Solved Firefox and Google keep redirecting

[EM0]

Thanks for helping!

Here are the logs you requested.

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.18.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Owner :: 0X10K0D30X1X1X0 [administrator]

Protection: Enabled

2/17/2012 9:43:12 PM
mbam-log-2012-02-17 (21-43-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 234849
Time elapsed: 21 minute(s), 5 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Users\Owner\AppData\Roaming\SystemProc (Trojan.Agent) -> Quarantined and deleted successfully.

Files Detected: 0
(No malicious items detected)

(end)
=============================

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-02-18 08:56:13
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\00000019 ST336032 rev.3.CH
Running: gmer.exe; Driver: C:\Users\Owner\AppData\Local\Temp\awlorkob.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[836] kernel32.dll!WriteFile 75CFABE1 5 Bytes JMP 000C000C
.text C:\Windows\system32\svchost.exe[836] USER32.dll!WindowFromPoint 76C4884F 5 Bytes JMP 00F1000A
.text C:\Windows\system32\svchost.exe[836] USER32.dll!GetForegroundWindow 76C532C4 5 Bytes JMP 0112000A
.text C:\Windows\system32\svchost.exe[836] USER32.dll!GetCursorPos 76C60B88 5 Bytes JMP 009F000A
.text C:\Windows\system32\svchost.exe[836] ole32.dll!CoCreateInstance 76DF9F3E 5 Bytes JMP 002D000A

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error
Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- EOF - GMER 1.0.15 ----

=========================

.
DDS (Ver_2011-08-26.01) - NTFSx86 MINIMAL
Internet Explorer: 9.0.8112.16421
Run by Owner at 8:56:37 on 2012-02-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.2038 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Users\Owner\AppData\Local\Temp\Temp1_gmer.zip\gmer.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [c:\windows\system32\v0510ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0510Ext.ax
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8} : DhcpNameServer = 65.32.5.111 65.32.5.112
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8gcasubu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-1-30 744568]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120214.003\IDSvix86.sys [2012-2-14 368248]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-1-30 136312]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys [2012-1-30 331384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 652360]
S2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-3 2214504]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 20464]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-10 122984]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-6-17 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-6-17 7424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-17 04:26:36 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
2012-02-17 02:12:26 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-02-17 02:12:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 02:12:20 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 02:12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-17 00:36:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-17 00:36:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-16 03:01:04 139776 ----a-w- c:\programdata\microsoft\windows\drm\4BCF.tmp
2012-02-08 03:39:56 -------- d-----w- c:\users\owner\appdata\local\BigHugeEngine
2012-02-08 03:39:53 -------- d-----w- c:\programdata\EA Core
2012-02-08 03:39:52 -------- d-----w- c:\programdata\EA Logs
2012-02-08 03:17:14 -------- d--h--w- c:\program files\common files\EAInstaller
2012-02-08 02:53:12 -------- d-----w- c:\program files\Origin Games
2012-02-08 02:44:51 -------- d-----w- c:\users\owner\appdata\roaming\Origin
2012-02-08 02:44:49 -------- d-----w- c:\users\owner\appdata\local\Origin
2012-02-08 02:43:20 -------- d-----w- c:\programdata\Origin
2012-02-08 02:43:20 -------- d-----w- c:\programdata\Electronic Arts
2012-02-04 21:18:42 -------- d-----w- c:\users\owner\appdata\local\THQ
2012-02-04 14:45:09 -------- d-----w- c:\users\owner\appdata\roaming\DarknessIIDemo
2012-01-31 03:17:00 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys
2012-01-31 03:16:59 744568 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys
2012-01-31 03:16:59 516216 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys
2012-01-31 03:16:59 50168 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys
2012-01-31 03:16:59 340088 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symds.sys
2012-01-31 03:16:59 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys
2012-01-31 03:16:59 136312 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys
2012-01-31 03:16:46 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D
2012-01-30 00:16:00 -------- d-----w- c:\users\owner\appdata\local\Mozilla
2012-01-25 00:25:19 -------- d-----w- c:\program files\iPod
2012-01-25 00:25:16 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-01-30 00:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST336032 rev.3.CH -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8741249F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x87419738]; MOV EAX, [0x874198ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E5A912] -> \Device\Harddisk0\DR0[0x87021030]
3 CLASSPNP[0x807348B3] -> ntkrnlpa!IofCallDriver[0x82E5A912] -> [0x866136C0]
5 acpi[0x806116BC] -> ntkrnlpa!IofCallDriver[0x82E5A912] -> [0x86613C90]
\Driver\nvstor32[0x873AE300] -> IRP_MJ_CREATE -> 0x8741249F
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\0000005c -> \??\SCSI#Disk&Ven_ST336032&Prod_0AS#4&121cf98f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 8:57:13.63 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2008 7:50:39 PM
System Uptime: 2/17/2012 11:30:11 PM (9 hours ago)
.
Motherboard: ECS | | Nettle3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2210/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 53.501 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.268 GiB free.
E: is FIXED (NTFS) - 335 GiB total, 89.1 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.1
Adobe Reader 9.5.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Crystal Reports Basic for Visual Studio 2008
Curse Client
CyberLink DVD Suite Deluxe
D3DX10
DVD Decrypter (Remove Only)
DVDFab 8.1.3.3 (12/11/2011) Qt Beta
Enhanced Multimedia Keyboard Solution
Facebook Plug-In
Flickr Uploadr 3.2.1
HandBrake 0.9.5
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 1.99.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
iCloud
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Kingdoms of Amalur: Reckoning
Kingdoms of Amalur: Reckoning Demo
LabelPrint
LightScribe System Software 1.10.23.1
LightScribeTemplateLabeler
Luminance HDR 2.1.0
Malwarebytes Anti-Malware version 1.60.1.1000
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 3
Microsoft Expression Design 4
Microsoft Expression Encoder 3
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 3
Microsoft Expression Studio 4
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Mobile Broadband Drivers
MobileMe Control Panel
Mozilla Firefox 9.0.1 (x86 en-US)
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
muvee autoProducer 6.1
My HP Games
Norton Internet Security
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.3.5
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Origin
PDF Settings
PeerGuardian 2.0
Picasa 3
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Rocketfish 2MP AF Webcam Driver (1.00.06.00)
Rocketfish Webcam User's Guide
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy 1.3
Steam
System Requirements Lab
TeamSpeak 2 RC2
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client
VideoToolkit01
Vista Codec Package
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VZAccess Manager
WeatherBug Gadget
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/17/2012 9:38:24 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
2/17/2012 9:33:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
2/17/2012 11:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/17/2012 11:33:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl i8042prt IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/17/2012 11:32:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/17/2012 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/17/2012 11:31:46 PM, Error: EventLog [6008] - The previous system shutdown at 11:28:10 PM on 2/17/2012 was unexpected.
2/17/2012 11:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/17/2012 11:14:52 PM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 PM on 2/17/2012 was unexpected.
2/16/2012 7:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/16/2012 7:11:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/16/2012 7:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
2/16/2012 7:07:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:02:22 PM on 2/16/2012 was unexpected.
2/16/2012 7:00:43 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 7:00:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
2/16/2012 6:58:32 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
2/16/2012 6:53:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 i8042prt
2/14/2012 8:49:43 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
2/14/2012 8:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/14/2012 8:19:05 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

 

[Broni]

Welcome aboard

Please, observe following rules:

• Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
• If you're stuck, or you're not sure about certain step, always ask before doing anything else.
• Please refrain from running tools or applying updates other than those I suggest.
• Never run more than one scan at a time.
• Keep updating me regarding your computer behavior, good, or bad.
• The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
• If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
• I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===================================================================

Any particular reason why DDS was run from safe mode?

Download TDSSKiller and save it to your desktop.

• Extract (unzip) its contents to your desktop.
• Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
• If an infected file is detected, the default action will be Cure, click on Continue.
• If a suspicious file is detected, the default action will be Skip, click on Continue.
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
• If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

 

[EM0]

Thanks for the help on this

I was in safe mode from the GMER scan which would not run in normal and I also needed to disable devices in safe mode to get it to run.

Here are the DDS scans again from a regular logon. Below that is the TDSKiller logs.

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by Owner at 18:33:41 on 2012-02-18
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1709 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\WINDOWS\RtHDVCpl.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\WINDOWS\V0510Mon.exe
C:\WINDOWS\System32\wpcumi.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Owner\AppData\Local\Apps\2.0\2X0M414B.TGA\RKB1QPBO.K3G\curs..tion_eee711038731a406_0004.0000_2ad57791d5c42008\CurseClient.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\hp\kbd\kbd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.7.0.13\ips\IPSBHO.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.7.0.13\coIEPlg.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\hp\kbd\KbdStub.EXE
mRun: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun: [<NO NAME>]
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [c:\windows\system32\v0510ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0510Ext.ax
mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\users\owner\appdata\roaming\microsoft\windows\start menu\programs\startup\CurseClientStartup.ccip
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\snapfi~1.lnk - c:\program files\snapfish picture mover\SnapfishMediaDetector.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL
LSP: c:\windows\system32\wpclsp.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8} : DhcpNameServer = 65.32.5.111 65.32.5.112
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\owner\appdata\roaming\mozilla\firefox\profiles\8gcasubu.default\
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dv.dll
FF - plugin: c:\program files\nvidia corporation\3d vision\npnv3dvstreaming.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll
FF - plugin: c:\users\owner\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\users\owner\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\owner\appdata\roaming\mozilla\plugins\npicaN.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1207000.00d\symds.sys [2012-1-30 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1207000.00d\symefa.sys [2012-1-30 744568]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-15 820344]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20120214.003\IDSvix86.sys [2012-2-14 368248]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys [2012-1-30 136312]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys [2012-1-30 331384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-2-16 652360]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.7.0.13\ccsvchst.exe [2012-1-30 130008]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-3 2214504]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-16 20464]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2011-2-10 122984]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2007-4-19 99200]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-6-17 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-6-17 7424]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-02-17 04:26:36 -------- d-----w- c:\users\owner\appdata\roaming\Auslogics
2012-02-17 02:12:26 -------- d-----w- c:\users\owner\appdata\roaming\Malwarebytes
2012-02-17 02:12:20 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 02:12:20 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 02:12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-17 00:36:08 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-17 00:36:07 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-16 03:01:04 139776 ----a-w- c:\programdata\microsoft\windows\drm\4BCF.tmp
2012-02-08 03:39:56 -------- d-----w- c:\users\owner\appdata\local\BigHugeEngine
2012-02-08 03:39:53 -------- d-----w- c:\programdata\EA Core
2012-02-08 03:39:52 -------- d-----w- c:\programdata\EA Logs
2012-02-08 03:17:14 -------- d--h--w- c:\program files\common files\EAInstaller
2012-02-08 02:53:12 -------- d-----w- c:\program files\Origin Games
2012-02-08 02:44:51 -------- d-----w- c:\users\owner\appdata\roaming\Origin
2012-02-08 02:44:49 -------- d-----w- c:\users\owner\appdata\local\Origin
2012-02-08 02:43:20 -------- d-----w- c:\programdata\Origin
2012-02-08 02:43:20 -------- d-----w- c:\programdata\Electronic Arts
2012-02-04 21:18:42 -------- d-----w- c:\users\owner\appdata\local\THQ
2012-02-04 14:45:09 -------- d-----w- c:\users\owner\appdata\roaming\DarknessIIDemo
2012-01-31 03:17:00 331384 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symtdiv.sys
2012-01-31 03:16:59 744568 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symefa.sys
2012-01-31 03:16:59 516216 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtsp.sys
2012-01-31 03:16:59 50168 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\srtspx.sys
2012-01-31 03:16:59 340088 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symds.sys
2012-01-31 03:16:59 299640 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\symnets.sys
2012-01-31 03:16:59 136312 ----a-w- c:\windows\system32\drivers\nis\1207000.00d\ironx86.sys
2012-01-31 03:16:46 -------- d-----w- c:\windows\system32\drivers\nis\1207000.00D
2012-01-30 00:16:00 -------- d-----w- c:\users\owner\appdata\local\Mozilla
2012-01-25 00:25:19 -------- d-----w- c:\program files\iPod
2012-01-25 00:25:16 -------- d-----w- c:\program files\iTunes
.
==================== Find3M ====================
.
2012-01-30 00:18:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-25 15:59:48 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37:27 2043904 ----a-w- c:\windows\system32\win32k.sys
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.0.6002 Disk: ST336032 rev.3.CH -> Harddisk0\DR0 ->
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8802949F]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x88030738]; MOV EAX, [0x880308ac]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 ntkrnlpa!IofCallDriver[0x82E90912] -> \Device\Harddisk0\DR0[0x8759A668]
3 CLASSPNP[0x807378B3] -> ntkrnlpa!IofCallDriver[0x82E90912] -> [0x857D9660]
5 acpi[0x806146BC] -> ntkrnlpa!IofCallDriver[0x82E90912] -> [0x865FF888]
\Driver\nvstor32[0x880DF690] -> IRP_MJ_CREATE -> 0x8802949F
kernel: MBR read successfully
_asm { XOR DI, DI; MOV SI, 0x200; MOV SS, DI; MOV SP, 0x7a00; MOV BX, 0x7a0; MOV CX, SI; MOV DS, BX; MOV ES, BX; REP MOVSB ; JMP FAR 0x7a0:0x5d; }
detected disk devices:
\Device\0000005c -> \??\SCSI#Disk&Ven_ST336032&Prod_0AS#4&121cf98f&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 18:34:47.55 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 8/7/2008 7:50:39 PM
System Uptime: 2/18/2012 6:03:40 PM (0 hours ago)
.
Motherboard: ECS | | Nettle3
Processor: AMD Phenom(tm) 9500 Quad-Core Processor | Socket AM2 | 2200/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 326 GiB total, 50.414 GiB free.
D: is FIXED (NTFS) - 9 GiB total, 1.268 GiB free.
E: is FIXED (NTFS) - 335 GiB total, 89.1 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Photoshop Lightroom 2.1
Adobe Reader 9.5.0
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Advanced Video FX Engine
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Cards_Calendar_OrderGift_DoMorePlugout
Citrix XenApp Web Plugin
Compatibility Pack for the 2007 Office system
Coupon Printer for Windows
Crystal Reports Basic for Visual Studio 2008
Curse Client
CyberLink DVD Suite Deluxe
D3DX10
DVD Decrypter (Remove Only)
DVDFab 8.1.3.3 (12/11/2011) Qt Beta
Enhanced Multimedia Keyboard Solution
Facebook Plug-In
Flickr Uploadr 3.2.1
HandBrake 0.9.5
Hardware Diagnostic Tools
Hewlett-Packard Active Check
Hewlett-Packard Asset Agent for Health Check
HijackThis 1.99.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB971091)
Hotfix for Microsoft Visual Studio 2008 Professional Edition - ENU (KB973674)
HP Customer Experience Enhancements
HP Customer Feedback
HP Easy Setup - Frontend
HP On-Screen Cap/Num/Scroll Lock Indicator
HP Photosmart Essential 2.5
HP Picasso Media Center Add-In
HP Total Care Advisor
HP Update
HPPhotoSmartPhotobookWebPack1
iCloud
iPhone Configuration Utility
iTunes
Java Auto Updater
Java(TM) 6 Update 26
Java(TM) SE Runtime Environment 6 Update 1
Kingdoms of Amalur: Reckoning
Kingdoms of Amalur: Reckoning Demo
LabelPrint
LightScribe System Software 1.10.23.1
LightScribeTemplateLabeler
Luminance HDR 2.1.0
Malwarebytes Anti-Malware version 1.60.1.1000
MetaFrame Presentation Server Web Client for Win32
Microsoft .NET Compact Framework 2.0 SP2
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Device Emulator version 3.0 - ENU
Microsoft Document Explorer 2008
Microsoft Expression Blend 3
Microsoft Expression Blend 3 SDK
Microsoft Expression Blend 4
Microsoft Expression Blend SDK for .NET 4
Microsoft Expression Blend SDK for Silverlight 4
Microsoft Expression Design 3
Microsoft Expression Design 4
Microsoft Expression Encoder 3
Microsoft Expression Encoder 4
Microsoft Expression Encoder 4 Screen Capture Codec
Microsoft Expression Studio 3
Microsoft Expression Studio 4
Microsoft Expression Web 3
Microsoft Expression Web 3 SP1
Microsoft Expression Web 4
Microsoft Expression Web 4 Service Pack 2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Edition 2003
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft Silverlight 4 SDK
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Compact 3.5 for Devices ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2008 Professional Edition - ENU
Microsoft Visual Studio Web Authoring Component
Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
Microsoft Windows SDK for Visual Studio 2008 Tools
Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
Microsoft Works
Mobile Broadband Drivers
MobileMe Control Panel
Mozilla Firefox 9.0.1 (x86 en-US)
MSDN Library for Visual Studio 2008 - ENU
MSVCRT
muvee autoProducer 6.1
My HP Games
Norton Internet Security
NVIDIA 3D Vision Driver 266.58
NVIDIA Control Panel 275.33
NVIDIA Drivers
NVIDIA Graphics Driver 275.33
NVIDIA HD Audio Driver 1.1.13.1
NVIDIA Install Application
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 1.3.5
NVIDIA Update Components
OGA Notifier 2.0.0048.0
Origin
PDF Settings
PeerGuardian 2.0
Picasa 3
Power2Go
PowerDirector
PSSWCORE
Python 2.5
QuickTime
Realtek High Definition Audio Driver
Rocketfish 2MP AF Webcam Driver (1.00.06.00)
Rocketfish Webcam User's Guide
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Segoe UI
Snapfish Picture Mover
Soft Data Fax Modem with SmartCP
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy 1.3
Steam
System Requirements Lab
TeamSpeak 2 RC2
Unity Web Player
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Visual Studio 2008 Professional Edition - ENU (KB972221)
VC Runtimes MSI
Ventrilo Client
VideoToolkit01
Vista Codec Package
Visual Studio 2005 Tools for Office Second Edition Runtime
Visual Studio Tools for the Office system 3.0 Runtime
VZAccess Manager
WeatherBug Gadget
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile 5.0 SDK R2 for Pocket PC
Windows Mobile 5.0 SDK R2 for Smartphone
World of Warcraft
WPF Toolkit February 2010 (Version 3.5.50211.1)
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
2/18/2012 6:05:41 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
2/17/2012 9:38:24 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
2/17/2012 11:33:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
2/17/2012 11:33:04 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx86 DfsC eeCtrl i8042prt IDSVix86 NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr SRTSPX SymIM SymIRON SYMTDIv tdx Wanarpv6 ws2ifsl
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
2/17/2012 11:33:04 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
2/17/2012 11:32:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
2/17/2012 11:32:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/17/2012 11:32:27 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
2/17/2012 11:31:46 PM, Error: EventLog [6008] - The previous system shutdown at 11:28:10 PM on 2/17/2012 was unexpected.
2/17/2012 11:15:47 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
2/17/2012 11:14:52 PM, Error: EventLog [6008] - The previous system shutdown at 11:11:48 PM on 2/17/2012 was unexpected.
2/16/2012 7:30:24 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
2/16/2012 7:11:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
2/16/2012 7:09:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service NVSvc with arguments "" in order to run the server: {DCAB0989-1301-4319-BE5F-ADE89F88581C}
2/16/2012 7:07:37 PM, Error: EventLog [6008] - The previous system shutdown at 7:02:22 PM on 2/16/2012 was unexpected.
2/16/2012 7:00:43 PM, Error: Service Control Manager [7000] - The NVIDIA Update Service Daemon service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/16/2012 7:00:35 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NVIDIA Update Service Daemon service to connect.
2/16/2012 6:58:32 PM, Error: Service Control Manager [7022] - The KtmRm for Distributed Transaction Coordinator service hung on starting.
2/16/2012 6:53:16 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx86 i8042prt
2/14/2012 8:49:43 PM, Error: nvstor32 [5] - A parity error was detected on \Device\RaidPort0.
2/14/2012 8:19:05 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/14/2012 8:19:05 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================



Thanks again for your help

 

[EM0]

Here is the TDSKiller log

18:39:52.0180 4356 TDSS rootkit removing tool 2.7.13.0 Feb 15 2012 19:33:14
18:39:52.0284 4356 ============================================================
18:39:52.0284 4356 Current date / time: 2012/02/18 18:39:52.0284
18:39:52.0284 4356 SystemInfo:
18:39:52.0284 4356
18:39:52.0284 4356 OS Version: 6.0.6002 ServicePack: 2.0
18:39:52.0284 4356 Product type: Workstation
18:39:52.0284 4356 ComputerName: 0X10K0D30X1X1X0
18:39:52.0284 4356 UserName: Owner
18:39:52.0284 4356 Windows directory: C:\Windows
18:39:52.0284 4356 System windows directory: C:\Windows
18:39:52.0284 4356 Processor architecture: Intel x86
18:39:52.0284 4356 Number of processors: 4
18:39:52.0284 4356 Page size: 0x1000
18:39:52.0285 4356 Boot type: Normal boot
18:39:52.0285 4356 ============================================================
18:39:53.0065 4356 Drive \Device\Harddisk0\DR0 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:39:53.0086 4356 Drive \Device\Harddisk1\DR1 - Size: 0x53D67B6000 (335.35 Gb), SectorSize: 0x200, Cylinders: 0xAB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:39:53.0089 4356 \Device\Harddisk0\DR0:
18:39:53.0098 4356 MBR used
18:39:53.0098 4356 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x28C114C2
18:39:53.0098 4356 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x28C11501, BlocksNum 0x12A14C0
18:39:53.0098 4356 \Device\Harddisk1\DR1:
18:39:53.0102 4356 MBR used
18:39:53.0102 4356 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x29EB2982
18:39:53.0175 4356 Initialize success
18:39:53.0175 4356 ============================================================
18:42:51.0518 4460 ============================================================
18:42:51.0518 4460 Scan started
18:42:51.0518 4460 Mode: Manual;
18:42:51.0518 4460 ============================================================
18:42:51.0863 4460 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:42:51.0868 4460 ACPI - ok
18:42:51.0932 4460 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:42:51.0938 4460 adp94xx - ok
18:42:51.0992 4460 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:42:51.0996 4460 adpahci - ok
18:42:52.0037 4460 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:42:52.0039 4460 adpu160m - ok
18:42:52.0086 4460 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:42:52.0088 4460 adpu320 - ok
18:42:52.0184 4460 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:42:52.0204 4460 AFD - ok
18:42:52.0259 4460 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:42:52.0260 4460 agp440 - ok
18:42:52.0295 4460 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:42:52.0296 4460 aic78xx - ok
18:42:52.0323 4460 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:42:52.0323 4460 aliide - ok
18:42:52.0344 4460 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:42:52.0345 4460 amdagp - ok
18:42:52.0380 4460 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:42:52.0381 4460 amdide - ok
18:42:52.0406 4460 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:42:52.0407 4460 AmdK7 - ok
18:42:52.0424 4460 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:42:52.0425 4460 AmdK8 - ok
18:42:52.0457 4460 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:42:52.0458 4460 arc - ok
18:42:52.0486 4460 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:42:52.0487 4460 arcsas - ok
18:42:52.0520 4460 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:42:52.0521 4460 AsyncMac - ok
18:42:52.0568 4460 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
18:42:52.0569 4460 atapi - ok
18:42:52.0598 4460 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:42:52.0599 4460 Beep - ok
18:42:52.0780 4460 BHDrvx86 (e685ba3267c5a4ec4ce9e2b4a1481725) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys
18:42:52.0814 4460 BHDrvx86 - ok
18:42:52.0910 4460 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:42:52.0911 4460 blbdrive - ok
18:42:52.0949 4460 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:42:52.0950 4460 bowser - ok
18:42:52.0976 4460 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:42:52.0977 4460 BrFiltLo - ok
18:42:52.0993 4460 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:42:52.0994 4460 BrFiltUp - ok
18:42:53.0021 4460 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:42:53.0022 4460 Brserid - ok
18:42:53.0049 4460 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:42:53.0049 4460 BrSerWdm - ok
18:42:53.0071 4460 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:42:53.0072 4460 BrUsbMdm - ok
18:42:53.0100 4460 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:42:53.0101 4460 BrUsbSer - ok
18:42:53.0127 4460 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:42:53.0128 4460 BTHMODEM - ok
18:42:53.0163 4460 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:42:53.0164 4460 cdfs - ok
18:42:53.0217 4460 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:42:53.0218 4460 cdrom - ok
18:42:53.0243 4460 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:42:53.0244 4460 circlass - ok
18:42:53.0309 4460 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:42:53.0314 4460 CLFS - ok
18:42:53.0356 4460 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:42:53.0357 4460 cmdide - ok
18:42:53.0378 4460 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
18:42:53.0379 4460 Compbatt - ok
18:42:53.0392 4460 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:42:53.0393 4460 crcdisk - ok
18:42:53.0413 4460 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:42:53.0414 4460 Crusoe - ok
18:42:53.0478 4460 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:42:53.0480 4460 DfsC - ok
18:42:53.0542 4460 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:42:53.0543 4460 disk - ok
18:42:53.0577 4460 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:42:53.0577 4460 drmkaud - ok
18:42:53.0636 4460 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:42:53.0647 4460 DXGKrnl - ok
18:42:53.0664 4460 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:42:53.0665 4460 E1G60 - ok
18:42:53.0721 4460 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:42:53.0723 4460 Ecache - ok
18:42:53.0788 4460 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
18:42:53.0795 4460 eeCtrl - ok
18:42:53.0915 4460 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:42:53.0920 4460 elxstor - ok
18:42:54.0009 4460 EraserUtilRebootDrv - ok
18:42:54.0084 4460 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
18:42:54.0085 4460 ErrDev - ok
18:42:54.0158 4460 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:42:54.0160 4460 exfat - ok
18:42:54.0214 4460 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:42:54.0216 4460 fastfat - ok
18:42:54.0247 4460 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:42:54.0248 4460 fdc - ok
18:42:54.0285 4460 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:42:54.0286 4460 FileInfo - ok
18:42:54.0309 4460 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:42:54.0309 4460 Filetrace - ok
18:42:54.0337 4460 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:42:54.0338 4460 flpydisk - ok
18:42:54.0381 4460 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:42:54.0383 4460 FltMgr - ok
18:42:54.0412 4460 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:42:54.0413 4460 Fs_Rec - ok
18:42:54.0436 4460 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:42:54.0437 4460 gagp30kx - ok
18:42:54.0479 4460 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
18:42:54.0480 4460 GEARAspiWDM - ok
18:42:54.0548 4460 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
18:42:54.0552 4460 HdAudAddService - ok
18:42:54.0597 4460 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:42:54.0607 4460 HDAudBus - ok
18:42:54.0655 4460 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:42:54.0656 4460 HidBth - ok
18:42:54.0673 4460 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:42:54.0674 4460 HidIr - ok
18:42:54.0721 4460 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:42:54.0721 4460 HidUsb - ok
18:42:54.0788 4460 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:42:54.0789 4460 HpCISSs - ok
18:42:54.0850 4460 HSF_DP (88749fbf8beb18c90e7d6626c8c1910b) C:\Windows\system32\DRIVERS\HSX_DP.sys
18:42:54.0910 4460 HSF_DP - ok
18:42:55.0018 4460 HSXHWBS2 (fe440536bd98af772130dc3a6fe1915f) C:\Windows\system32\DRIVERS\HSXHWBS2.sys
18:42:55.0022 4460 HSXHWBS2 - ok
18:42:55.0088 4460 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:42:55.0095 4460 HTTP - ok
18:42:55.0128 4460 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:42:55.0128 4460 i2omp - ok
18:42:55.0146 4460 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:42:55.0147 4460 i8042prt - ok
18:42:55.0177 4460 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:42:55.0181 4460 iaStorV - ok
18:42:55.0418 4460 IDSVix86 (b6662611e8fa3a71473c4a9bd0d23755) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120214.003\IDSvix86.sys
18:42:55.0424 4460 IDSVix86 - ok
18:42:55.0512 4460 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:42:55.0513 4460 iirsp - ok
18:42:55.0685 4460 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys
18:42:55.0759 4460 IntcAzAudAddService - ok
18:42:55.0787 4460 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:42:55.0788 4460 intelide - ok
18:42:55.0853 4460 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:42:55.0854 4460 intelppm - ok
18:42:55.0877 4460 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:42:55.0878 4460 IpFilterDriver - ok
18:42:55.0912 4460 IpInIp - ok
18:42:55.0958 4460 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:42:55.0959 4460 IPMIDRV - ok
18:42:56.0003 4460 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:42:56.0004 4460 IPNAT - ok
18:42:56.0036 4460 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:42:56.0037 4460 IRENUM - ok
18:42:56.0061 4460 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:42:56.0062 4460 isapnp - ok
18:42:56.0214 4460 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:42:56.0219 4460 iScsiPrt - ok
18:42:56.0293 4460 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:42:56.0294 4460 iteatapi - ok
18:42:56.0360 4460 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:42:56.0361 4460 iteraid - ok
18:42:56.0417 4460 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:42:56.0417 4460 kbdclass - ok
18:42:56.0515 4460 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:42:56.0516 4460 kbdhid - ok
18:42:56.0583 4460 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:42:56.0590 4460 KSecDD - ok
18:42:56.0637 4460 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:42:56.0639 4460 lltdio - ok
18:42:56.0676 4460 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:42:56.0677 4460 LSI_FC - ok
18:42:56.0717 4460 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:42:56.0719 4460 LSI_SAS - ok
18:42:56.0830 4460 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:42:56.0832 4460 LSI_SCSI - ok
18:42:57.0052 4460 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:42:57.0054 4460 luafv - ok
18:42:57.0107 4460 MBAMProtector (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:42:57.0107 4460 MBAMProtector - ok
18:42:57.0145 4460 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
18:42:57.0146 4460 mdmxsdk - ok
18:42:57.0178 4460 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:42:57.0179 4460 megasas - ok
18:42:57.0206 4460 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:42:57.0211 4460 MegaSR - ok
18:42:57.0224 4460 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:42:57.0225 4460 Modem - ok
18:42:57.0262 4460 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:42:57.0263 4460 monitor - ok
18:42:57.0297 4460 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:42:57.0298 4460 mouclass - ok
18:42:57.0321 4460 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:42:57.0322 4460 mouhid - ok
18:42:57.0340 4460 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:42:57.0341 4460 MountMgr - ok
18:42:57.0371 4460 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:42:57.0374 4460 mpio - ok
18:42:57.0401 4460 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:42:57.0402 4460 mpsdrv - ok
18:42:57.0428 4460 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:42:57.0428 4460 Mraid35x - ok
18:42:57.0471 4460 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:42:57.0473 4460 MRxDAV - ok
18:42:57.0523 4460 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:42:57.0525 4460 mrxsmb - ok
18:42:57.0589 4460 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:42:57.0592 4460 mrxsmb10 - ok
18:42:57.0612 4460 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:42:57.0613 4460 mrxsmb20 - ok
18:42:57.0653 4460 msahci (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
18:42:57.0654 4460 msahci - ok
18:42:57.0680 4460 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:42:57.0682 4460 msdsm - ok
18:42:57.0712 4460 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:42:57.0713 4460 Msfs - ok
18:42:57.0733 4460 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:42:57.0734 4460 msisadrv - ok
18:42:57.0764 4460 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:42:57.0765 4460 MSKSSRV - ok
18:42:57.0780 4460 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:42:57.0781 4460 MSPCLOCK - ok
18:42:57.0803 4460 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:42:57.0804 4460 MSPQM - ok
18:42:57.0852 4460 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:42:57.0855 4460 MsRPC - ok
18:42:57.0875 4460 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:42:57.0876 4460 mssmbios - ok
18:42:57.0900 4460 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:42:57.0900 4460 MSTEE - ok
18:42:57.0957 4460 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:42:57.0958 4460 Mup - ok
18:42:58.0006 4460 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:42:58.0008 4460 NativeWifiP - ok
18:42:58.0228 4460 NAVENG (862f55824ac81295837b0ab63f91071f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVENG.SYS
18:42:58.0231 4460 NAVENG - ok
18:42:58.0297 4460 NAVEX15 (529d571b551cb9da44237389b936f1ae) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120215.036\NAVEX15.SYS
18:42:58.0347 4460 NAVEX15 - ok
18:42:58.0452 4460 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:42:58.0460 4460 NDIS - ok
18:42:58.0503 4460 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:42:58.0503 4460 NdisTapi - ok
18:42:58.0535 4460 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:42:58.0536 4460 Ndisuio - ok
18:42:58.0577 4460 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:42:58.0579 4460 NdisWan - ok
18:42:58.0599 4460 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:42:58.0600 4460 NDProxy - ok
18:42:58.0619 4460 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:42:58.0620 4460 NetBIOS - ok
18:42:58.0667 4460 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:42:58.0670 4460 netbt - ok
18:42:58.0721 4460 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:42:58.0722 4460 nfrd960 - ok
18:42:58.0769 4460 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:42:58.0769 4460 Npfs - ok
18:42:58.0825 4460 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:42:58.0826 4460 nsiproxy - ok
18:42:58.0892 4460 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:42:58.0945 4460 Ntfs - ok
18:42:59.0042 4460 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:42:59.0043 4460 ntrigdigi - ok
18:42:59.0064 4460 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:42:59.0065 4460 Null - ok
18:42:59.0123 4460 NVENETFD (d958a2b5f6ad5c3b8ccdc4d7da62466c) C:\Windows\system32\DRIVERS\nvmfdx32.sys
18:42:59.0158 4460 NVENETFD - ok
18:42:59.0207 4460 NVHDA (92cfe8964b3a6da0692331fa66630db3) C:\Windows\system32\drivers\nvhda32v.sys
18:42:59.0208 4460 NVHDA - ok
18:42:59.0473 4460 nvlddmkm (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:42:59.0710 4460 nvlddmkm - ok
18:42:59.0951 4460 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:42:59.0954 4460 nvraid - ok
18:42:59.0981 4460 nvrd32 (6f5bb0b40d251351a913b61ba9d64b3f) C:\Windows\system32\drivers\nvrd32.sys
18:42:59.0983 4460 nvrd32 - ok
18:43:00.0013 4460 nvsmu (c44ee36dd84fa95eb81d79c374756003) C:\Windows\system32\drivers\nvsmu.sys
18:43:00.0014 4460 nvsmu - ok
18:43:00.0038 4460 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:43:00.0039 4460 nvstor - ok
18:43:00.0074 4460 nvstor32 (1a649b87a7b7c1220a2b16b121f2198e) C:\Windows\system32\drivers\nvstor32.sys
18:43:00.0075 4460 nvstor32 - ok
18:43:00.0122 4460 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:43:00.0123 4460 nv_agp - ok
18:43:00.0166 4460 NWADI (67fb86eeb94059177642050718d57460) C:\Windows\system32\DRIVERS\NWADIenum.sys
18:43:00.0169 4460 NWADI - ok
18:43:00.0179 4460 NwlnkFlt - ok
18:43:00.0197 4460 NwlnkFwd - ok
18:43:00.0245 4460 NWUSBModem (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbmdm.sys
18:43:00.0246 4460 NWUSBModem - ok
18:43:00.0301 4460 NWUSBPort (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser.sys
18:43:00.0302 4460 NWUSBPort - ok
18:43:00.0323 4460 NWUSBPort2 (4e651808b35656ac88a4dcdaf6cc1169) C:\Windows\system32\DRIVERS\nwusbser2.sys
18:43:00.0324 4460 NWUSBPort2 - ok
18:43:00.0364 4460 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
18:43:00.0365 4460 ohci1394 - ok
18:43:00.0422 4460 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:43:00.0423 4460 Parport - ok
18:43:00.0488 4460 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:43:00.0489 4460 partmgr - ok
18:43:00.0514 4460 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:43:00.0515 4460 Parvdm - ok
18:43:00.0567 4460 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:43:00.0571 4460 pci - ok
18:43:00.0649 4460 pciide (1636d43f10416aeb483bc6001097b26c) C:\Windows\system32\drivers\pciide.sys
18:43:00.0650 4460 pciide - ok
18:43:00.0743 4460 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:43:00.0745 4460 pcmcia - ok
18:43:00.0806 4460 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\Windows\system32\Drivers\pcouffin.sys
18:43:00.0807 4460 pcouffin - ok
18:43:00.0874 4460 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:43:00.0917 4460 PEAUTH - ok
18:43:00.0977 4460 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:43:00.0978 4460 PptpMiniport - ok
18:43:00.0998 4460 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
18:43:00.0999 4460 Processor - ok
18:43:01.0031 4460 Ps2 (390c204ced3785609ab24e9c52054a84) C:\Windows\system32\DRIVERS\PS2.sys
18:43:01.0032 4460 Ps2 - ok
18:43:01.0099 4460 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:43:01.0101 4460 PSched - ok
18:43:01.0136 4460 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\Windows\system32\Drivers\PxHelp20.sys
18:43:01.0137 4460 PxHelp20 - ok
18:43:01.0189 4460 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:43:01.0214 4460 ql2300 - ok
18:43:01.0242 4460 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:43:01.0243 4460 ql40xx - ok
18:43:01.0282 4460 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:43:01.0283 4460 QWAVEdrv - ok
18:43:01.0301 4460 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:43:01.0302 4460 RasAcd - ok
18:43:01.0324 4460 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:43:01.0326 4460 Rasl2tp - ok
18:43:01.0378 4460 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:43:01.0379 4460 RasPppoe - ok
18:43:01.0408 4460 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:43:01.0409 4460 RasSstp - ok
18:43:01.0447 4460 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:43:01.0451 4460 rdbss - ok
18:43:01.0479 4460 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:43:01.0480 4460 RDPCDD - ok
18:43:01.0514 4460 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:43:01.0518 4460 rdpdr - ok
18:43:01.0529 4460 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:43:01.0530 4460 RDPENCDD - ok
18:43:01.0604 4460 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
18:43:01.0606 4460 RDPWD - ok
18:43:01.0719 4460 RimUsb (0f6756ef8bda6dfa7be50465c83132bb) C:\Windows\system32\Drivers\RimUsb.sys
18:43:01.0720 4460 RimUsb - ok
18:43:01.0814 4460 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:43:01.0815 4460 rspndr - ok
18:43:01.0857 4460 RTSTOR (52532a4ca8b251775decc87c4813abfb) C:\Windows\system32\drivers\RTSTOR.SYS
18:43:01.0858 4460 RTSTOR - ok
18:43:01.0896 4460 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:43:01.0897 4460 sbp2port - ok
18:43:01.0932 4460 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:43:01.0932 4460 secdrv - ok
18:43:01.0962 4460 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:43:01.0963 4460 Serenum - ok
18:43:01.0987 4460 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:43:01.0989 4460 Serial - ok
18:43:02.0017 4460 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:43:02.0018 4460 sermouse - ok
18:43:02.0057 4460 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:43:02.0058 4460 sffdisk - ok
18:43:02.0082 4460 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:43:02.0082 4460 sffp_mmc - ok
18:43:02.0101 4460 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:43:02.0102 4460 sffp_sd - ok
18:43:02.0129 4460 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
18:43:02.0130 4460 sfloppy - ok
18:43:02.0174 4460 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:43:02.0175 4460 sisagp - ok
18:43:02.0219 4460 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:43:02.0220 4460 SiSRaid2 - ok
18:43:02.0248 4460 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:43:02.0249 4460 SiSRaid4 - ok
18:43:02.0314 4460 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:43:02.0315 4460 Smb - ok
18:43:02.0353 4460 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:43:02.0354 4460 spldr - ok
18:43:02.0462 4460 SRTSP (83726cf02eced69138948083e06b6eac) C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS
18:43:02.0496 4460 SRTSP - ok
18:43:02.0515 4460 SRTSPX (4e7eab2e5615d39cf1f1df9c71e5e225) C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS
18:43:02.0517 4460 SRTSPX - ok
18:43:02.0575 4460 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:43:02.0579 4460 srv - ok
18:43:02.0720 4460 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:43:02.0722 4460 srv2 - ok
18:43:02.0788 4460 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:43:02.0790 4460 srvnet - ok
18:43:02.0844 4460 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:43:02.0845 4460 swenum - ok
18:43:02.0880 4460 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:43:02.0881 4460 Symc8xx - ok
18:43:02.0984 4460 SymDS (9bbeb8c6258e72d62e7560e6667aad39) C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS
18:43:02.0990 4460 SymDS - ok
18:43:03.0024 4460 SymEFA (d5c02629c02a820a7e71bca3d44294a3) C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS
18:43:03.0058 4460 SymEFA - ok
18:43:03.0094 4460 SymEvent (ab33c3b196197ca467cbdda717860dba) C:\Windows\system32\Drivers\SYMEVENT.SYS
18:43:03.0095 4460 SymEvent - ok
18:43:03.0105 4460 SYMFW - ok
18:43:03.0158 4460 SymIM (8d49cdbb93c3e58e1bfc39fb29444c0a) C:\Windows\system32\DRIVERS\SymIMv.sys
18:43:03.0159 4460 SymIM - ok
18:43:03.0176 4460 SymIMMP - ok
18:43:03.0254 4460 SymIRON (a73399804d5d4a8b20ba60fcf70c9f1f) C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS
18:43:03.0257 4460 SymIRON - ok
18:43:03.0266 4460 SYMNDISV - ok
18:43:03.0312 4460 SYMTDIv (d42a7229e333af725f1445f785e4658d) C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS
18:43:03.0318 4460 SYMTDIv - ok
18:43:03.0362 4460 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:43:03.0363 4460 Sym_hi - ok
18:43:03.0376 4460 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:43:03.0377 4460 Sym_u3 - ok
18:43:03.0447 4460 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:43:03.0473 4460 Tcpip - ok
18:43:03.0531 4460 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:43:03.0538 4460 Tcpip6 - ok
18:43:03.0583 4460 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:43:03.0584 4460 tcpipreg - ok
18:43:03.0671 4460 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:43:03.0672 4460 TDPIPE - ok
18:43:03.0698 4460 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:43:03.0700 4460 TDTCP - ok
18:43:03.0744 4460 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:43:03.0745 4460 tdx - ok
18:43:03.0784 4460 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:43:03.0785 4460 TermDD - ok
18:43:03.0834 4460 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:43:03.0835 4460 tssecsrv - ok
18:43:03.0858 4460 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:43:03.0859 4460 tunmp - ok
18:43:03.0901 4460 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:43:03.0902 4460 tunnel - ok
18:43:03.0929 4460 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:43:03.0930 4460 uagp35 - ok
18:43:03.0979 4460 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:43:03.0983 4460 udfs - ok
18:43:04.0022 4460 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:43:04.0023 4460 uliagpkx - ok
18:43:04.0047 4460 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:43:04.0050 4460 uliahci - ok
18:43:04.0071 4460 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:43:04.0073 4460 UlSata - ok
18:43:04.0098 4460 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:43:04.0099 4460 ulsata2 - ok
18:43:04.0126 4460 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:43:04.0127 4460 umbus - ok
18:43:04.0179 4460 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
18:43:04.0180 4460 USBAAPL - ok
18:43:04.0225 4460 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
18:43:04.0226 4460 usbaudio - ok
18:43:04.0260 4460 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:43:04.0262 4460 usbccgp - ok
18:43:04.0292 4460 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:43:04.0293 4460 usbcir - ok
18:43:04.0319 4460 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:43:04.0320 4460 usbehci - ok
18:43:04.0510 4460 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:43:04.0534 4460 usbhub - ok
18:43:05.0143 4460 usbohci (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
18:43:05.0144 4460 usbohci - ok
18:43:05.0217 4460 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:43:05.0218 4460 usbprint - ok
18:43:05.0264 4460 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:43:05.0265 4460 USBSTOR - ok
18:43:05.0295 4460 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:43:05.0296 4460 usbuhci - ok
18:43:05.0343 4460 V0510Dev (004415a34b5dc881eaefb860c4b22c24) C:\Windows\system32\DRIVERS\V0510Vid.sys
18:43:05.0346 4460 V0510Dev - ok
18:43:05.0376 4460 V0510Vfx (86326062a90494bdd79ce383511d7d69) C:\Windows\system32\DRIVERS\V0510Vfx.sys
18:43:05.0377 4460 V0510Vfx - ok
18:43:05.0409 4460 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:43:05.0410 4460 vga - ok
18:43:05.0433 4460 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:43:05.0434 4460 VgaSave - ok
18:43:05.0460 4460 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:43:05.0461 4460 viaagp - ok
18:43:05.0486 4460 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:43:05.0487 4460 ViaC7 - ok
18:43:05.0512 4460 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:43:05.0513 4460 viaide - ok
18:43:05.0536 4460 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:43:05.0537 4460 volmgr - ok
18:43:05.0586 4460 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:43:05.0591 4460 volmgrx - ok
18:43:05.0618 4460 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:43:05.0621 4460 volsnap - ok
18:43:05.0664 4460 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:43:05.0665 4460 vsmraid - ok
18:43:05.0709 4460 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:43:05.0710 4460 WacomPen - ok
18:43:05.0735 4460 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:05.0736 4460 Wanarp - ok
18:43:05.0741 4460 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:43:05.0742 4460 Wanarpv6 - ok
18:43:05.0767 4460 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:43:05.0768 4460 Wd - ok
18:43:05.0806 4460 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:43:05.0840 4460 Wdf01000 - ok
18:43:06.0180 4460 winachsf (72cc6a8ca7891031d6380db5025c773c) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
18:43:06.0233 4460 winachsf - ok
18:43:06.0334 4460 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
18:43:06.0335 4460 WmiAcpi - ok
18:43:06.0418 4460 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:43:06.0419 4460 WpdUsb - ok
18:43:06.0459 4460 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:43:06.0459 4460 ws2ifsl - ok
18:43:06.0514 4460 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:43:06.0515 4460 WUDFRd - ok
18:43:06.0545 4460 XAudio (dab33cfa9dd24251aaa389ff36b64d4b) C:\Windows\system32\DRIVERS\xaudio.sys
18:43:06.0546 4460 XAudio - ok
18:43:06.0579 4460 MBR (0x1B8) (766c82bd6b3edafcb74f8477cb84fff9) \Device\Harddisk0\DR0
18:43:06.0601 4460 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - infected
18:43:06.0601 4460 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.b (0)
18:43:06.0622 4460 MBR (0x1B8) (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
18:43:06.0625 4460 \Device\Harddisk1\DR1 - ok
18:43:06.0629 4460 Boot (0x1200) (cbcb2a34a5b3461fd9770d79e2b4b12d) \Device\Harddisk0\DR0\Partition0
18:43:06.0630 4460 \Device\Harddisk0\DR0\Partition0 - ok
18:43:06.0659 4460 Boot (0x1200) (fcf9c32a93c7f46df74ea2435b65b557) \Device\Harddisk0\DR0\Partition1
18:43:06.0660 4460 \Device\Harddisk0\DR0\Partition1 - ok
18:43:06.0679 4460 Boot (0x1200) (c443fbf89f0ade8b681f0ca478187fbc) \Device\Harddisk1\DR1\Partition0
18:43:06.0680 4460 \Device\Harddisk1\DR1\Partition0 - ok
18:43:06.0680 4460 ============================================================
18:43:06.0680 4460 Scan finished
18:43:06.0680 4460 ============================================================
18:43:06.0693 4920 Detected object count: 1
18:43:06.0693 4920 Actual detected object count: 1
18:43:21.0194 4920 \Device\Harddisk0\DR0\# - copied to quarantine
18:43:21.0194 4920 \Device\Harddisk0\DR0 - copied to quarantine
18:43:21.0221 4920 \Device\Harddisk0\DR0\TDLFS\phm - copied to quarantine
18:43:21.0230 4920 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
18:43:21.0234 4920 \Device\Harddisk0\DR0\TDLFS\phx.dll - copied to quarantine
18:43:21.0240 4920 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
18:43:21.0256 4920 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
18:43:21.0267 4920 \Device\Harddisk0\DR0\TDLFS\phd - copied to quarantine
18:43:21.0275 4920 \Device\Harddisk0\DR0\TDLFS\phdx - copied to quarantine
18:43:21.0279 4920 \Device\Harddisk0\DR0\TDLFS\phs - copied to quarantine
18:43:21.0282 4920 \Device\Harddisk0\DR0\TDLFS\phdata - copied to quarantine
18:43:21.0285 4920 \Device\Harddisk0\DR0\TDLFS\phld - copied to quarantine
18:43:21.0289 4920 \Device\Harddisk0\DR0\TDLFS\phln - copied to quarantine
18:43:21.0293 4920 \Device\Harddisk0\DR0\TDLFS\phlx - copied to quarantine
18:43:21.0320 4920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - will be cured on reboot
18:43:21.0320 4920 \Device\Harddisk0\DR0 - ok
18:43:21.0839 4920 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.b ) - User select action: Cure
18:43:37.0076 6072 Deinitialize success

 

[Broni]

Very good

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

=================================================================

Download BTKR_RunBox to your desktop.

Double click on downloaded BTKR_RunBox.exe file.
Small RunBox DOS window will open.
Press any key to continue.
Press "1" to select "Run a scan with Bootkit Remover" option.
Press "Enter".
Press "Enter" one more time to generate log.
Click OK, IF any "Warning" message pops up.
Notepad will open with Bootkit Remover log.
Copy the content and post it in your next reply.
In RunBox press "4" then Enter to exit it.

NOTE. In case you lost the log it's also located on your desktop as "scan.txt"

 

[EM0]

Next set of logs!

aswMBR version 0.9.9.1532 Copyright(c) 2011 AVAST Software
Run date: 2012-02-18 20:47:28
-----------------------------
20:47:28.181 OS Version: Windows 6.0.6002 Service Pack 2
20:47:28.181 Number of processors: 4 586 0x202
20:47:28.184 ComputerName: 0X10K0D30X1X1X0 UserName: Owner
20:47:32.043 Initialize success
20:47:42.266 AVAST engine defs: 12021802
20:47:46.455 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
20:47:46.458 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
20:47:46.462 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000005c
20:47:46.465 Disk 1 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
20:47:46.632 Disk 0 MBR read successfully
20:47:46.635 Disk 0 MBR scan
20:47:46.673 Disk 0 unknown MBR code
20:47:46.708 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333858 MB offset 63
20:47:46.756 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9538 MB offset 683742465
20:47:46.848 Disk 0 scanning sectors +703277505
20:47:47.313 Disk 0 scanning C:\Windows\system32\drivers
20:48:55.159 Service scanning
20:48:57.013 Modules scanning
20:50:15.151 Disk 0 trace - called modules:
20:50:15.211 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
20:50:15.217 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8720dac8]
20:50:15.223 3 CLASSPNP.SYS[807318b3] -> nt!IofCallDriver -> [0x86642ad0]
20:50:15.229 5 acpi.sys[8060e6bc] -> nt!IofCallDriver -> \Device\0000005b[0x861bdb18]
20:50:16.271 AVAST engine scan C:\Windows
20:51:30.580 AVAST engine scan C:\Windows\system32
20:55:30.522 File: C:\Windows\system32\jureg.exe **INFECTED** Win32:SMSSend-IG [Trj]
21:17:33.752 AVAST engine scan C:\Windows\system32\drivers
21:21:48.811 AVAST engine scan C:\Users\Owner
22:30:34.888 Disk 0 MBR has been saved successfully to "C:\Temp\VIRTUAL\FIXIE\MBR.dat"
22:30:34.891 The log file has been saved successfully to "C:\Temp\VIRTUAL\FIXIE\6b_aswMBR.txt"


Bootkit Remover
(c) 2009 eSage Lab
www.esagelab.com
Program version: 1.2.0.0
OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 2 (build 6002), 32-bit
System volume is \\.\C:
\\.\C: -> \\.\PhysicalDrive0 at offset 0x00000000`00007e00
ATA_Read(): DeviceIoControl() ERROR 6
Boot sector MD5 is: 306a70bb88e51c06c67244ab8a2237bf

Size Device Name MBR Status
--------------------------------------------
335 GB \\.\PhysicalDrive0 Unknown boot code

Unknown boot code has been found on some of your physical disks.
To inspect the boot code manually, dump the master boot sector:
remover.exe dump <device_name> [output_file]
To disinfect the master boot sector, use the following command:
remover.exe fix <device_name>

Done;



Press any key to quit...

 

[Broni]

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

• Never rename Combofix unless instructed.
• Close any open browsers.
• Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
• Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
• Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
• Close any open browsers.
• WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
• Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
• If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
• Double click on combofix.exe & follow the prompts.

• 
  NOTE1. If Combofix asks you to install Recovery Console, please allow it.
  NOTE 2. If Combofix asks you to update the program, always do so.

• When finished, it will produce a report for you.
• Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.
There are 4 different versions. If one of them won't run then download and try to run the other one.
Vista and Win7 users need to right click Rkill and choose Run as Administrator
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.exe

• Double-click on the Rkill icon to run the tool.
• If using Vista or Windows 7 right-click on it and choose Run As Administrator.
• A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
• If not, delete the file, then download and use the one provided in Link 2.
• If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
• Do not reboot until instructed.
• If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

 

[EM0]

ComboFix logs

ComboFix 12-02-17.02 - Owner 02/18/2012 23:42:08.1.4 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1903 [GMT -5:00]
Running from: c:\temp\VIRTUAL\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\html
c:\windows\system32\html\calendar.html
c:\windows\system32\html\calendarbottom.html
c:\windows\system32\html\calendartop.html
c:\windows\system32\html\crystalexportdialog.htm
c:\windows\system32\html\crystalprinthost.html
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif
E:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-01-19 to 2012-02-19 )))))))))))))))))))))))))))))))
.
.
2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-02-19 04:56 . 2012-02-19 04:56 -------- d-----w- c:\users\Owner\AppData\Local\temp
2012-02-19 00:55 . 2012-01-17 09:39 6557240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1A882FD-D70F-445D-A3DB-07285F2D86B9}\mpengine.dll
2012-02-18 23:43 . 2012-02-18 23:43 -------- d-----w- C:\TDSSKiller_Quarantine
2012-02-17 04:26 . 2012-02-17 05:05 -------- d-----w- c:\users\Owner\AppData\Roaming\Auslogics
2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\users\Owner\AppData\Roaming\Malwarebytes
2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-02-17 02:12 . 2012-02-17 02:12 -------- d-----w- c:\programdata\Malwarebytes
2012-02-17 02:12 . 2011-12-10 20:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-02-17 00:36 . 2012-02-18 02:36 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-17 00:36 . 2012-02-17 00:36 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-02-16 03:01 . 2012-02-16 03:00 139776 ----a-w- c:\programdata\Microsoft\Windows\DRM\4BCF.tmp
2012-02-08 03:39 . 2012-02-08 03:39 -------- d-----w- c:\users\Owner\AppData\Local\BigHugeEngine
2012-02-08 03:39 . 2012-02-08 03:39 -------- d-----w- c:\programdata\EA Core
2012-02-08 03:39 . 2012-02-15 05:10 -------- d-----w- c:\programdata\EA Logs
2012-02-08 03:17 . 2012-02-08 03:17 -------- d--h--w- c:\program files\Common Files\EAInstaller
2012-02-08 02:53 . 2012-02-08 02:53 -------- d-----w- c:\program files\Origin Games
2012-02-08 02:44 . 2012-02-08 02:48 -------- d-----w- c:\users\Owner\AppData\Roaming\Origin
2012-02-08 02:44 . 2012-02-08 02:44 -------- d-----w- c:\users\Owner\AppData\Local\Origin
2012-02-08 02:43 . 2012-02-08 03:39 -------- d-----w- c:\programdata\Electronic Arts
2012-02-08 02:43 . 2012-02-08 03:38 -------- d-----w- c:\programdata\Origin
2012-02-04 21:18 . 2012-02-04 21:18 -------- d-----w- c:\users\Owner\AppData\Local\THQ
2012-02-04 14:45 . 2012-02-04 21:18 -------- d-----w- c:\users\Owner\AppData\Roaming\DarknessIIDemo
2012-01-31 03:16 . 2012-02-02 02:21 -------- d-----w- c:\windows\system32\drivers\NIS\1207000.00D
2012-01-30 00:16 . 2012-01-30 00:16 -------- d-----w- c:\users\Owner\AppData\Local\Mozilla
2012-01-25 00:25 . 2012-01-25 00:25 -------- d-----w- c:\program files\iPod
2012-01-25 00:25 . 2012-01-25 00:26 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-30 00:18 . 2011-05-16 22:03 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-29 10:10 . 2010-03-09 15:19 237072 ------w- c:\windows\system32\MpSigStub.exe
2011-11-25 15:59 . 2012-01-11 01:38 376320 ----a-w- c:\windows\system32\winsrv.dll
2011-11-23 13:37 . 2011-12-14 01:38 2043904 ----a-w- c:\windows\system32\win32k.sys
2011-12-21 07:24 . 2012-01-30 00:15 121816 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2004-05-12 1038336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0510Ext.ax"="c:\windows\system32\V0510Ext.ax" [X]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-03 6266880]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-11-16 44168]
.
c:\users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-3-1 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snapfish Media Detector.lnk - c:\program files\Snapfish Picture Mover\SnapfishMediaDetector.exe [2007-5-7 1273856]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NIS
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-15 c:\windows\Tasks\Norton Internet Security - Run Full System Scan - Owner.job
- c:\program files\Norton Internet Security\Engine\18.7.0.13\navw32.exe [2012-01-31 23:00]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
LSP: c:\windows\system32\wpclsp.dll
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8gcasubu.default\
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-HP Software Update - c:\program files\HP\HP Software Update\HPWuSchd2.exe
AddRemove-HijackThis - g:\backup\_DOWNLOADS\hijackthis\HijackThis.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-02-18 23:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\NIS]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-02-19 00:01:07
ComboFix-quarantined-files.txt 2012-02-19 05:01
.
Pre-Run: 53,942,681,600 bytes free
Post-Run: 53,620,391,936 bytes free
.
- - End Of File - - 6250FC3A4F46461C7F9A3DED01F5DF81

 

[Broni]

How is redirection?

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[EM0]

OTL logs

OTL logfile created on: 2/19/2012 12:35:11 AM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\VIRTUAL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.25% Memory free
6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.03 Gb Total Space | 49.97 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.27 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 89.10 Gb Free Space | 26.57% Space Free | Partition Type: NTFS

Computer Name: 0X10K0D30X1X1X0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/19 00:29:28 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\VIRTUAL\OTL.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011/05/21 05:01:00 | 000,839,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
PRC - [2011/05/21 05:01:00 | 000,373,864 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
PRC - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccsvchst.exe
PRC - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2009/04/11 01:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/07/03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\WINDOWS\RtHDVCpl.exe
PRC - [2008/01/20 21:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MSASCui.exe
PRC - [2007/12/06 20:00:00 | 000,032,768 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\V0510Mon.exe
PRC - [2007/04/18 10:01:34 | 000,065,536 | ---- | M] (Hewlett-Packard Company) -- C:\hp\support\hpsysdrv.exe
PRC - [2007/02/15 06:59:00 | 000,118,784 | ---- | M] (OsdMaestro) -- C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
PRC - [2006/11/02 07:35:35 | 000,176,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wpcumi.exe


========== Modules (No Company Name) ==========

MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/02/14 20:18:18 | 000,481,064 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/05/21 05:01:00 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/04/16 19:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe -- (NIS)
SRV - [2011/01/07 19:48:56 | 000,378,984 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010/04/21 12:46:17 | 000,373,760 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009/04/11 01:28:17 | 000,052,224 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2008/11/18 19:36:09 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/01/20 21:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/11/07 08:58:18 | 003,004,416 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x86\msvsmon.exe -- (msvsmon90)


========== Driver Services (SafeList) ==========

DRV - [2012/02/18 19:56:18 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.036\navex15.sys -- (NAVEX15)
DRV - [2012/02/18 19:56:18 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/02/18 19:56:18 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20120217.036\naveng.sys -- (NAVENG)
DRV - [2012/02/03 22:28:46 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2011/12/15 18:33:22 | 000,368,248 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20120217.003\IDSvix86.sys -- (IDSVix86)
DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/11/30 21:25:03 | 000,820,344 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20120215.001\BHDrvx86.sys -- (BHDrvx86)
DRV - [2011/05/21 05:01:00 | 010,589,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/05/09 18:28:54 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2011/04/20 20:37:49 | 000,331,384 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\System32\Drivers\NIS\1207000.00D\SYMTDIV.SYS -- (SYMTDIv)
DRV - [2011/03/30 22:04:12 | 000,035,960 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\SymIMV.sys -- (SymIM)
DRV - [2011/03/30 22:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\Drivers\NIS\1207000.00D\SRTSP.SYS -- (SRTSP)
DRV - [2011/03/30 22:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV - [2011/03/14 21:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMEFA.SYS -- (SymEFA)
DRV - [2011/01/27 01:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\SYMDS.SYS -- (SymDS)
DRV - [2011/01/27 00:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\system32\drivers\NIS\1207000.00D\Ironx86.SYS -- (SymIRON)
DRV - [2010/11/11 18:10:50 | 000,122,984 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2008/08/01 18:51:14 | 001,052,704 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2008/05/08 04:05:18 | 000,266,752 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSXHWBS2.sys -- (HSXHWBS2)
DRV - [2008/05/08 04:03:18 | 000,980,992 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\HSX_DP.sys -- (HSF_DP)
DRV - [2008/04/07 20:00:00 | 000,254,080 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\V0510Vid.sys -- (V0510Dev)
DRV - [2007/12/07 10:28:10 | 000,131,616 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvrd32.sys -- (nvrd32)
DRV - [2007/12/07 10:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007/10/18 06:36:54 | 000,008,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2007/10/12 10:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2007/04/19 11:09:42 | 000,194,048 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser2.sys -- (NWUSBPort2)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbser.sys -- (NWUSBPort)
DRV - [2007/04/19 11:09:42 | 000,099,200 | ---- | M] (Novatel Wireless Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\nwusbmdm.sys -- (NWUSBModem)
DRV - [2007/03/05 05:45:04 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\V0510Vfx.sys -- (V0510Vfx)
DRV - [2005/12/12 11:27:00 | 000,019,072 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\PS2.sys -- (Ps2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
IE - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.1: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll ( )
FF - HKCU\Software\MozillaPlugins\@facebook.com/FBPlugin,version=1.0.3: C:\Users\Owner\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Owner\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2012/02/01 21:23:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn_2011_7_5_2 [2012/02/18 23:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/29 19:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/09/11 08:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions
[2011/09/11 08:59:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Owner\AppData\Roaming\mozilla\Extensions\uploadr@flickr.com
[2012/01/29 19:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/21 02:24:52 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/20 23:30:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/12/20 23:30:41 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/18 23:56:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\ips\ipsbho.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.7.0.13\coieplg.dll (Symantec Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [C:\Windows\system32\V0510Ext.ax] C:\WINDOWS\System32\V0510Ext.ax (Creative Technology Ltd.)
O4 - HKLM..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [KBD] C:\hp\KBD\KbdStub.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OsdMaestro] C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe (OsdMaestro)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [V0510Mon.exe] C:\WINDOWS\V0510Mon.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [WPCUMI] C:\WINDOWS\System32\wpcumi.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Launcher] C:\WINDOWS\SMINST\Launcher.exe (soft thinks)
O4 - Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\..Trusted Ranges: Range1 ([http] in )
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab (DLM Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{10D287B8-8D6C-48E8-830C-DAED1AAFD3E8}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img10.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img10.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/02/19 19:56:37 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

Drivers32: msacm.divxa32 - C:\Windows\System32\divxa32.acm (Kristal StudioD
FileDescription)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\Windows\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\System32\ff_vfw.dll ()
Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/19 00:33:24 | 000,000,000 | ---D | C] -- C:\VIRTUAL
[2012/02/19 00:01:14 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/19 00:01:10 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/19 00:01:10 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\temp
[2012/02/18 23:38:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/18 23:38:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/18 23:38:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/18 23:38:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/18 23:34:15 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/18 18:43:20 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/02/16 23:26:36 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2012/02/16 23:15:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012/02/16 21:12:26 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Malwarebytes
[2012/02/16 21:12:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/16 21:12:20 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/02/16 21:12:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/16 21:12:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/16 19:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/02/16 19:36:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/02/16 19:36:07 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2012/02/07 22:39:56 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\BigHugeEngine
[2012/02/07 22:39:53 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2012/02/07 22:39:52 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2012/02/07 22:17:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingdoms of Amalur Reckoning
[2012/02/07 22:17:14 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2012/02/07 21:53:12 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2012/02/07 21:44:51 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\Origin
[2012/02/07 21:44:49 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Origin
[2012/02/07 21:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/02/07 21:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/02/07 21:43:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/02/04 16:36:57 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Jagged Alliance - Back in Action Demo
[2012/02/04 16:18:42 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\THQ
[2012/02/04 09:45:09 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Roaming\DarknessIIDemo
[2012/01/29 19:16:00 | 000,000,000 | ---D | C] -- C:\Users\Owner\AppData\Local\Mozilla
[2012/01/29 19:15:53 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/01/24 19:26:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/24 19:25:19 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/24 19:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2009/01/19 13:32:33 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Owner\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2012/02/18 23:56:10 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/02/18 23:32:54 | 000,716,018 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/18 23:32:54 | 000,144,506 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/18 23:26:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 23:26:37 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/18 23:26:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/18 23:25:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/18 19:40:06 | 002,413,800 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\Cat.DB
[2012/02/18 09:29:04 | 000,002,032 | ---- | M] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2012/02/17 23:30:30 | 175,842,627 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012/02/17 21:33:08 | 001,762,104 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/02/14 23:02:39 | 000,002,633 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2012/02/14 20:15:07 | 000,000,538 | ---- | M] () -- C:\Windows\tasks\Norton Internet Security - Run Full System Scan - Owner.job
[2012/02/09 22:01:44 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2012/02/07 21:46:51 | 000,000,634 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/02/04 16:47:24 | 000,174,080 | ---- | M] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/01 21:23:14 | 000,002,215 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/01/30 18:58:36 | 000,002,631 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2012/01/29 19:15:57 | 000,000,872 | ---- | M] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/29 19:15:57 | 000,000,848 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/27 23:52:38 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NIS\1207000.00D\isolate.ini
[2012/01/24 19:26:53 | 000,001,666 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/21 12:52:44 | 000,198,090 | ---- | M] () -- C:\Users\Owner\TaxReturn20011.pdf

========== Files Created - No Company Name ==========

[2012/02/18 23:38:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/18 23:38:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/18 23:38:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/18 23:38:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/18 23:38:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/18 18:04:10 | 3219,513,344 | -HS- | C] () -- C:\hiberfil.sys
[2012/02/07 22:17:19 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\Kingdoms of Amalur Reckoning.lnk
[2012/02/07 21:43:29 | 000,000,634 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2012/01/29 19:15:57 | 000,000,872 | ---- | C] () -- C:\Users\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/01/29 19:15:56 | 000,000,860 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/01/29 19:15:56 | 000,000,848 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/01/24 19:26:53 | 000,001,666 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/21 12:52:44 | 000,198,090 | ---- | C] () -- C:\Users\Owner\TaxReturn20011.pdf
[2010/10/27 18:40:43 | 000,001,940 | ---- | C] () -- C:\Users\Owner\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/01/19 13:32:33 | 000,087,608 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\inst.exe
[2009/01/19 13:32:33 | 000,007,887 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.cat
[2009/01/19 13:32:33 | 000,001,144 | ---- | C] () -- C:\Users\Owner\AppData\Roaming\pcouffin.inf
[2008/12/31 10:00:22 | 000,002,032 | ---- | C] () -- C:\Users\Owner\AppData\Local\d3d9caps.dat
[2008/09/13 19:29:07 | 000,174,080 | ---- | C] () -- C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== LOP Check ==========

[2012/02/17 00:05:25 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Auslogics
[2010/10/06 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
[2010/07/10 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
[2012/01/19 07:13:19 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\BigHugeEngine
[2012/02/04 16:18:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DarknessIIDemo
[2011/11/12 22:29:49 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\DVDFab
[2010/03/15 21:59:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Facebook
[2011/09/11 08:59:04 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Flickr
[2010/02/25 18:17:59 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\FrostWire
[2011/09/21 23:53:50 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\HandBrake
[2009/01/26 01:40:28 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\ICAClient
[2011/11/13 01:21:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\MoveFab
[2011/09/20 19:15:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Mozenda
[2010/07/10 21:54:16 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\OpenOffice.org
[2012/02/07 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Origin
[2011/02/06 08:20:57 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\RIFT
[2009/01/14 21:04:35 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Smith Micro
[2008/08/07 16:03:52 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Snapfish
[2010/02/25 19:21:01 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\uTorrent
[2011/11/12 22:28:27 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\Vso
[2008/08/13 17:57:18 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\WinBatch
[2011/05/27 09:57:16 | 000,000,000 | ---D | M] -- C:\Users\Tabitha\AppData\Roaming\Snapfish
[2012/02/18 19:31:24 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2008/02/19 19:56:37 | 000,000,074 | ---- | M] () -- C:\autoexec.bat
[2009/04/11 01:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2008/02/19 19:31:50 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
[2012/02/19 00:01:07 | 000,012,141 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 16:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2012/02/18 23:25:34 | 3219,513,344 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/16 19:17:14 | 000,009,995 | ---- | M] () -- C:\hijackthis.log
[2008/08/31 09:18:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2011/04/20 17:34:12 | 000,001,652 | ---- | M] () -- C:\MOV.ASC
[2008/08/31 09:18:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/02/18 23:25:31 | 3533,451,264 | -HS- | M] () -- C:\pagefile.sys
[2008/08/13 18:00:18 | 000,000,574 | ---- | M] () -- C:\RHDSetup.log
[2012/02/18 18:50:52 | 000,079,438 | ---- | M] () -- C:\TDSSKiller.2.7.13.0_18.02.2012_18.49.52_log.txt

< %systemroot%\Fonts\*.com >
[2006/11/02 07:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/07 07:46:59 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/09/18 16:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/11/02 04:46:03 | 000,070,144 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNBPP3.DLL
[2006/09/12 20:00:00 | 000,027,136 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPD78.DLL
[2006/09/12 20:00:00 | 000,069,632 | ---- | M] (CANON INC.) -- C:\Windows\system32\spool\prtprocs\w32x86\CNMPP78.DLL
[2006/11/02 07:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\mdippr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/01/20 21:43:21 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2008/01/20 22:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008/01/20 22:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008/01/20 22:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 05:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 05:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/04/24 09:48:21 | 000,000,403 | -HS- | M] () -- C:\Users\Owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >
[2011/02/10 19:36:49 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
[2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
[2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
[2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
[2011/02/10 19:36:19 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbtmp.log
[2011/02/10 19:36:19 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2008/08/07 16:03:36 | 000,000,402 | -HS- | M] () -- C:\Users\Owner\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2008/02/19 19:47:57 | 000,000,342 | ---- | M] () -- C:\ProgramData\hpzinstall.log

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

 

[EM0]

OTL Extras

OTL Extras logfile created on: 2/19/2012 12:35:11 AM - Run 1
OTL by OldTimer - Version 3.2.33.0 Folder = C:\VIRTUAL
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.51 Gb Available Physical Memory | 50.25% Memory free
6.20 Gb Paging File | 4.75 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 326.03 Gb Total Space | 49.97 Gb Free Space | 15.33% Space Free | Partition Type: NTFS
Drive D: | 9.32 Gb Total Space | 1.27 Gb Free Space | 13.60% Space Free | Partition Type: NTFS
Drive E: | 335.35 Gb Total Space | 89.10 Gb Free Space | 26.57% Space Free | Partition Type: NTFS

Computer Name: 0X10K0D30X1X1X0 | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\EarthLink TotalAccess\TaskPanl.exe" = C:\Program Files\EarthLink TotalAccess\TaskPanl.exe:*:Enabled:Earthlink -- (EarthLink, Inc.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F7B6D2-703F-485C-9FA1-45BD07C4652C}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{18CEBAB3-31FC-43DB-ABB9-E7DAB707F908}" = lport=445 | protocol=6 | dir=in | app=system |
"{231D0F82-3A64-4D37-B80F-81534ADBEB6E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{368A125B-B770-4C24-B6A4-307272C88CCE}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{46786329-EDE5-4E1A-8399-3AD9D074D304}" = rport=445 | protocol=6 | dir=out | app=system |
"{51527792-034A-4A72-8DA4-5F1B6DB695AC}" = rport=138 | protocol=17 | dir=out | app=system |
"{75FF78DD-74A4-4928-A6E2-B430925CA708}" = rport=137 | protocol=17 | dir=out | app=system |
"{86FA0681-8A62-465B-A901-E5D343E04AA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{974F47E3-CBA2-4AD6-826C-F149B9F538E1}" = lport=137 | protocol=17 | dir=in | app=system |
"{9E60E27C-0E2B-4DC7-9D07-B6D40FEC1C2B}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface |
"{9F6BB57F-1C2F-4C9B-9DF1-9850582F1E0B}" = lport=49163 | protocol=6 | dir=in | name=akamai netsession interface |
"{A4C39FFB-DCE5-4763-9192-BABF6C81F067}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D466A900-A013-45A6-80F1-708ABD0B3A2B}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe |
"{E2AD2E86-8BE9-449F-8E61-7866E104DDA3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E5040689-676B-4156-9612-3E8549D80EEB}" = lport=139 | protocol=6 | dir=in | app=system |
"{E9B66399-016B-4F9E-857B-A1F47E46E1E0}" = lport=138 | protocol=17 | dir=in | app=system |
"{EADC43C1-55AF-490F-A207-86EF2EF6D91D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032313A4-AEAE-47FF-8459-1EBCB3C8E1A1}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{1060B14D-692C-44AD-94D2-F45CB511990B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{10F1A243-9995-4EA6-986E-8560655BB074}" = protocol=17 | dir=in | app=c:\gamez\orgin games\kingdoms of amalur reckoning\reckoning.exe |
"{20B72DEB-7FEC-4BB6-AED2-69D63AA92D59}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{2236304A-D432-4AEB-A1A5-9FF5FB3BBC51}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{29D8C374-CE70-470A-8CEF-C4AAFDCA69FE}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{2DD46781-3797-4648-82F6-26D2E95C1A47}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{3DCEE7FD-EB49-4FE8-A829-B6CD712E32AC}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{3FD8E052-3785-4A7B-A6DB-4BF0262367C4}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{6046CE11-7BD0-41E2-8925-87B4CD26DBD4}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{6CFB4C96-84F0-4591-9964-350515339729}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{76F3C1F3-9F47-47E6-B63B-3DF5607A0530}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{788B4025-04A0-4AE5-BCC4-67A6F0437F41}" = protocol=17 | dir=in | app=c:\program files\curse\curseclient.exe |
"{7B0C7580-4A4C-4400-903E-1CC4BBA00C90}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{8B71DB8A-03A1-4F54-8BAB-B3293392CB3F}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{A5D80019-6EAE-4C1B-85BD-4220E8385E31}" = protocol=6 | dir=in | app=c:\gamez\orgin games\kingdoms of amalur reckoning\reckoning.exe |
"{A80DAEDF-F300-411B-9A2E-470C446A6BFD}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A88B9983-67C5-4B49-A2F4-ADF571DB6A95}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{AA8EAC7C-B57A-45FF-99F6-D78EFB821FEF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{BDB4DF9C-3706-4B28-B583-6B50AE48ADD3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{DCAFECE2-5516-4E6E-B638-4A5F0ED5F9E2}" = protocol=6 | dir=in | app=c:\program files\curse\curseclient.exe |
"{DD38007A-2ACC-48D5-A012-BA11A6CC0DE8}" = protocol=6 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"{DF36C9AF-3F13-461A-8CF3-409C1B962B1F}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{F9705255-D8BE-4A86-81A5-5E30368B3BBD}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{FA667155-4675-43C3-AF8C-91F07316A628}" = protocol=17 | dir=in | app=c:\program files\earthlink totalaccess\taskpanl.exe |
"TCP Query User{42AFE477-8E16-4C0A-A69D-2997CD8B7719}C:\gamez\world of warcraft\launcher.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\launcher.exe |
"TCP Query User{551B7168-C8D4-4430-8250-573A71F70564}C:\gamez\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\backgrounddownloader.exe |
"TCP Query User{67190493-D429-44EB-8D1D-001873C832C7}C:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"TCP Query User{84EFCDE1-3166-4893-922A-9B6109DA1C48}C:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"TCP Query User{E2A84AB2-4A21-40E2-979B-73BE26E8378B}C:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"TCP Query User{E4D7CB08-BFF8-4CEE-9B1F-4745DFD828B9}C:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=6 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |
"UDP Query User{36EB5766-0A75-439D-AA0F-2CF68777BD15}C:\gamez\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\backgrounddownloader.exe |
"UDP Query User{60AA083E-DA09-4C03-B46B-5CBAA6427BE2}C:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.2.11403-to-3.3.3.11685-enus-downloader.exe |
"UDP Query User{88322112-4E82-43A8-AC46-05694CA83FB7}C:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11685-to-3.3.3.11723-enus-downloader.exe |
"UDP Query User{A378E5FF-1428-4C80-B70D-EAFDFF8C8584}C:\gamez\world of warcraft\launcher.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\launcher.exe |
"UDP Query User{AE237C79-87DD-4813-8427-DD7998B79E4C}C:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.5.12213-to-3.3.5.12340-enus-downloader.exe |
"UDP Query User{B6B3E34E-0F07-41D3-9DC4-105B8C6C5B66}C:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe" = protocol=17 | dir=in | app=c:\gamez\world of warcraft\wow-3.3.3.11723-to-3.3.5.12213-enus-downloader.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{029B5901-1F27-4347-9923-E8ACC8F54E15}" = Snapfish Picture Mover
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3
"{05EC21B8-4593-3037-A781-A6B5AFFCB19D}" = Microsoft Windows SDK for Visual Studio 2008 .NET Framework Tools
"{07EF3970-F8E5-4A27-A5A3-230484D35026}" = Microsoft Expression Encoder 4
"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting
"{08D605B4-DCD1-451F-ABD7-52E6BB868E4E}" = Microsoft Expression Design 4
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0A2C5854-557E-48C8-835A-3B9F074BDCAA}" = Python 2.5
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E19A83E-F53B-40CF-8C91-96F32D955E6A}" = LightScribe System Software 1.10.23.1
"{0E5FDD1D-DCE8-4F9D-9BFD-4E4CF89811E2}" = iCloud
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}" = Adobe WinSoft Linguistics Plugin
"{190D0C6E-C8A7-4019-8FB5-FD041EC1F2D2}" = Mobile Broadband Drivers
"{1BCE2581-B7CA-4BB4-BDFB-D113506AA38B}" = HP Easy Setup - Frontend
"{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}" = Microsoft Expression Blend SDK for Silverlight 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2012098D-EEE9-4769-8DD3-B038050854D4}" = Microsoft Silverlight 3 SDK
"{209CDA54-D390-46A2-A97C-7BF61734418D}" = WeatherBug Gadget
"{241F2BF7-69EB-42A4-9156-96B2426C7504}" = Microsoft SQL Server Compact 3.5 for Devices ENU
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check
"{256E7DAC-9BE8-494E-8DE7-7857BF96B774}" = Microsoft Expression Blend 3 SDK
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 26
"{2750B389-A2D2-4953-99CA-27C1F2A8E6FD}" = Microsoft SQL Server 2005 Tools Express Edition
"{291B3A3B-F808-45B8-8113-DF232FCB6C82}" = Microsoft .NET Compact Framework 3.5
"{29E5EA97-5F74-4A57-B8B2-D4F169117183}" = Adobe Stock Photos CS3
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
"{2E5C075E-11AB-4BDD-918C-7B9A68953FF8}" = Microsoft SQL Server Compact 3.5 Design Tools ENU
"{305D4B08-5807-4475-B1C8-D54685534864}" = LightScribeTemplateLabeler
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3A762A82-618D-3CAA-B847-D074ABFA0B2E}" = MSDN Library for Visual Studio 2008 - ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D7E3EC9-46CF-4359-9289-39CE01DFB82F}" = Adobe Photoshop CS3
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{42A96544-2842-444E-8A27-A61848DDEC87}" = Adobe Photoshop Lightroom 2.1
"{44F7BA74-C11A-49FC-B2FC-1B827C491F74}" = Microsoft Expression Studio 3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C6D5779-A766-45DF-9938-D6F595A66F2B}" = Microsoft Expression Blend 4
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{4CBABDFD-49F8-47FD-BE7D-ECDE7270525A}" = Windows Live PIMT Platform
"{5115C036-C0D5-4E1B-81C9-542CA967478A}" = muvee autoProducer 6.1
"{51846830-E7B2-4218-8968-B77F0FF475B8}" = Adobe Color EU Extra Settings
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{54793AA1-5001-42F4-ABB6-C364617C6078}" = Adobe Linguistics CS3
"{55979C41-7D6A-49CC-B591-64AC1BBE2C8B}" = HP Picasso Media Center Add-In
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E453519-60F6-4A4D-A0BF-16663F9B3536}" = Safari
"{5EE6E987-1B79-4A93-832B-27472C7D1579}" = WPF Toolkit February 2010 (Version 3.5.50211.1)
"{5F8D931D-B230-47F3-A9C0-0C8CA459A332}" = Microsoft Expression Web 4
"{61AD15B2-50DB-4686-A739-14FE180D4429}" = Windows Live ID Sign-in Assistant
"{64c5b887-b5ee-42b8-8596-78905a6b5f1f}" = Microsoft Windows SDK for Visual Studio 2008 SDK Reference Assemblies and IntelliSense
"{65BCF909-6AF7-4B01-8EB3-713CE2873DC8}" = Microsoft Expression Web 3
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{6753B40C-0FBD-3BED-8A9D-0ACAC2DCD85D}" = Microsoft Document Explorer 2008
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6A05FEDF-662E-46BF-8A25-010E3F1C9C69}" = Windows Live UX Platform Language Pack
"{6A9D1594-7791-48f5-9CAA-DE9BCB968320}" = Kingdoms of Amalur: Reckoning
"{6ABE0BEE-D572-4FE8-B434-9E72A289431B}" = Adobe Fonts All
"{6C9F6D23-E9AD-43C9-B43A-011562AAF876}" = Windows Mobile 5.0 SDK R2 for Pocket PC
"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3
"{7020FC34-6E04-4858-924D-354B28CB2402}_is1" = Luminance HDR 2.1.0
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{752E90AC-3F11-4EA3-88EA-96441047EC31}" = Microsoft Expression Web 3 SP1
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}" = Microsoft Silverlight 4 SDK
"{802771A9-A856-4A41-ACF7-1450E523C923}" = Adobe XMP Panels CS3
"{80956555-A512-4190-9CAD-B000C36D6B6B}" = Windows Live Messenger
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-0021-0000-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer 2007
"{90120000-0021-0000-0000-0000000FF1CE}_VisualWebDeveloper_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0021-0409-0000-0000000FF1CE}" = Microsoft Office Visual Web Developer MUI (English) 2007
"{90120000-0021-0409-0000-0000000FF1CE}_VisualWebDeveloper_{C00A9857-850C-4C68-A583-2EF4F24706F5}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_VisualWebDeveloper_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95655ED4-7CA5-46DF-907F-7144877A32E5}" = Adobe Color NA Recommended Settings
"{9656F3AC-6BA9-43F0-ABED-F214B5DAB27B}" = Windows Mobile 5.0 SDK R2 for Smartphone
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A33B83D-FFC4-44CF-BEEF-632DECEF2FCD}" = Microsoft SQL Server Database Publishing Wizard 1.2
"{9B3A1C97-A361-463E-8817-444F9F88CDFE}" = Microsoft Expression Blend SDK for .NET 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3
"{9DBA770F-BF73-4D39-B1DF-6035D95268FC}" = HP Customer Feedback
"{A06FE62B-CEBC-4E94-AED8-92DCC33BC8EA}" = Microsoft Expression Studio 4
"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps
"{A2D81E70-2A98-4A08-A628-94388B063C5E}" = Adobe Color - Photoshop Specific
"{A4FA40F1-B88C-4BDF-B291-ED34982CB48F}" = Microsoft Expression Blend 3
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA467959-A1D6-4F45-90CD-11DC57733F32}" = Crystal Reports Basic for Visual Studio 2008
"{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}" = PDF Settings
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B268E9A1-04A9-40D0-9866-846BE2B74BA7}" = Microsoft Windows SDK for Visual Studio 2008 Win32 Tools
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 266.58
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.1.13.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B32E7732-B2FB-3FD0-81AC-6025B1104C66}" = Microsoft Device Emulator version 3.0 - ENU
"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0
"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF127B80-CFD5-4379-9752-E8AF1A5D0141}" = Microsoft Expression Encoder 4 Screen Capture Codec
"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C8D47273-7A1A-4614-A3D8-263632D8A5ED}" = HP Customer Experience Enhancements
"{CAA376AF-0DE8-4FCA-942E-C6AC579B94B3}" = Microsoft Windows SDK for Visual Studio 2008 Tools
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client
"{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}" = Adobe PDF Library Files
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7DAD1E4-45F4-3B2B-899A-EA728167EC4F}" = Microsoft Visual Studio 2008 Professional Edition - ENU
"{DADD7B8A-BCB0-44F5-967A-ECB6B4F2ECD9}" = Adobe Color Common Settings
"{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}" = Adobe Color JA Extra Settings
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E69AE897-9E0B-485C-8552-7841F48D42D8}" = Adobe Update Manager CS3
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{E9980014-BE11-4891-A5F4-0F2917B856BC}" = Microsoft Expression Design 3
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{EDDF99D9-9FE3-4871-A7DB-D1522C51EE9A}" = Microsoft .NET Compact Framework 2.0 SP2
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}" = Microsoft Expression Web 4 Service Pack 2
"{F6D6B258-E3CA-4AAC-965A-68D3E3140A8C}" = iTunes
"{F73340A9-8AA9-49C4-937E-E271B837056C}" = Microsoft Expression Encoder 3
"{F9FD80CE-0448-4D4F-8BCD-77FC514C3F99}" = Vista Codec Package
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{fef8097e-662d-49b3-aa77-2919db3746d7}" = HP Total Care Advisor
"{FF11004C-F42A-4A31-9BCF-7F5C8FDBE53C}" = Adobe Setup
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Adobe_719d6f144d0c086a0dfa7ff76bb9ac1" = Adobe Photoshop CS3
"Advanced Video FX Engine" = Advanced Video FX Engine
"Blend_3.0.1927.0" = Microsoft Expression Blend 3
"Blend_4.0.20525.0" = Microsoft Expression Blend 4
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200C14F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows
"Design_6.0.1739.0" = Microsoft Expression Design 3
"Design_7.0.20516.0" = Microsoft Expression Design 4
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVDFab 8 Qt_is1" = DVDFab 8.1.3.3 (12/11/2011) Qt Beta
"Encoder_3.0.1332.0" = Microsoft Expression Encoder 3
"Encoder_4.0.1639.0" = Microsoft Expression Encoder 4
"ExpressionStudio_3.0.1061.0" = Microsoft Expression Studio 3
"ExpressionStudio_4.0.20525.0" = Microsoft Expression Studio 4
"Flickr Uploadr" = Flickr Uploadr 3.2.1
"HandBrake" = HandBrake 0.9.5
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"MetaFrame Presentation Server Web Client for Win32" = MetaFrame Presentation Server Web Client for Win32
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Document Explorer 2008" = Microsoft Document Explorer 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Microsoft Visual Studio 2008 Professional Edition - ENU" = Microsoft Visual Studio 2008 Professional Edition - ENU
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"MSDN Library for Visual Studio 2008 - ENU" = MSDN Library for Visual Studio 2008 - ENU
"NIS" = Norton Internet Security
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OfficeTrial" = Microsoft Office Home and Student 60 day trial
"Origin" = Origin
"OsdMaestro" = HP On-Screen Cap/Num/Scroll Lock Indicator
"PC-Doctor 5 for Windows" = Hardware Diagnostic Tools
"PeerGuardian_is1" = PeerGuardian 2.0
"Picasa 3" = Picasa 3
"Rocketfish VF0510" = Rocketfish 2MP AF Webcam Driver (1.00.06.00)
"Rocketfish Webcam User's Guide" = Rocketfish Webcam User's Guide
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.3
"Steam App 203970" = Kingdoms of Amalur: Reckoning Demo
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime
"VisualWebDeveloper" = Microsoft Visual Studio Web Authoring Component
"VZAccess Manager" = VZAccess Manager
"Web_3.0.3813.0" = Microsoft Expression Web 3
"Web_4.0.1303.0" = Microsoft Expression Web 4
"WildTangent hp Master Uninstall" = My HP Games
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3217977271-4127519066-1456135028-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"Facebook Plug-In" = Facebook Plug-In
"UnityWebPlayer" = Unity Web Player
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/18/2012 7:46:54 PM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2012 8:34:20 PM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
Description =

Error - 2/18/2012 8:42:57 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
Description =

Error - 2/18/2012 8:42:57 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
Description =

Error - 2/18/2012 8:42:58 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
Description =

Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
Description =

Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1005
Description =

Error - 2/18/2012 8:43:03 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1018
Description =

Error - 2/18/2012 8:43:06 PM | Computer Name = 0x10k0d30x1x1x0 | Source = Perflib | ID = 1008
Description =

Error - 2/19/2012 12:27:02 AM | Computer Name = 0x10k0d30x1x1x0 | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
Description =

Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7031
Description =

Error - 2/19/2012 12:22:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7031
Description =

Error - 2/19/2012 12:22:17 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
Description =

Error - 2/19/2012 12:26:33 AM | Computer Name = 0x10k0d30x1x1x0 | Source = EventLog | ID = 6008
Description = The previous system shutdown at 11:23:39 PM on 2/18/2012 was unexpected.

Error - 2/19/2012 12:27:02 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7026
Description =

Error - 2/19/2012 12:40:09 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7034
Description =

Error - 2/19/2012 12:40:54 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
Description =

Error - 2/19/2012 12:49:51 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
Description =

Error - 2/19/2012 12:56:13 AM | Computer Name = 0x10k0d30x1x1x0 | Source = Service Control Manager | ID = 7030
Description =


< End of report >

 

[Broni]

I can't proceed since you didn't answer my question:

How is redirection?

 

[EM0]

Oops

Sorry I missed that question more worried with following the directions.

Other than everything seeming really slow I am not getting redirected at this point. Pages are taking a long time to load on that computer but pop up on this one.

Thanks again for your help with this.

 

[Broni]

Does the slowness affect a browser only?
If so, which browser?

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
  O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
  O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
  O15 - HKU\S-1-5-21-3217977271-4127519066-1456135028-1006\..Trusted Ranges: Range1 ([http] in )
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2010/10/06 21:26:11 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG10
  [2010/07/10 21:16:13 | 000,000,000 | ---D | M] -- C:\Users\Owner\AppData\Roaming\AVG9
  @Alternate Data Stream - 144 bytes -> C:\ProgramData\TEMP:07BF512B
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyjava]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

=================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.
• Do NOT post JavaRa log.

====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

• Make sure the following options are checked:
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[EM0]

Working on other logs.

Appears to be FireFox more than IE in the few sites I tried just now after a reboot.

Thanks again and I am working on the other suggestions.

 

[EM0]

New OTL scan

All processes killed
========== OTL ==========
Registry key HKU.DEFAULTSOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKU.DEFAULT..Trusted Ranges Range1 not found.
Registry key HKUS-1-5-18SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-18..Trusted Ranges Range1 not found.
Registry key HKUS-1-5-21-3217977271-4127519066-1456135028-1000SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-21-3217977271-4127519066-1456135028-1000..Trusted Ranges Range1 not found.
Registry key HKUS-1-5-21-3217977271-4127519066-1456135028-1006SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\HKUS-1-5-21-3217977271-4127519066-1456135028-1006..Trusted Ranges Range1 not found.
Starting removal of ActiveX control O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\O16 - DPF {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\O16 - DPF {E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder CUsersOwnerAppDataRoamingAVG10\ not found.
Folder CUsersOwnerAppDataRoamingAVG9\ not found.
Unable to delete ADS Alternate Data Stream - 144 bytes - CProgramDataTEMP07BF512B .
File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoring] not found.
File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecAntiVirus] not found.
File EY_LOCAL_MACHINESOFTWAREMicrosoftSecurity CenterMonitoringSymantecFirewall] not found.
File rity] not found.
File ptytemp] not found.
File ptyjava] not found.
File ptyflash] not found.
File boot] not found.

OTL by OldTimer - Version 3.2.33.0 log created on 02192012_140248

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[EM0]

I think these all of the logs you requested

If I missed anything let me know and I will grab it for you off the key. Is it safe yet to backup my data to a removeable drive without taking a chance of infecting another system I might hook it up too?

Thanks again for all your help.


Results of screen317's Security Check version 0.99.24
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
[size=1]WMI entry may not exist for antivirus; attempting automatic update.[/size]
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Spybot - Search & Destroy 1.3
Java(TM) 6 Update 31
Java(TM) SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Mozilla Firefox (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````




Farbar Service Scanner Version: 14-02-2012
Ran by Owner (administrator) on 19-02-2012 at 14:32:16
Running from "C:\VIRTUAL"
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Yahoo IP is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

Windows Update:
============

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



C:\TDSSKiller_Quarantine\18.02.2012_18.39.52\mbr0000\tdlfs0000\tsk0005.dta a variant of Win32/Rootkit.Kryptik.JG trojan cleaned by deleting - quarantined

 

[Broni]

Is it safe yet to backup my data to a removeable drive without taking a chance of infecting another system I might hook it up too?

At this point yes.

Uninstall Java(TM) SE Runtime Environment 6 Update 1

===============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[Broni]

The issue seems to be resolved.