windows Update

    ==== Installed Programs ======================

    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.2
    Advertising Center
    avast! Internet Security
    DolbyFiles
    ImagXpress
    Java(TM) 6 Update 17
    K-Lite Mega Codec Pack 5.5.0
    Menu Templates - Starter Kit
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Service Pack 1 Redistributable
    Mozilla Firefox (3.6.12)
    Nero 9 Trial
    Nero BurnRights
    Nero ControlCenter
    Nero DiscSpeed
    Nero DriveSpeed
    Nero InfoTool
    Nero Installer
    Nero Rescue Agent
    NeroBurningROM
    NeroExpress
    Notepad++
    ooVoo
    Opera 10.10
    Realtek High Definition Audio Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2289158)
    Security Update for 2007 Microsoft Office System (KB2344875)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2345035)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office Outlook 2007 (KB2288953)
    Security Update for Microsoft Office PowerPoint 2007 (KB982158)
    Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
    Security Update for Microsoft Office Publisher 2007 (KB982124)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype™ 4.2
    Spybot - Search & Destroy
    UltraISO Premium V9.35
    Universal Extractor 1.6
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Outlook 2007 Junk Email Filter (KB2443839)
    Windows Live Communications Platform
    Windows Live Messenger

    ==== Event Viewer Messages From Past Week ========

    11/8/2010 6:06:57 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    11/8/2010 6:06:57 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    11/8/2010 6:06:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    11/14/2010 2:43:38 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: johci xfiltx64
    11/14/2010 10:31:12 AM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet.
    11/14/2010 10:31:12 AM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
    11/13/2010 9:49:27 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cdrom johci xfiltx64
    11/13/2010 11:15:31 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:12:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    11/13/2010 11:09:28 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    11/13/2010 11:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}
    11/13/2010 11:07:50 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    11/13/2010 11:05:36 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    11/13/2010 11:05:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    11/13/2010 11:05:29 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD aswFW aswRdr aswSnx aswSP aswTdi CSC DfsC discache johci NetBIOS NetBT nsiproxy Psched rdbss spldr sptd tdx vpcnfltr vpcvmm Wanarpv6 WfpLwf xfiltx64
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:05:26 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    11/13/2010 11:04:42 AM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    11/11/2010 9:11:04 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x0000000000000000, 0x0000000000000002, 0x0000000000000000, 0xfffff80002a897b6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 111110-47159-01.
    11/11/2010 4:53:42 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    11/11/2010 4:50:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    11/11/2010 4:50:28 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: aswSnx aswSP aswTdi discache johci spldr sptd vpcvmm Wanarpv6 xfiltx64
    11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    11/10/2010 6:35:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    11/10/2010 6:34:08 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    11/10/2010 6:33:08 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
  14. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    2010/11/14 14:01:44.0758 TDSS rootkit removing tool 2.4.7.0 Nov 8 2010 10:52:22
    2010/11/14 14:01:44.0758 ================================================================================
    2010/11/14 14:01:44.0758 SystemInfo:
    2010/11/14 14:01:44.0758
    2010/11/14 14:01:44.0758 OS Version: 6.1.7600 ServicePack: 0.0
    2010/11/14 14:01:44.0758 Product type: Workstation
    2010/11/14 14:01:44.0758 ComputerName: GEMMA-PC
    2010/11/14 14:01:44.0758 UserName: gemma
    2010/11/14 14:01:44.0758 Windows directory: C:\Windows
    2010/11/14 14:01:44.0758 System windows directory: C:\Windows
    2010/11/14 14:01:44.0758 Running under WOW64
    2010/11/14 14:01:44.0758 Processor architecture: Intel x64
    2010/11/14 14:01:44.0758 Number of processors: 2
    2010/11/14 14:01:44.0758 Page size: 0x1000
    2010/11/14 14:01:44.0758 Boot type: Normal boot
    2010/11/14 14:01:44.0758 ================================================================================
    2010/11/14 14:01:44.0758 Utility is running under WOW64
    2010/11/14 14:01:45.0288 Initialize success
    2010/11/14 14:01:48.0845 ================================================================================
    2010/11/14 14:01:48.0845 Scan started
    2010/11/14 14:01:48.0845 Mode: Manual;
    2010/11/14 14:01:48.0845 ================================================================================
    2010/11/14 14:01:49.0375 1394ohci (69aa89a20dee08bfa650aab6ce37bd10) C:\Windows\system32\DRIVERS\1394ohci.sys
    2010/11/14 14:01:49.0422 ACPI (b17fc92e0cbce7c0c3f657b866ec7704) C:\Windows\system32\drivers\ACPI.sys
    2010/11/14 14:01:49.0469 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\drivers\acpipmi.sys
    2010/11/14 14:01:49.0516 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
    2010/11/14 14:01:49.0625 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
    2010/11/14 14:01:49.0703 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
    2010/11/14 14:01:49.0797 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2010/11/14 14:01:49.0859 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    2010/11/14 14:01:49.0906 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    2010/11/14 14:01:49.0937 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    2010/11/14 14:01:49.0984 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
    2010/11/14 14:01:50.0031 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
    2010/11/14 14:01:50.0093 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\drivers\amdsata.sys
    2010/11/14 14:01:50.0140 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
    2010/11/14 14:01:50.0171 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\drivers\amdxata.sys
    2010/11/14 14:01:50.0233 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
    2010/11/14 14:01:50.0280 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2010/11/14 14:01:50.0327 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
    2010/11/14 14:01:50.0358 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
    2010/11/14 14:01:50.0452 aswFsBlk (b76182f203e0bd5eb6a5f6538f0faee4) C:\Windows\system32\drivers\aswFsBlk.sys
    2010/11/14 14:01:50.0514 aswFW (dd281cfc996d71553a4185ce424b5c45) C:\Windows\system32\drivers\aswFW.sys
    2010/11/14 14:01:50.0577 aswMonFlt (a88e9544edda1ce83825dd22d6a8b5f9) C:\Windows\system32\drivers\aswMonFlt.sys
    2010/11/14 14:01:50.0670 aswNdis (518b8d447a1975ab46da093a2e743256) C:\Windows\system32\DRIVERS\aswNdis.sys
    2010/11/14 14:01:50.0733 aswNdis2 (b14a130c09ab3db6697f9e9df44ad7de) C:\Windows\system32\drivers\aswNdis2.sys
    2010/11/14 14:01:50.0795 aswRdr (cfad2fb33b22e7039c9dc233baacbf8b) C:\Windows\system32\drivers\aswRdr.sys
    2010/11/14 14:01:50.0842 aswSnx (9638a3064b642410011b43a210276f55) C:\Windows\system32\drivers\aswSnx.sys
    2010/11/14 14:01:50.0873 aswSP (594365e887f4a5ad3970870b352eb887) C:\Windows\system32\drivers\aswSP.sys
    2010/11/14 14:01:50.0920 aswTdi (4ba0a0e1d36f88f536180ffe5efd8b7c) C:\Windows\system32\drivers\aswTdi.sys
    2010/11/14 14:01:50.0967 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2010/11/14 14:01:51.0013 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2010/11/14 14:01:51.0138 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
    2010/11/14 14:01:51.0201 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2010/11/14 14:01:51.0247 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2010/11/14 14:01:51.0341 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2010/11/14 14:01:51.0372 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2010/11/14 14:01:51.0403 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
    2010/11/14 14:01:51.0419 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
    2010/11/14 14:01:51.0466 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2010/11/14 14:01:51.0513 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2010/11/14 14:01:51.0528 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2010/11/14 14:01:51.0559 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2010/11/14 14:01:51.0606 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
    2010/11/14 14:01:51.0669 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2010/11/14 14:01:51.0715 cdrom (ec5ae6d60673dd4874c6da1d4ba4cbcb) C:\Windows\system32\DRIVERS\cdrom.sys
    2010/11/14 14:01:51.0778 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
    2010/11/14 14:01:51.0840 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2010/11/14 14:01:51.0903 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2010/11/14 14:01:51.0934 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    2010/11/14 14:01:51.0965 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2010/11/14 14:01:52.0027 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
    2010/11/14 14:01:52.0074 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2010/11/14 14:01:52.0137 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
    2010/11/14 14:01:52.0183 CSC (4a6173c2279b498cd8f57cae504564cb) C:\Windows\system32\drivers\csc.sys
    2010/11/14 14:01:52.0277 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2010/11/14 14:01:52.0324 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2010/11/14 14:01:52.0355 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2010/11/14 14:01:52.0433 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2010/11/14 14:01:52.0495 DXGKrnl (ebce0b0924835f635f620d19f0529dce) C:\Windows\System32\drivers\dxgkrnl.sys
    2010/11/14 14:01:52.0589 E1G60 (edc6e9c057c9d7f83eea22b4cef5dcad) C:\Windows\system32\DRIVERS\E1G6032E.sys
    2010/11/14 14:01:52.0729 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
    2010/11/14 14:01:52.0901 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
    2010/11/14 14:01:52.0948 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    2010/11/14 14:01:53.0010 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2010/11/14 14:01:53.0041 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2010/11/14 14:01:53.0104 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
    2010/11/14 14:01:53.0182 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2010/11/14 14:01:53.0213 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2010/11/14 14:01:53.0244 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
    2010/11/14 14:01:53.0291 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2010/11/14 14:01:53.0353 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2010/11/14 14:01:53.0385 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2010/11/14 14:01:53.0447 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2010/11/14 14:01:53.0478 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
    2010/11/14 14:01:53.0509 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2010/11/14 14:01:53.0556 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2010/11/14 14:01:53.0619 HECIx64 (3ce9668e4ad154424b39efac30c49deb) C:\Windows\system32\DRIVERS\HECIx64.sys
    2010/11/14 14:01:53.0634 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
    2010/11/14 14:01:53.0665 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
    2010/11/14 14:01:53.0697 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
    2010/11/14 14:01:53.0759 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\drivers\hidusb.sys
    2010/11/14 14:01:53.0821 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\drivers\HpSAMD.sys
    2010/11/14 14:01:53.0884 hptmv (93850720522b3015ce0ab56c78c2b219) C:\Windows\system32\DRIVERS\hptmv.sys
    2010/11/14 14:01:53.0946 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2010/11/14 14:01:53.0993 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2010/11/14 14:01:54.0040 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2010/11/14 14:01:54.0118 IAMTVE (87a72502c8ac5e89b5a46ff6e874f5c5) C:\Windows\system32\DRIVERS\IAMTVE.sys
    2010/11/14 14:01:54.0149 IAMTXPE (5516f8e518a2f6a8755498f3e73957cf) C:\Windows\system32\DRIVERS\IAMTXPE.sys
    2010/11/14 14:01:54.0196 iaStor (1adaa4f16073fd0c7270f451fd024e97) C:\Windows\system32\DRIVERS\iaStor.sys
    2010/11/14 14:01:54.0258 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\drivers\iaStorV.sys
    2010/11/14 14:01:54.0508 igfx (24cc43ecdeefd4c19fbbee4951b647f1) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2010/11/14 14:01:54.0711 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
    2010/11/14 14:01:54.0835 IntcAzAudAddService (52d9171838bb92319f23656f502916e9) C:\Windows\system32\drivers\RTKVHD64.sys
    2010/11/14 14:01:54.0960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2010/11/14 14:01:55.0007 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2010/11/14 14:01:55.0054 ioatdma (3db35c88389e3a21adeb4a6cfc4075f9) C:\Windows\System32\Drivers\qd260x64.sys
    2010/11/14 14:01:55.0085 ioatdma1 (127f0a7586acec7b83131bff2b4394c1) C:\Windows\System32\Drivers\qd162x64.sys
    2010/11/14 14:01:55.0132 ioatdma2 (70cc19b5c076f8497cab4a77d6500e8a) C:\Windows\System32\Drivers\qd262x64.sys
    2010/11/14 14:01:55.0210 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2010/11/14 14:01:55.0241 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\drivers\IPMIDrv.sys
    2010/11/14 14:01:55.0288 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2010/11/14 14:01:55.0319 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2010/11/14 14:01:55.0350 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    2010/11/14 14:01:55.0397 iScsiPrt (fd05c69275922c516d814bb2a0f264ff) C:\Windows\system32\drivers\msiscsi.sys
    2010/11/14 14:01:55.0444 iSSetup (072cd31673f08dbf2992cccc5e78cd66) C:\Windows\system32\DRIVERS\iSSetup.sys
    2010/11/14 14:01:55.0475 iteraid (149965167ed18c14f6e080a781684e13) C:\Windows\system32\DRIVERS\iteraid.sys
    2010/11/14 14:01:55.0522 johci (148a8e14340e640aca1d316133960d64) C:\Windows\system32\DRIVERS\johci.sys
    2010/11/14 14:01:55.0553 JRAID (6ebe4832b1a7c063fdf87035afc1e3dc) C:\Windows\system32\DRIVERS\jraid.sys
    2010/11/14 14:01:55.0600 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2010/11/14 14:01:55.0647 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\drivers\kbdhid.sys
    2010/11/14 14:01:55.0678 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2010/11/14 14:01:55.0740 KSecPkg (a8d4f3b3f038a45bce78ce6aeeb7402c) C:\Windows\system32\Drivers\ksecpkg.sys
    2010/11/14 14:01:55.0771 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2010/11/14 14:01:55.0865 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2010/11/14 14:01:55.0943 LSI_FC (d7b77b486804af25838aa51734f65e2c) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2010/11/14 14:01:55.0990 LSI_SAS (7e87030a627fc09f1ae54a491ad58c39) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2010/11/14 14:01:56.0021 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
    2010/11/14 14:01:56.0068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
    2010/11/14 14:01:56.0115 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2010/11/14 14:01:56.0146 megasas (e2e92687f505bf15d07b4315866b4a44) C:\Windows\system32\DRIVERS\megasas.sys
    2010/11/14 14:01:56.0208 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
    2010/11/14 14:01:56.0255 MegaSR1 (6d884467fdd4ea15040ca0d5d34c067c) C:\Windows\system32\DRIVERS\MegaSR1.sys
    2010/11/14 14:01:56.0349 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2010/11/14 14:01:56.0380 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2010/11/14 14:01:56.0442 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2010/11/14 14:01:56.0473 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\drivers\mouhid.sys
    2010/11/14 14:01:56.0520 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2010/11/14 14:01:56.0551 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\drivers\mpio.sys
    2010/11/14 14:01:56.0583 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2010/11/14 14:01:56.0629 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2010/11/14 14:01:56.0676 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2010/11/14 14:01:56.0707 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2010/11/14 14:01:56.0770 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2010/11/14 14:01:56.0817 msahci (aece1f4818539ed2e567f8796ad971ef) C:\Windows\system32\DRIVERS\msahci.sys
    2010/11/14 14:01:56.0848 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\drivers\msdsm.sys
    2010/11/14 14:01:56.0895 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2010/11/14 14:01:56.0941 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2010/11/14 14:01:56.0973 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2010/11/14 14:01:57.0035 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2010/11/14 14:01:57.0066 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2010/11/14 14:01:57.0113 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2010/11/14 14:01:57.0160 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2010/11/14 14:01:57.0285 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2010/11/14 14:01:57.0331 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2010/11/14 14:01:57.0378 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
    2010/11/14 14:01:57.0441 MTsensor (6936198f2cc25b39cf5262436c80df46) C:\Windows\system32\DRIVERS\ASACPI.sys
    2010/11/14 14:01:57.0487 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2010/11/14 14:01:57.0550 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2010/11/14 14:01:57.0628 NDIS (467d2c33b82990603e9e90fe96b034c3) C:\Windows\system32\drivers\ndis.sys
    2010/11/14 14:01:57.0706 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2010/11/14 14:01:57.0768 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2010/11/14 14:01:57.0784 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2010/11/14 14:01:57.0831 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2010/11/14 14:01:57.0862 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2010/11/14 14:01:57.0893 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2010/11/14 14:01:57.0940 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2010/11/14 14:01:58.0189 NETw5v64 (50d4c98bc85e87e5f38bd3960457c18b) C:\Windows\system32\DRIVERS\NETw5v64.sys
    2010/11/14 14:01:58.0408 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
    2010/11/14 14:01:58.0470 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2010/11/14 14:01:58.0501 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2010/11/14 14:01:58.0595 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2010/11/14 14:01:58.0720 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2010/11/14 14:01:58.0798 nvamacpi (7fd5c060cb907489a5702f628226f54a) C:\Windows\system32\DRIVERS\NVAMACPI.sys
    2010/11/14 14:01:58.0845 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\drivers\nvraid.sys
    2010/11/14 14:01:58.0891 nvrd64 (694f5e9d9d624d47f432f5b2e66a0528) C:\Windows\system32\DRIVERS\nvrd64.sys
    2010/11/14 14:01:58.0938 nvsmu (e58d81fb8616d0cb55c1e36aa0b213c9) C:\Windows\system32\DRIVERS\nvsmu.sys
    2010/11/14 14:01:58.0985 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\drivers\nvstor.sys
    2010/11/14 14:01:59.0016 nvstor64 (05de5dc43afe6cab78f9c7ca044cbcbe) C:\Windows\system32\DRIVERS\nvstor64.sys
    2010/11/14 14:01:59.0047 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    2010/11/14 14:01:59.0079 O2MDRDR (a22332e058215eb4835ea3ae6d14bdc3) C:\Windows\system32\DRIVERS\o2mdx64.sys
    2010/11/14 14:01:59.0110 O2SDRDR (df014c48015b637790be3eddd1384728) C:\Windows\system32\DRIVERS\o2sdx64.sys
    2010/11/14 14:01:59.0172 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    2010/11/14 14:01:59.0313 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
    2010/11/14 14:01:59.0344 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2010/11/14 14:01:59.0406 pci (5aab2b170536885de70a6cba8d7ce52b) C:\Windows\system32\DRIVERS\pci.sys
    2010/11/14 14:01:59.0422 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2010/11/14 14:01:59.0469 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
    2010/11/14 14:01:59.0500 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2010/11/14 14:01:59.0547 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2010/11/14 14:01:59.0671 Pnp680 (608a144310828c21ddf745124b10f833) C:\Windows\system32\DRIVERS\pnp680.sys
    2010/11/14 14:01:59.0765 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2010/11/14 14:01:59.0796 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
    2010/11/14 14:01:59.0874 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2010/11/14 14:01:59.0952 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
    2010/11/14 14:02:00.0061 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
    2010/11/14 14:02:00.0108 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2010/11/14 14:02:00.0139 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2010/11/14 14:02:00.0186 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2010/11/14 14:02:00.0233 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2010/11/14 14:02:00.0280 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2010/11/14 14:02:00.0311 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2010/11/14 14:02:00.0358 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2010/11/14 14:02:00.0389 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2010/11/14 14:02:00.0420 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2010/11/14 14:02:00.0467 RDPDR (9706b84dbabfc4b4ca46c5a82b14dfa3) C:\Windows\system32\drivers\rdpdr.sys
    2010/11/14 14:02:00.0514 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2010/11/14 14:02:00.0545 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2010/11/14 14:02:00.0592 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2010/11/14 14:02:00.0639 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2010/11/14 14:02:00.0717 rimmptsk (6faf5b04bedc66d300d9d233b2d222f0) C:\Windows\system32\DRIVERS\rimmpx64.sys
    2010/11/14 14:02:00.0748 rimspci (e20b1907fc72a3664ece21e3c20fc63d) C:\Windows\system32\DRIVERS\rimspe64.sys
    2010/11/14 14:02:00.0779 rimsptsk (67f50c31713106fd1b0f286f86aa2b2e) C:\Windows\system32\DRIVERS\rimspx64.sys
    2010/11/14 14:02:00.0810 risdpcie (a6da2b0c8f5bb3f9f5423cff8d6a02d9) C:\Windows\system32\DRIVERS\risdpe64.sys
    2010/11/14 14:02:00.0841 rismxdp (4d7ef3d46346ec4c58784db964b365de) C:\Windows\system32\DRIVERS\rixdpx64.sys
    2010/11/14 14:02:00.0888 rixdpcie (6a1cd4674505e6791390a1ab71da1fbe) C:\Windows\system32\DRIVERS\rixdpe64.sys
    2010/11/14 14:02:00.0966 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2010/11/14 14:02:01.0013 RSUSBSTOR (483df0b58ca532e5240e59dc41f30aa2) C:\Windows\System32\Drivers\RtsUStor.sys
    2010/11/14 14:02:01.0060 RTL8167 (3b01789ee4eaee97f5eb46b711387d5e) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2010/11/14 14:02:01.0107 RTSTOR (af4df7eebbd9093721daef27cc8c1cbc) C:\Windows\system32\drivers\RTSTOR64.SYS
    2010/11/14 14:02:01.0153 s3cap (88af6e02ab19df7fd07ecdf9c91e9af6) C:\Windows\system32\drivers\vms3cap.sys
    2010/11/14 14:02:01.0200 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\drivers\sbp2port.sys
    2010/11/14 14:02:01.0278 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2010/11/14 14:02:01.0372 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
    2010/11/14 14:02:01.0419 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2010/11/14 14:02:01.0481 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2010/11/14 14:02:01.0528 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2010/11/14 14:02:01.0559 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
    2010/11/14 14:02:01.0606 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    2010/11/14 14:02:01.0637 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    2010/11/14 14:02:01.0668 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\drivers\sffp_sd.sys
    2010/11/14 14:02:01.0699 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
    2010/11/14 14:02:01.0762 SI3112r (e2512862265d97db53df788bfa9053a0) C:\Windows\system32\DRIVERS\SI3112r.sys
    2010/11/14 14:02:01.0793 SI3114 (ca263222eb177e2e48b86d5eaa3ff75a) C:\Windows\system32\DRIVERS\SI3114.sys
    2010/11/14 14:02:01.0824 SI3114r (4891290048ec8f693fc6df66b9cbddde) C:\Windows\system32\DRIVERS\SI3114R.sys
    2010/11/14 14:02:01.0871 SI3124 (7fd4f1bb790d21eaeb2101c97178a501) C:\Windows\system32\DRIVERS\SI3124.sys
    2010/11/14 14:02:01.0887 Si3124r5 (993e75b5952a642d8407ed252efd8d82) C:\Windows\system32\DRIVERS\Si3124r5.sys
    2010/11/14 14:02:01.0933 SI3132 (0f498dee92fd73dd999bae4d506367f5) C:\Windows\system32\DRIVERS\SI3132.sys
    2010/11/14 14:02:01.0980 Si3531 (904828d8fb78c353f8ef4e74c75e4534) C:\Windows\system32\DRIVERS\Si3531.sys
    2010/11/14 14:02:02.0011 SiFilter (127ce10e01f53f2edaca7fe42e5631ea) C:\Windows\system32\DRIVERS\SiWinAcc.sys
    2010/11/14 14:02:02.0043 SiRemFil (b742c37002b8ebef6e230df9b4b28546) C:\Windows\system32\DRIVERS\SiRemFil.sys
    2010/11/14 14:02:02.0074 SISAGP (dcd65268f0a44e2062ed3fc86c39ca7e) C:\Windows\system32\DRIVERS\SISAGPX.sys
    2010/11/14 14:02:02.0121 SiSRaid2 (c18b076615486eeeebc14aa1bd2162f8) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2010/11/14 14:02:02.0167 SiSRaid4 (a836528fa53422956c0dcedb8f58b9ee) C:\Windows\system32\DRIVERS\sisraid4.sys
    2010/11/14 14:02:02.0214 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2010/11/14 14:02:02.0308 smserial (7ae8bca90539ecbde87ac45ba1436be3) C:\Windows\system32\DRIVERS\SmSerl64.sys
    2010/11/14 14:02:02.0433 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2010/11/14 14:02:02.0542 sptd (602884696850c86434530790b110e8eb) C:\Windows\system32\Drivers\sptd.sys
    2010/11/14 14:02:02.0542 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 602884696850c86434530790b110e8eb
    2010/11/14 14:02:02.0557 sptd - detected Locked file (1)
    2010/11/14 14:02:02.0620 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2010/11/14 14:02:02.0667 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2010/11/14 14:02:02.0729 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2010/11/14 14:02:02.0838 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
    2010/11/14 14:02:02.0901 storflt (ffd7a6f15b14234b5b0e5d49e7961895) C:\Windows\system32\drivers\vmstorfl.sys
    2010/11/14 14:02:02.0932 storvsc (8fccbefc5c440b3c23454656e551b09a) C:\Windows\system32\drivers\storvsc.sys
    2010/11/14 14:02:02.0979 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2010/11/14 14:02:03.0135 Tcpip (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\drivers\tcpip.sys
    2010/11/14 14:02:03.0259 TCPIP6 (542c6767c68c9d6aaaca59436b0d15c2) C:\Windows\system32\DRIVERS\tcpip.sys
    2010/11/14 14:02:03.0322 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2010/11/14 14:02:03.0384 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2010/11/14 14:02:03.0415 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2010/11/14 14:02:03.0462 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2010/11/14 14:02:03.0493 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2010/11/14 14:02:03.0571 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2010/11/14 14:02:03.0634 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2010/11/14 14:02:03.0681 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
    2010/11/14 14:02:03.0727 udfs (31ba4a33afab6a69ea092b18017f737f) C:\Windows\system32\DRIVERS\udfs.sys
    2010/11/14 14:02:03.0774 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    2010/11/14 14:02:03.0805 umbus (66d3a0c00a2b5e173d3ee8707b9983eb) C:\Windows\system32\DRIVERS\umbus.sys
    2010/11/14 14:02:03.0852 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
    2010/11/14 14:02:03.0915 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2010/11/14 14:02:03.0946 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    2010/11/14 14:02:03.0993 usbehci (540fff4a65d1ca38c4be480c5a5d0a14) C:\Windows\system32\DRIVERS\usbehci.sys
    2010/11/14 14:02:04.0055 usbhub (14d462dcf487fe70e804e47d39105f21) C:\Windows\system32\DRIVERS\usbhub.sys
    2010/11/14 14:02:04.0086 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
    2010/11/14 14:02:04.0117 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
    2010/11/14 14:02:04.0149 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\drivers\USBSTOR.SYS
    2010/11/14 14:02:04.0195 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2010/11/14 14:02:04.0242 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
    2010/11/14 14:02:04.0289 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    2010/11/14 14:02:04.0351 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2010/11/14 14:02:04.0398 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2010/11/14 14:02:04.0414 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\drivers\vhdmp.sys
    2010/11/14 14:02:04.0476 viaagp1 (8b1ea4185548812d8a4bbb7bf54bf2d5) C:\Windows\system32\DRIVERS\viaagp1.sys
    2010/11/14 14:02:04.0507 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    2010/11/14 14:02:04.0554 viamrx64 (d0f2587aca932d5c1bc0f949cb76ebb1) C:\Windows\system32\DRIVERS\viamrx64.sys
    2010/11/14 14:02:04.0601 ViBusX64 (fbaef6f9da7eec642be397bdac37f265) C:\Windows\system32\DRIVERS\ViBusX64.sys
    2010/11/14 14:02:04.0632 videX64 (5c0ae0fc169a23b0c98ee023c09d30a5) C:\Windows\system32\DRIVERS\videX64.sys
    2010/11/14 14:02:04.0663 ViPrtX64 (9bc4396aad0f426662db535889d073a1) C:\Windows\system32\DRIVERS\ViPrtX64.sys
    2010/11/14 14:02:04.0726 vm3dmp (8d960f38c444d21e49497c8471e3ed80) C:\Windows\system32\DRIVERS\vm3dmp.sys
    2010/11/14 14:02:04.0804 vmbus (1501699d7eda984abc4155a7da5738d1) C:\Windows\system32\drivers\vmbus.sys
    2010/11/14 14:02:04.0835 VMBusHID (ae10c35761889e65a6f7176937c5592c) C:\Windows\system32\drivers\VMBusHID.sys
    2010/11/14 14:02:04.0897 vmci (f4da273db364b14877f28938dcd6c2c3) C:\Windows\system32\DRIVERS\vmci.sys
    2010/11/14 14:02:04.0929 vmmouse (181c7ced01ff74cbe3590b033a60d02c) C:\Windows\system32\DRIVERS\vmmouse.sys
    2010/11/14 14:02:04.0975 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\drivers\volmgr.sys
    2010/11/14 14:02:05.0022 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2010/11/14 14:02:05.0069 volsnap (0933f269b1725062a4f7ce4346300888) C:\Windows\system32\drivers\volsnap.sys
    2010/11/14 14:02:05.0131 vpcbus (abd9b4a7e2d0ae51a3b8df1af3152d61) C:\Windows\system32\DRIVERS\vpchbus.sys
    2010/11/14 14:02:05.0178 vpcnfltr (8acda395841538ce9713a67fe8b2a3eb) C:\Windows\system32\DRIVERS\vpcnfltr.sys
    2010/11/14 14:02:05.0225 vpcusb (31924e31bc315773e6d149b157db46d5) C:\Windows\system32\DRIVERS\vpcusb.sys
    2010/11/14 14:02:05.0256 vpcvmm (c5b651e52540e6f46da66574c74b4898) C:\Windows\system32\drivers\vpcvmm.sys
    2010/11/14 14:02:05.0319 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
    2010/11/14 14:02:05.0365 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    2010/11/14 14:02:05.0428 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
    2010/11/14 14:02:05.0490 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/14 14:02:05.0521 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2010/11/14 14:02:05.0599 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
    2010/11/14 14:02:05.0646 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2010/11/14 14:02:05.0771 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2010/11/14 14:02:05.0818 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2010/11/14 14:02:05.0927 WinUsb (4d52c872018af7e18d078978dcc3f6f2) C:\Windows\system32\DRIVERS\WinUsb.sys
    2010/11/14 14:02:05.0989 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2010/11/14 14:02:06.0083 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2010/11/14 14:02:06.0161 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2010/11/14 14:02:06.0208 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2010/11/14 14:02:06.0270 xfiltx64 (5c2213ee5c1fad7636ff5def24cf21dc) C:\Windows\system32\DRIVERS\xfiltx64.sys
    2010/11/14 14:02:06.0333 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2010/11/14 14:02:06.0333 ================================================================================
    2010/11/14 14:02:06.0333 Scan finished
    2010/11/14 14:02:06.0333 ================================================================================
    2010/11/14 14:02:06.0348 Detected object count: 2
    2010/11/14 14:02:09.0890 Locked file(sptd) - User select action: Skip
    2010/11/14 14:02:09.0952 \HardDisk0 - will be cured after reboot
    2010/11/14 14:02:09.0952 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2010/11/14 14:02:12.0916 Deinitialize success
     
  15. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Quanta
    BIOS Manufacturer: Hewlett-Packard
    System Manufacturer: Hewlett-Packard
    System Product Name: HP Pavilion dv6500 Notebook PC
    Logical Drives Mask: 0x0000001c

    Kernel Drivers (total 171):
    0x02A60000 \SystemRoot\system32\ntoskrnl.exe
    0x02A17000 \SystemRoot\system32\hal.dll
    0x00B9F000 \SystemRoot\system32\kdcom.dll
    0x00CCF000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00D13000 \SystemRoot\system32\PSHED.dll
    0x00D27000 \SystemRoot\system32\CLFS.SYS
    0x00C00000 \SystemRoot\system32\CI.dll
    0x00E1C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00EC0000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00ECF000 \SystemRoot\System32\Drivers\spwy.sys
    0x00FF5000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00D85000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01062000 \SystemRoot\system32\drivers\ACPI.sys
    0x010B9000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x010C3000 \SystemRoot\system32\drivers\vdrvroot.sys
    0x010D0000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01103000 \SystemRoot\System32\drivers\partmgr.sys
    0x01118000 \SystemRoot\system32\drivers\compbatt.sys
    0x01121000 \SystemRoot\system32\drivers\BATTC.SYS
    0x0112D000 \SystemRoot\system32\drivers\volmgr.sys
    0x01142000 \SystemRoot\System32\drivers\volmgrx.sys
    0x0119E000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x011A6000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x011B6000 \SystemRoot\System32\drivers\mountmgr.sys
    0x011D0000 \SystemRoot\system32\drivers\nvraid.sys
    0x01000000 \SystemRoot\system32\drivers\CLASSPNP.SYS
    0x01030000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x01261000 \SystemRoot\system32\DRIVERS\iaStor.sys
    0x0137E000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x01387000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x013B1000 \SystemRoot\system32\drivers\amdxata.sys
    0x013BC000 \SystemRoot\system32\drivers\vsmraid.sys
    0x01421000 \SystemRoot\system32\drivers\storport.sys
    0x01483000 \SystemRoot\system32\drivers\fltmgr.sys
    0x014CF000 \SystemRoot\system32\drivers\fileinfo.sys
    0x014E3000 \SystemRoot\system32\DRIVERS\SiWinAcc.sys
    0x01627000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x014F6000 \SystemRoot\System32\Drivers\msrpc.sys
    0x017CA000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01554000 \SystemRoot\System32\Drivers\cng.sys
    0x017E4000 \SystemRoot\System32\drivers\pcw.sys
    0x017F5000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01865000 \SystemRoot\system32\drivers\ndis.sys
    0x01957000 \SystemRoot\system32\drivers\NETIO.SYS
    0x019B7000 \SystemRoot\System32\Drivers\aswNdis2.sys
    0x01800000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01A05000 \SystemRoot\System32\drivers\tcpip.sys
    0x01200000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x0182B000 \SystemRoot\system32\DRIVERS\aswNdis.sys
    0x01832000 \SystemRoot\system32\drivers\vmstorfl.sys
    0x00DB4000 \SystemRoot\system32\drivers\volsnap.sys
    0x01842000 \SystemRoot\System32\Drivers\spldr.sys
    0x01CB1000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01CEB000 \SystemRoot\system32\DRIVERS\SiRemFil.sys
    0x01CF3000 \SystemRoot\System32\Drivers\mup.sys
    0x01D0E000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01D17000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01D51000 \SystemRoot\system32\DRIVERS\disk.sys
    0x03157000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x03181000 \SystemRoot\System32\Drivers\aswSnx.SYS
    0x03000000 \SystemRoot\System32\Drivers\Null.SYS
    0x03009000 \SystemRoot\System32\Drivers\Beep.SYS
    0x03010000 \SystemRoot\System32\drivers\vga.sys
    0x01D75000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01D9A000 \SystemRoot\System32\drivers\watchdog.sys
    0x0301E000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01DAA000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01DB3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01DBC000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x01DC7000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01DD8000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01C00000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x01C0D000 \SystemRoot\System32\Drivers\aswFW.SYS
    0x01C2F000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x03EDD000 \SystemRoot\system32\drivers\afd.sys
    0x03F67000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x03F71000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x03FB6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x03FBF000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x03FE5000 \SystemRoot\system32\DRIVERS\vpcnfltr.sys
    0x03E00000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x03E0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x03E2A000 \SystemRoot\system32\drivers\vpcvmm.sys
    0x03E81000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x01C3F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03E95000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03EA1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03EAC000 \SystemRoot\System32\drivers\discache.sys
    0x0448A000 \SystemRoot\system32\drivers\csc.sys
    0x0450D000 \SystemRoot\System32\Drivers\dfsc.sys
    0x0452B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x0453C000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x0455F000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x04585000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x0458A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04593000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x04C05000 \SystemRoot\system32\DRIVERS\igdkmd64.sys
    0x040D7000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04000000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04046000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x04053000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x040A9000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x041CB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x05A1C000 \SystemRoot\system32\DRIVERS\NETw5v64.sys
    0x060A8000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
    0x060E7000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x06125000 \SystemRoot\system32\DRIVERS\sdbus.sys
    0x06145000 \SystemRoot\system32\DRIVERS\rimmpx64.sys
    0x0615B000 \SystemRoot\system32\DRIVERS\rimspx64.sys
    0x0617C000 \SystemRoot\system32\DRIVERS\rixdpx64.sys
    0x061DD000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x05A00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x041EF000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x040BA000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x051EA000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x045A9000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x05A0F000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x045CD000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x04400000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x0441B000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x0443C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x040CA000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x06172000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0483C000 \SystemRoot\system32\DRIVERS\ks.sys
    0x0487F000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04891000 \SystemRoot\system32\DRIVERS\vpcusb.sys
    0x048AE000 \SystemRoot\system32\DRIVERS\usbrpm.sys
    0x048BD000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x048BF000 \SystemRoot\system32\DRIVERS\vpchbus.sys
    0x048FB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x04955000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0540A000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x0496A000 \SystemRoot\system32\drivers\portcls.sys
    0x049A7000 \SystemRoot\system32\drivers\drmk.sys
    0x055FA000 \SystemRoot\system32\drivers\ksthunk.sys
    0x052AF000 \SystemRoot\system32\DRIVERS\SmSerl64.sys
    0x053E9000 \SystemRoot\system32\drivers\modem.sys
    0x05200000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x0521D000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x0524B000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x03027000 \SystemRoot\System32\Drivers\dump_iaStor.sys
    0x05259000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00040000 \SystemRoot\System32\win32k.sys
    0x0526C000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05278000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00400000 \SystemRoot\System32\TSDDD.dll
    0x007B0000 \SystemRoot\System32\cdd.dll
    0x05286000 \SystemRoot\system32\drivers\luafv.sys
    0x04800000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x05400000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x049C9000 \SystemRoot\system32\drivers\WudfPf.sys
    0x049EA000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0284D000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x028A0000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x028B3000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x028CB000 \SystemRoot\system32\drivers\HTTP.sys
    0x02993000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x029B1000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x029C9000 \SystemRoot\system32\drivers\mrxdav.sys
    0x02800000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06C8C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x06CDA000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06CFD000 \SystemRoot\system32\drivers\peauth.sys
    0x06DA3000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06DAE000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06DDB000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x06C00000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x070B0000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77380000 \Windows\System32\ntdll.dll
    0x47E60000 \Windows\System32\smss.exe
    0xFF6A0000 \Windows\System32\apisetschema.dll

    Processes (total 49):
    0 System Idle Process
    4 System
    400 C:\Windows\System32\smss.exe
    508 csrss.exe
    560 C:\Windows\System32\wininit.exe
    580 csrss.exe
    620 C:\Windows\System32\services.exe
    636 C:\Windows\System32\lsass.exe
    644 C:\Windows\System32\lsm.exe
    768 C:\Windows\System32\winlogon.exe
    800 C:\Windows\System32\svchost.exe
    888 C:\Windows\System32\svchost.exe
    952 C:\Windows\System32\svchost.exe
    108 C:\Windows\System32\svchost.exe
    448 C:\Windows\System32\svchost.exe
    904 C:\Windows\System32\audiodg.exe
    1068 C:\Windows\System32\svchost.exe
    1184 C:\Windows\System32\svchost.exe
    1264 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1304 C:\Program Files\Alwil Software\Avast5\afwServ.exe
    1444 C:\Windows\System32\dwm.exe
    1468 C:\Windows\explorer.exe
    1716 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    1724 C:\Windows\System32\igfxtray.exe
    1732 C:\Windows\System32\hkcmd.exe
    1744 C:\Windows\System32\igfxpers.exe
    1800 C:\Program Files (x86)\ooVoo\ooVoo.exe
    1808 C:\Windows\System32\igfxsrvc.exe
    1840 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    1896 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
    584 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    1660 C:\Windows\System32\spoolsv.exe
    2060 C:\Windows\System32\svchost.exe
    2096 C:\Windows\System32\taskhost.exe
    2264 C:\Windows\System32\svchost.exe
    2348 C:\Windows\System32\svchost.exe
    2600 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    2864 C:\Windows\System32\SearchIndexer.exe
    2756 C:\Windows\System32\svchost.exe
    3232 C:\Windows\System32\svchost.exe
    3624 C:\Program Files\Windows Media Player\wmpnetwk.exe
    1880 C:\Windows\System32\svchost.exe
    3272 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4504 WmiPrvSE.exe
    4824 C:\Windows\System32\notepad.exe
    1780 C:\Windows\System32\SearchProtocolHost.exe
    2472 C:\Windows\System32\SearchFilterHost.exe
    3792 C:\Users\gemma\Downloads\MBRCheck.exe
    1108 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000038`26911000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2500BEVS-60UST0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    See, if you can run MBAM now.
     
  17. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    It worked! Thank you so much! Should this also solve my problems with google links redirecting me?

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5115

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/14/2010 3:15:17 PM
    mbam-log-2010-11-14 (15-15-17).txt

    Scan type: Quick scan
    Objects scanned: 143671
    Time elapsed: 8 minute(s), 32 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We're far from being done, but keep me updated on redirection issue.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.pif
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  19. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    Both links don't let me download. One says I have downloaded a corrupt file and the other says it is not compatable with the version of windows I have
     
  20. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    I also just downloaded rkill.com and the combofix still will not open. I am confused about what other steps I have to take
     
  21. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I apologize. My fault.
    Combofix won't run on Win 7 64-bit.
    Sorry for that.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  22. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    No problem! This worked. 1. otl.txt

    OTL logfile created on: 11/14/2010 4:22:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\gemma\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224.60 Gb Total Space | 192.62 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
    Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

    Computer Name: GEMMA-PC | User Name: gemma | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/14 16:22:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\gemma\Downloads\OTL.exe
    PRC - [2010/09/07 10:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/06/10 10:31:38 | 018,702,520 | ---- | M] (ooVoo LLC) -- C:\Program Files (x86)\ooVoo\ooVoo.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/14 16:22:00 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\gemma\Downloads\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/09/07 10:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/09/07 10:11:44 | 000,119,200 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\Alwil Software\Avast5\afwServ.exe -- (avast! Firewall)
    SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
    SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2005/11/14 01:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmaudio.sys -- (VMAUDIO) VMware VMaudio (VMAUDIO) (WDM)
    DRV:64bit: - [2010/09/07 09:47:33 | 000,061,008 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/05/28 13:20:48 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2010/03/19 15:10:13 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis)
    DRV:64bit: - [2009/11/25 01:25:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
    DRV:64bit: - [2009/11/25 01:17:50 | 000,359,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
    DRV:64bit: - [2009/11/25 01:17:50 | 000,187,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
    DRV:64bit: - [2009/11/25 01:17:50 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
    DRV:64bit: - [2009/11/25 01:17:50 | 000,066,304 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
    DRV:64bit: - [2009/10/21 15:50:24 | 000,013,872 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmmouse.sys -- (vmmouse)
    DRV:64bit: - [2009/10/21 15:47:08 | 000,086,576 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vm3dmp.sys -- (vm3dmp)
    DRV:64bit: - [2009/10/07 13:26:24 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
    DRV:64bit: - [2009/09/24 01:47:06 | 000,175,328 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iSSetup.sys -- (iSSetup)
    DRV:64bit: - [2009/09/23 18:23:02 | 006,180,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
    DRV:64bit: - [2009/09/22 10:39:56 | 000,225,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
    DRV:64bit: - [2009/09/14 17:00:00 | 006,816,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5v64.sys -- (NETw5v64) Intel(R)
    DRV:64bit: - [2009/08/21 07:48:18 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
    DRV:64bit: - [2009/08/20 18:05:06 | 000,239,616 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
    DRV:64bit: - [2009/07/26 17:00:00 | 000,056,664 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2mdx64.sys -- (O2MDRDR)
    DRV:64bit: - [2009/07/26 17:00:00 | 000,056,096 | ---- | M] (O2Micro) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\o2sdx64.sys -- (O2SDRDR)
    DRV:64bit: - [2009/07/16 18:51:54 | 000,028,192 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvamacpi.sys -- (nvamacpi)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 20:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 20:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/07/04 12:27:02 | 000,055,808 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rixdpe64.sys -- (rixdpcie)
    DRV:64bit: - [2009/07/02 01:54:52 | 000,060,416 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rimspe64.sys -- (rimspci)
    DRV:64bit: - [2009/07/01 11:31:58 | 000,080,896 | ---- | M] (REDC) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\risdpe64.sys -- (risdpcie)
    DRV:64bit: - [2009/06/25 10:04:20 | 000,067,584 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimmpx64.sys -- (rimmptsk)
    DRV:64bit: - [2009/06/25 09:38:52 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rixdpx64.sys -- (rismxdp)
    DRV:64bit: - [2009/06/25 09:13:44 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimspx64.sys -- (rimsptsk)
    DRV:64bit: - [2009/06/12 19:19:36 | 000,041,680 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd262x64.sys -- (ioatdma2) Intel(R)
    DRV:64bit: - [2009/06/12 19:19:32 | 000,040,144 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd162x64.sys -- (ioatdma1)
    DRV:64bit: - [2009/06/10 16:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial)
    DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/12 07:40:42 | 000,072,192 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTSTOR64.sys -- (RTSTOR)
    DRV:64bit: - [2009/05/04 23:31:00 | 000,025,752 | ---- | M] (VIA Technologies,Inc) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\xfiltx64.sys -- (xfiltx64)
    DRV:64bit: - [2009/05/04 23:29:34 | 000,015,000 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\videX64.sys -- (videX64)
    DRV:64bit: - [2009/04/16 05:45:46 | 000,461,320 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MegaSR1.sys -- (MegaSR1)
    DRV:64bit: - [2009/02/11 10:26:18 | 000,407,576 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2008/10/09 08:45:26 | 000,018,784 | ---- | M] (JMicron ) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\drivers\johci.sys -- (johci)
    DRV:64bit: - [2008/07/09 09:51:54 | 000,136,192 | ---- | M] (VIA Technologies inc,.ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\viamrx64.sys -- (viamrx64)
    DRV:64bit: - [2008/05/15 16:23:21 | 000,028,208 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
    DRV:64bit: - [2008/04/15 09:09:20 | 000,067,224 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViPrtX64.sys -- (ViPrtX64)
    DRV:64bit: - [2008/04/15 09:05:48 | 000,025,240 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ViBusX64.sys -- (ViBusX64)
    DRV:64bit: - [2008/01/17 23:14:06 | 000,041,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qd260x64.sys -- (ioatdma) Intel(R)
    DRV:64bit: - [2007/11/13 09:47:18 | 000,080,424 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PnP680.sys -- (Pnp680)
    DRV:64bit: - [2007/10/03 09:51:00 | 000,022,056 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiWinAcc.sys -- (SiFilter)
    DRV:64bit: - [2007/10/03 09:50:52 | 000,017,448 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SiRemFil.sys -- (SiRemFil)
    DRV:64bit: - [2007/10/03 09:50:26 | 000,090,664 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3132.sys -- (SI3132)
    DRV:64bit: - [2007/06/01 04:29:06 | 000,330,544 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3531.sys -- (Si3531)
    DRV:64bit: - [2007/05/11 12:01:10 | 000,070,424 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
    DRV:64bit: - [2007/04/11 16:30:04 | 000,043,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTVE.sys -- (IAMTVE) Driver for Intel(R)
    DRV:64bit: - [2007/04/11 16:29:58 | 000,051,096 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IAMTXPE.sys -- (IAMTXPE) Driver for Intel(R)
    DRV:64bit: - [2007/04/11 09:02:42 | 000,163,632 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114r.sys -- (SI3114r)
    DRV:64bit: - [2007/02/01 10:53:08 | 000,164,656 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3112r.sys -- (SI3112r)
    DRV:64bit: - [2007/01/24 11:07:08 | 000,064,888 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SISAGPX.SYS -- (SISAGP)
    DRV:64bit: - [2006/11/10 05:48:48 | 000,099,120 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3114.sys -- (SI3114)
    DRV:64bit: - [2006/11/02 10:25:04 | 000,113,456 | ---- | M] (Silicon Image, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SI3124.sys -- (SI3124)
    DRV:64bit: - [2006/11/01 01:23:42 | 000,015,680 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
    DRV:64bit: - [2006/09/20 05:38:28 | 000,334,640 | ---- | M] (Silicon Image, Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Si3124r5.sys -- (Si3124r5)
    DRV:64bit: - [2006/09/18 08:26:04 | 000,093,472 | ---- | M] (HighPoint Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hptmv.sys -- (hptmv)
    DRV:64bit: - [2005/09/22 18:20:00 | 000,059,392 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VIAAGP1.SYS -- (viaagp1)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.mystart.com?pr=oovoo2_2
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198

    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/10/29 23:07:02 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/10/29 23:07:00 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird

    [2010/05/28 13:27:58 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Mozilla\Extensions
    [2010/10/30 18:40:53 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Mozilla\Firefox\Profiles\zbdje4ge.default\extensions
    [2010/11/13 22:07:18 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/06/02 17:17:52 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

    O1 HOSTS File: ([2010/11/14 11:14:08 | 000,425,491 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.007guard.com
    O1 - Hosts: 127.0.0.1 007guard.com
    O1 - Hosts: 127.0.0.1 008i.com
    O1 - Hosts: 127.0.0.1 www.008k.com
    O1 - Hosts: 127.0.0.1 008k.com
    O1 - Hosts: 127.0.0.1 www.00hq.com
    O1 - Hosts: 127.0.0.1 00hq.com
    O1 - Hosts: 127.0.0.1 010402.com
    O1 - Hosts: 127.0.0.1 www.032439.com
    O1 - Hosts: 127.0.0.1 032439.com
    O1 - Hosts: 127.0.0.1 www.0scan.com
    O1 - Hosts: 127.0.0.1 0scan.com
    O1 - Hosts: 127.0.0.1 1000gratisproben.com
    O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
    O1 - Hosts: 127.0.0.1 1001namen.com
    O1 - Hosts: 127.0.0.1 www.1001namen.com
    O1 - Hosts: 127.0.0.1 100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100888290cs.com
    O1 - Hosts: 127.0.0.1 www.100sexlinks.com
    O1 - Hosts: 127.0.0.1 100sexlinks.com
    O1 - Hosts: 127.0.0.1 10sek.com
    O1 - Hosts: 127.0.0.1 www.10sek.com
    O1 - Hosts: 127.0.0.1 www.1-2005-search.com
    O1 - Hosts: 127.0.0.1 1-2005-search.com
    O1 - Hosts: 127.0.0.1 123fporn.info
    O1 - Hosts: 14657 more lines...
    O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
    O4 - HKCU..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O13 - gopher Prefix: missing
    O13 - gopher Prefix: missing
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20:64bit: - Winlogon\Notify\igfxcui: DllName - Reg Error: Key error. - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
    O21:64bit: - SSODL: IconPackager Repair - {1799460C-0BC8-4865-B9DF-4A36CD703FF0} - C:\Program Files (x86)\Stardock\Object Desktop\IconPackager\iprepair64.dll File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32:64bit: VIDC.FFDS - ff_vfw.dll ()
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.DIVX - C:\Windows\SysWow64\divx.dll (DivX, Inc.)
    Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
    Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
    Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/14 16:14:09 | 000,000,000 | R--D | C] -- C:\32788R22FWJFW
    [2010/11/14 15:01:48 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Roaming\Malwarebytes
    [2010/11/14 15:01:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/14 15:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/14 15:01:38 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/14 15:01:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/14 14:00:43 | 001,330,776 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe
    [2010/11/14 11:02:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2010/11/14 11:02:50 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2010/11/14 03:01:50 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2010/11/13 11:20:10 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Local\Help
    [2010/10/28 14:10:15 | 000,472,656 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2010/10/28 14:10:15 | 000,125,520 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFW.sys
    [2010/10/28 14:10:08 | 000,250,448 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswNdis2.sys
    [2010/10/28 14:10:06 | 000,038,848 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2010/10/26 16:50:56 | 000,000,000 | ---D | C] -- C:\Users\gemma\AppData\Roaming\LockHunter

    ========== Files - Modified Within 30 Days ==========

    [2010/11/14 16:22:38 | 000,001,095 | ---- | M] () -- C:\Users\gemma\Desktop\OTL.exe - Shortcut.lnk
    [2010/11/14 15:53:21 | 000,016,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 15:53:21 | 000,016,032 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/14 15:50:50 | 000,732,966 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/14 15:50:50 | 000,628,624 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/14 15:50:50 | 000,109,154 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/14 15:45:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/14 15:01:44 | 000,001,009 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/14 11:14:08 | 000,425,491 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2010/11/11 16:58:38 | 000,002,005 | ---- | M] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2010/11/11 16:06:06 | 000,010,848 | ---- | M] () -- C:\Users\gemma\Documents\college essay.docx
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe
    [2010/11/07 23:24:07 | 000,048,128 | ---- | M] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-2.doc
    [2010/11/07 21:45:33 | 000,041,984 | ---- | M] () -- C:\Users\gemma\Documents\EXHIBITION-PROPOSAL-2010_ashleygemma.doc
    [2010/11/07 21:32:53 | 000,048,640 | ---- | M] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-1.doc
    [2010/10/29 23:07:03 | 000,001,963 | ---- | M] () -- C:\Users\gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/29 23:07:03 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/10/28 20:38:08 | 000,501,930 | ---- | M] () -- C:\Users\gemma\Documents\crest syndrome.docx
    [2010/10/28 14:10:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2010/10/25 09:52:55 | 000,031,744 | ---- | M] () -- C:\Users\gemma\Documents\Oral-Presentation-1-Graphic-Organizerashley_gemma.doc
    [2010/10/22 18:03:39 | 000,412,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/10/19 23:47:13 | 000,015,524 | ---- | M] () -- C:\Users\gemma\Documents\Ashley Gemma.docx

    ========== Files Created - No Company Name ==========

    [2010/11/14 16:22:38 | 000,001,095 | ---- | C] () -- C:\Users\gemma\Desktop\OTL.exe - Shortcut.lnk
    [2010/11/14 15:01:44 | 000,001,009 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2010/11/11 12:12:57 | 000,010,848 | ---- | C] () -- C:\Users\gemma\Documents\college essay.docx
    [2010/11/07 23:13:19 | 000,048,128 | ---- | C] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-2.doc
    [2010/11/07 21:45:33 | 000,041,984 | ---- | C] () -- C:\Users\gemma\Documents\EXHIBITION-PROPOSAL-2010_ashleygemma.doc
    [2010/11/07 20:55:15 | 000,048,640 | ---- | C] () -- C:\Users\gemma\Documents\Works-Cited-and-Description-Form-2010-1.doc
    [2010/10/29 23:07:03 | 000,001,963 | ---- | C] () -- C:\Users\gemma\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2010/10/28 18:20:20 | 000,501,930 | ---- | C] () -- C:\Users\gemma\Documents\crest syndrome.docx
    [2010/10/28 14:08:59 | 000,002,005 | ---- | C] () -- C:\Users\Public\Desktop\avast! Internet Security.lnk
    [2010/10/25 09:52:55 | 000,031,744 | ---- | C] () -- C:\Users\gemma\Documents\Oral-Presentation-1-Graphic-Organizerashley_gemma.doc
    [2010/10/18 18:12:13 | 000,015,524 | ---- | C] () -- C:\Users\gemma\Documents\Ashley Gemma.docx
    [2009/12/11 07:25:19 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2009/12/11 07:25:18 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
    [2009/12/11 07:25:18 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
    [2009/12/11 07:25:18 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
    [2009/12/11 07:25:16 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2009/11/29 15:30:01 | 000,746,922 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/11/29 13:38:10 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
    [2009/11/06 00:28:04 | 000,178,975 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

    ========== LOP Check ==========

    [2010/05/28 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\ESET
    [2010/10/26 16:50:56 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\LockHunter
    [2010/05/28 13:21:26 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\Notepad++
    [2010/06/12 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\ooVoo Details
    [2010/06/12 21:50:14 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\oovooinstaller
    [2010/05/28 13:54:23 | 000,000,000 | ---D | M] -- C:\Users\gemma\AppData\Roaming\uTorrent
    [2010/11/10 18:33:08 | 000,032,578 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < >

    < %SYSTEMDRIVE%\*.* >
    [2009/11/25 01:15:57 | 000,383,582 | RHS- | M] () -- C:\bootmgr
    [2010/05/28 16:39:37 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/05/28 13:20:08 | 000,171,136 | RHS- | M] () -- C:\grldr
    [2005/09/22 14:09:38 | 000,894,976 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
    [2010/11/14 15:45:11 | 2137,448,448 | -HS- | M] () -- C:\pagefile.sys
    [2010/11/14 16:01:11 | 000,000,377 | ---- | M] () -- C:\rkill.log
    [2010/11/14 14:02:12 | 000,074,954 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_14.01.44_log.txt
    [2010/11/14 14:17:59 | 000,002,172 | ---- | M] () -- C:\TDSSKiller.2.4.7.0_14.11.2010_14.17.49_log.txt
    [2010/05/28 13:20:08 | 000,000,012 | RHS- | M] () -- C:\win7.ld

    < %systemroot%\Fonts\*.com >
    [2009/07/14 00:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/14 00:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/14 00:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 15:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2010/09/07 10:12:17 | 000,038,848 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/07/11 15:35:15 | 000,000,221 | -HS- | M] () -- C:\Users\gemma\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/08 10:55:10 | 001,330,776 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\gemma\Desktop\TDSSKiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/31 09:50:26 | 000,000,402 | -HS- | M] () -- C:\Users\gemma\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    < End of report >
     
  23. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    OTL Extras logfile created on: 11/14/2010 4:22:58 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\gemma\Downloads
    64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 48.00% Memory free
    4.00 Gb Paging File | 3.00 Gb Available in Paging File | 70.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 224.60 Gb Total Space | 192.62 Gb Free Space | 85.76% Space Free | Partition Type: NTFS
    Drive D: | 8.28 Gb Total Space | 1.82 Gb Free Space | 22.02% Space Free | Partition Type: NTFS

    Computer Name: GEMMA-PC | User Name: gemma | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\System32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [runas] -- cmd.exe /c takeown /f "%1" /r /d y && icacls "%1" /grant administrators:F /t (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "AntiVirusDisableNotify" = 1
    "FirewallDisableNotify" = 1
    "UpdatesDisableNotify" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java(TM) 6 Update 17 (64-bit)
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
    "{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
    "{D86B6C32-49BD-4A02-9C43-14E497018498}" = Windows 7 Manager
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "CCleaner" = CCleaner
    "CPU-Z" = CPU-Z
    "Gpuz" = GPU-Z
    "HDMI" = Intel(R) Graphics Media Accelerator Driver
    "HDTune" = HDTune
    "HWMonitor" = HWMonitor
    "KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.0.0
    "LockHunter_is1" = LockHunter version 1.0 beta 3, 64 bit edition
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC Wizard" = PC Wizard
    "WinRAR archiver" = WinRAR archiver

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{00C5F4F4-62F9-40D7-8000-AD8A9CD0C669}" = Microsoft Games for Windows - LIVE Redistributable
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{21199F32-B676-4FE2-A443-EF7DB6B8FD4F}" = Opera 10.10
    "{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
    "{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
    "{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
    "{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
    "{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
    "{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
    "{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
    "{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
    "{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
    "{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
    "{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    "{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
    "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
    "{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
    "{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
    "{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
    "{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
    "{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
    "{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
    "{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{95e9acd7-622b-48f6-9ef8-3fa6777df9ce}" = Nero 9 Trial
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Service Pack 1 Redistributable
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AC76BA86-7AD7-1033-7B44-A92000000001}" = Adobe Reader 9.2
    "{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
    "{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
    "{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
    "{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
    "{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "avast5" = avast! Internet Security
    "ENTERPRISE" = Microsoft Office Enterprise 2007
    "KLiteCodecPack_is1" = K-Lite Mega Codec Pack 5.5.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "Notepad++" = Notepad++
    "UltraISO_is1" = UltraISO Premium V9.35
    "Universal Extractor_is1" = Universal Extractor 1.6

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 10/10/2010 2:43:29 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/10/2010 2:46:34 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/10/2010 2:46:36 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/10/2010 2:46:37 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/10/2010 2:47:28 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/14/2010 3:10:56 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/14/2010 3:10:56 PM | Computer Name = gemma-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 10/14/2010 3:21:56 PM | Computer Name = gemma-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc3c1 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
    Exception
    code: 0xc0000005 Fault offset: 0x0000000000bcb00a Faulting process id: 0x1e4 Faulting
    application start time: 0x01cb6bd1a917ea2d Faulting application path: C:\Windows\system32\svchost.exe
    Faulting
    module path: unknown Report Id: 4e618f87-d7c8-11df-bdd5-001b249f5f61

    Error - 10/15/2010 10:25:50 AM | Computer Name = gemma-PC | Source = Windows Activation Technologies | ID = 3
    Description = Health check failure: hr = 0x8004FE22, HealthStatus: 0x0000000000002000

    Error - 10/21/2010 1:33:07 PM | Computer Name = gemma-PC | Source = Windows Activation Technologies | ID = 3
    Description = Health check failure: hr = 0x8004FE22, HealthStatus: 0x0000000000002000

    [ System Events ]
    Error - 11/8/2010 5:52:12 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 11/8/2010 5:52:13 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 11/8/2010 5:52:14 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 11/8/2010 5:52:15 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 11/8/2010 5:52:16 PM | Computer Name = gemma-PC | Source = atapi | ID = 262155
    Description = The driver detected a controller error on \Device\Ide\IdePort0.

    Error - 11/8/2010 5:52:16 PM | Computer Name = gemma-PC | Source = cdrom | ID = 262159
    Description = The device, \Device\CdRom0, is not ready for access yet.

    Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = DCOM | ID = 10005
    Description =

    Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7038
    Description = The upnphost service was unable to log on as NT AUTHORITY\LocalService
    with the currently configured password due to the following error: %%50 To ensure
    that the service is configured properly, use the Services snap-in in Microsoft
    Management Console (MMC).

    Error - 11/8/2010 7:06:57 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7000
    Description = The UPnP Device Host service failed to start due to the following
    error: %%1069

    Error - 11/8/2010 7:08:47 PM | Computer Name = gemma-PC | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    johci xfiltx64


    < End of report >
     
  24. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ===================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {99E00A4C-D35E-11DD-BA95-9B6A56D89593} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans....

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  25. ashley11493

    ashley11493 TS Rookie Topic Starter Posts: 23

    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99E00A4C-D35E-11DD-BA95-9B6A56D89593}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: gemma
    ->Temp folder emptied: 3419808 bytes
    ->Temporary Internet Files folder emptied: 308666 bytes
    ->Java cache emptied: 82506 bytes
    ->FireFox cache emptied: 93695892 bytes
    ->Flash cache emptied: 5752 bytes

    User: Public

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 882 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 68488 bytes
    RecycleBin emptied: 28399719 bytes

    Total Files Cleaned = 120.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default

    User: Default User

    User: gemma
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11142010_165516

    Files\Folders moved on Reboot...
    C:\Users\gemma\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...