TechSpot

Firefox redirecting, BSOD on Win7

By sache16
Nov 28, 2010
  1. Firefox has been redirecting links since yesterday and i know it is a virus or malware of some sort because avast detected it but before i could get it off, the blue screen popped up and dumped files then restarted.

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5202

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    11/28/2010 3:24:06 PM
    mbam-log-2010-11-28 (15-24-06).txt

    Scan type: Quick scan
    Objects scanned: 146146
    Time elapsed: 5 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 1

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    C:\Windows\lsass.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x3E 0x15 0x9A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9F 0xB9 0x43 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x88 0xED 0x24 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7F 0xD3 0xCC 0xFB ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x01 0x3E 0x15 0x9A ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6C 0x9F 0xB9 0x43 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xB5 0x88 0xED 0x24 ...
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x7F 0xD3 0xCC 0xFB ...

    ---- EOF - GMER 1.0.15 ----


    DDS (Ver_10-11-27.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/22/2009 4:08:28 PM
    System Uptime: 11/28/2010 3:24:58 PM (1 hours ago)

    Motherboard: PEGATRON CORPORATION | | VIOLET
    Processor: AMD Phenom(tm) 9650 Quad-Core Processor | CPU 1 | 1196/200mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 582 GiB total, 165.052 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.59 GiB free.
    E: is FIXED (NTFS) - 228 GiB total, 26.945 GiB free.
    F: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    J: is FIXED (FAT32) - 5 GiB total, 2.117 GiB free.
    K: is Removable
    L: is CDROM ()
    M: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP190: 11/27/2010 10:45:47 PM - Installed TSR Launcher
    RP191: 11/28/2010 3:00:11 AM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    ABC Amber LIT Converter
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.3.2
    Adobe Reader 9.4.1
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Software Update
    avast! Free Antivirus
    AviSynth 2.5
    Before You Know It 3.6 Deluxe
    Byki
    Byki Express
    Combined Community Codec Pack 2009-09-09
    CyberLink DVD Suite Deluxe
    Default Manager
    DirectX for Managed Code Update (Summer 2004)
    DVDFab 8.0.5.0 (18/11/2010)
    EA Download Manager
    Enhanced Multimedia Keyboard Solution
    eReader
    ffdshow [rev 2583] [2009-01-05]
    Gravity
    Haali Media Splitter
    HijackThis 2.0.2
    HP Active Support Library
    HP Advisor
    HP Customer Experience Enhancements
    HP Games
    HP MediaSmart Demo
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Remote Solution
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    Human Japanese 2.0
    Java Auto Updater
    Java(TM) 6 Update 22
    LabelPrint
    LightScribe System Software
    LimeWire 5.3.6
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB953297)
    Microsoft Choice Guard
    Microsoft Live Search Toolbar
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Home and Student 2007
    Microsoft Office Home and Student 2007 Trial
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 3.0 Runtime
    Mobipocket Reader 6.2
    Mozilla Firefox (3.5.6)
    MSVCRT
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PictureMover
    Power2Go
    PowerDirector
    Python 2.6 pywin32-212
    Python 2.6.1
    QuickTime
    ReadWrite Kanji Version 1.5
    RealMedia (remove only)
    Realtek High Definition Audio Driver
    Rosetta Stone V3
    Safari
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB978380)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft Office Excel 2007 (KB978382)
    Security Update for Microsoft Office PowerPoint 2007 (KB957789)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB969613)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB969604)
    Sothink Movie DVD Maker
    TeLL me More CJ
    The Sims™ 3
    The Sims™ 3 Ambitions
    The Sims™ 3 High-End Loft Stuff
    The Sims™ 3 Late Night
    The Sims™ 3 World Adventures
    TSR Launcher
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office InfoPath 2007 (KB976416)
    Windows Installer Clean Up
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Media Player Firefox Plugin
    WinRAR archiver

    ==== End Of File ===========================



    DDS (Ver_10-11-27.01) - NTFS_AMD64
    Run by Sache' at 16:27:24.06 on Sun 11/28/2010
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.7935.6214 [GMT -6:00]

    SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Windows\System32\StikyNot.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\ctfmon.exe
    C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Sache'\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    uStart Page = hxxp://www.ask.com?o=15772&l=dis
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
    TB: WhiteSmoke Toolbar: {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
    uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
    uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
    mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
    mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    Trusted Zone: juno.com
    DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} - hxxps://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} - hxxp://www.worldwinner.com/games/v57/wof/wof.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
    TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll
    mRun-x64: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    mRunOnce-x64: [PCDrProfiler] "C:\Program Files\PC-Doctor for Windows\RunProfiler.exe" -r

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=
    FF - prefs.js: browser.search.selectedEngine - DAEMON Search
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - component: C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    FF - Extension: LOOP for Firefox: fireloop@drawloop.com - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\fireloop@drawloop.com
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Extension: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
    FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-4-7 121936]
    R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-4-7 22096]
    R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-4-7 63568]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
    R3 RTL8187;NETGEAR WG111v2 54Mbps Wireless USB 2.0 Adapter Vista Driver;C:\Windows\System32\drivers\wg111v2.sys [2007-12-26 340992]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 avast! Mail Scanner;avast! Mail Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
    S3 avast! Web Scanner;avast! Web Scanner;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-5-8 40384]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-31 1255736]

    =============== Created Last 30 ================

    2010-11-28 21:16:22 -------- dc----w- C:\Users\Sache'\Shaggy - The Boombastic Collection - Best Of + c0vers
    2010-11-28 21:07:22 -------- dc----w- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
    2010-11-28 11:33:37 -------- dc----w- C:\Program Files (x86)\whitesmoketoolbar
    2010-11-28 04:46:12 -------- dc----w- C:\Program Files (x86)\The Sims Resource
    2010-11-27 22:19:54 -------- dc----w- C:\Program Files (x86)\Trend Micro
    2010-11-27 22:11:19 -------- dc----w- C:\Users\Sache'\AppData\Roaming\Malwarebytes
    2010-11-27 22:11:13 38224 -c--a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-27 22:11:12 24664 -c--a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-27 22:11:12 -------- dc----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-27 22:11:12 -------- dc----w- C:\PROGRA~3\Malwarebytes
    2010-11-27 21:53:36 -------- dc----w- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
    2010-11-27 21:33:26 16384 -c--a-w- C:\Windows\cftm.exe
    2010-11-27 21:33:08 939543 -c--a-w- C:\Windows\plugincontainers.exe
    2010-11-25 05:51:49 -------- dc----w- C:\PROGRA~3\Trymedia
    2010-11-25 05:51:07 -------- dc----w- C:\Windows\Mystic Emporium
    2010-11-25 04:19:15 -------- dc----w- C:\Program Files (x86)\Common Files\SWF Studio
    2010-11-25 04:19:14 -------- dcsh--w- C:\Users\Sache'\AppData\Local\.#
    2010-11-25 02:11:08 -------- dc----w- C:\Program Files (x86)\Gravity
    2010-11-25 01:36:04 43680 -c--a-w- C:\Windows\System32\drivers\lirsgt.sys
    2010-11-25 01:36:04 314016 -c--a-w- C:\Windows\System32\drivers\atksgt.sys
    2010-11-24 21:02:31 99384 -c--a-w- C:\Users\Sache'\AppData\Roaming\inst.exe
    2010-11-24 21:02:31 82816 -c--a-w- C:\Windows\System32\drivers\pcouffin.sys
    2010-11-24 21:02:31 82816 -c--a-w- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
    2010-11-24 21:02:21 -------- dc----w- C:\Program Files (x86)\DVDFab 8
    2010-11-21 20:22:41 243712 ----a-w- C:\Windows\System32\drivers\ks.sys
    2010-11-21 20:22:05 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-11-21 20:22:04 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-11-21 20:22:04 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-11-21 20:22:03 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-11-21 20:22:03 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-11-21 20:22:03 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-11-21 20:22:03 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-11-21 20:21:58 861184 ----a-w- C:\Windows\System32\oleaut32.dll
    2010-11-21 20:21:58 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2010-11-21 20:21:57 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-11-21 09:05:19 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
    2010-11-21 09:05:19 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
    2010-11-21 09:05:19 48960 ----a-w- C:\Windows\System32\netfxperf.dll
    2010-11-21 09:05:19 444752 ----a-w- C:\Windows\System32\mscoree.dll
    2010-11-21 09:05:19 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
    2010-11-21 09:05:19 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
    2010-11-21 09:05:19 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
    2010-11-21 09:05:19 1942856 ----a-w- C:\Windows\System32\dfshim.dll
    2010-11-21 09:05:19 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
    2010-11-21 09:05:19 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
    2010-11-21 07:19:29 -------- dc----w- C:\Users\Sache'\[Kira-Fansub] My-HiME Complete (BD H264 1280x960 24fps AAC 2.0J)
    2010-11-21 05:44:52 -------- dc----w- C:\Users\Sache'\Heroic age [Complete Eps 1- 26][Eng Subs]
    2010-11-20 22:46:35 -------- dc----w- C:\games
    2010-11-20 13:00:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
    2010-11-20 13:00:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    2010-11-20 13:00:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-11-20 13:00:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-11-20 12:24:51 4582912 ----a-w- C:\Program Files\Windows NT\Accessories\wordpad.exe
    2010-11-20 12:24:50 4247040 ----a-w- C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    2010-11-20 12:24:50 2085376 ----a-w- C:\Windows\System32\ole32.dll
    2010-11-20 12:24:50 1413632 ----a-w- C:\Windows\SysWow64\ole32.dll
    2010-11-20 12:24:26 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2010-11-20 12:24:24 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2010-11-20 12:24:24 2048 ----a-w- C:\Windows\System32\tzres.dll
    2010-11-20 12:22:54 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-11-20 12:22:54 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-11-20 12:21:42 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-11-20 12:21:42 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-11-20 12:21:00 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-11-20 12:21:00 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-11-20 12:20:58 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-11-20 12:20:58 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll
    2010-11-20 12:15:14 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-11-20 12:15:14 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-11-20 12:15:14 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-11-20 12:15:14 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-11-20 12:15:14 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-11-20 12:15:13 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-11-20 12:15:12 483840 ----a-w- C:\Windows\System32\StructuredQuery.dll
    2010-11-20 12:15:12 363520 ----a-w- C:\Windows\SysWow64\StructuredQuery.dll
    2010-11-20 11:13:54 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-11-20 11:08:13 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-11-20 11:08:13 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-11-20 10:54:47 82944 ----a-w- C:\Windows\SysWow64\iccvid.dll
    2010-11-20 09:28:44 -------- dc----w- C:\Windows\SysWow64\Adobe
    2010-11-19 02:19:28 -------- dc----w- C:\Program Files (x86)\Belkin
    2010-11-06 17:37:34 103864 -c--a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
    2010-11-06 17:37:34 103864 -c--a-w- C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll

    ==================== Find3M ====================

    2010-11-21 20:23:06 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-11-21 20:23:06 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-11-21 09:01:17 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-11-21 09:01:17 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-11-21 09:01:17 482816 ----a-w- C:\Windows\System32\html.iec
    2010-11-21 09:01:17 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-11-21 09:01:17 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-11-21 09:01:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-11-21 09:01:17 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-11-21 09:01:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-15 10:50:37 472808 -c--a-w- C:\Windows\SysWow64\deployJava1.dll

    ============= FINISH: 16:28:15.02 ===============
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =====================================================================

    Download SUPERAntiSpyware Free for Home Users:
    http://www.superantispyware.com/


    • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
    • An icon will be created on your desktop. Double-click that icon to launch the program.
    • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here: http://www.superantispyware.com/definitions.html.)
    • Close SUPERAntiSpyware.
    Restart computer in Safe Mode.
    To enter Safe Mode, restart computer, and keep tapping F8 key, until menu appears; pick Safe Mode; you'll see "Safe Mode" in all four corners of your screen

    • Open SUPERAntiSpyware.
    • Under "Configuration and Preferences", click the Preferences button.
    • Click the Scanning Control tab.
    • Under Scanner Options make sure the following are checked (leave all others unchecked):
      • Close browsers before scanning.
      • Terminate memory threats before quarantining.
    • Click the "Close" button to leave the control center screen.
    • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
    • On the left, make sure you check C:\Fixed Drive.
    • On the right, under "Complete Scan", choose Perform Complete Scan.
    • Click "Next" to start the scan. Please be patient while it scans your computer.
    • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
    • Make sure everything has a checkmark next to it and click "Next".
    • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
    • If asked if you want to reboot, click "Yes".
    • To retrieve the removal information after reboot, launch SUPERAntispyware again.
      • Click Preferences, then click the Statistics/Logs tab.
      • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
      • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      • Copy and paste the Scan Log results in your next reply.
    • Click Close to exit the program.

    Post SUPERAntiSpyware log.
     
  3. sache16

    sache16 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: NP218AA-ABA p6142p
    Logical Drives Mask: 0x00001ffc

    Kernel Drivers (total 194):
    0x03217000 \SystemRoot\system32\ntoskrnl.exe
    0x037F3000 \SystemRoot\system32\hal.dll
    0x00BA4000 \SystemRoot\system32\kdcom.dll
    0x00C44000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00C51000 \SystemRoot\system32\PSHED.dll
    0x00C65000 \SystemRoot\system32\CLFS.SYS
    0x00CC3000 \SystemRoot\system32\CI.dll
    0x00EA8000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F4C000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x01078000 \SystemRoot\System32\Drivers\spse.sys
    0x0119E000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x011A7000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x01000000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x01057000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x01061000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F5B000 \SystemRoot\system32\DRIVERS\pci.sys
    0x011D6000 \SystemRoot\System32\drivers\partmgr.sys
    0x011EB000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F8E000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00E00000 \SystemRoot\system32\DRIVERS\nvrd64.sys
    0x00E78000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00D83000 \SystemRoot\System32\drivers\mountmgr.sys
    0x00D9D000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x00C00000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x012A9000 \SystemRoot\system32\DRIVERS\storport.sys
    0x0130B000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x01316000 \SystemRoot\system32\drivers\fltmgr.sys
    0x01362000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01413000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x01376000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015B6000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x015D0000 \SystemRoot\System32\drivers\pcw.sys
    0x015E1000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0168A000 \SystemRoot\system32\drivers\ndis.sys
    0x0177C000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01AD0000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01B1C000 \SystemRoot\System32\Drivers\spldr.sys
    0x01B24000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01B5E000 \SystemRoot\System32\Drivers\mup.sys
    0x01B70000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01B79000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01BB3000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01A51000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01A7B000 \SystemRoot\System32\Drivers\Null.SYS
    0x01A84000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01A8B000 \SystemRoot\System32\drivers\vga.sys
    0x01A99000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01ABE000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BE1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01BEA000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01BF3000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x01675000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x017DC000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x01273000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x017ED000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x015EB000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02EEE000 \SystemRoot\system32\drivers\afd.sys
    0x02F78000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02F82000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02FC7000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02FD0000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02E00000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02E0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02E2A000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02E3E000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02E8F000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E9B000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02EA6000 \SystemRoot\System32\drivers\discache.sys
    0x02EB5000 \SystemRoot\System32\Drivers\dfsc.sys
    0x02ED3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x013D4000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x01291000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x01400000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x00FEA000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x040E4000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x0413A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x0414B000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x0416F000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x041AD000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x041BA000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x04000000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x04A7B000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x0557B000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x04444000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04538000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x0457E000 \SystemRoot\System32\Drivers\a5taueq1.SYS
    0x045C3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x045CC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x045DC000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04400000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04424000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x0557D000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x055AC000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x055C7000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04A00000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04430000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x04A1A000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0443F000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x04A29000 \SystemRoot\system32\DRIVERS\ks.sys
    0x055E8000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x04052000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x040AC000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05C0C000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05E9F000 \SystemRoot\system32\drivers\portcls.sys
    0x05EDC000 \SystemRoot\system32\drivers\drmk.sys
    0x05EFE000 \SystemRoot\system32\drivers\ksthunk.sys
    0x05F04000 \SystemRoot\system32\DRIVERS\cdfs.sys
    0x00020000 \SystemRoot\System32\win32k.sys
    0x05F21000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05F2D000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05F3B000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x05F45000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x05F83000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05F96000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05FA4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05FBD000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05FC6000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05FC8000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05FD5000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05FF2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x05E5D000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x05E78000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00430000 \SystemRoot\System32\TSDDD.dll
    0x008A0000 \SystemRoot\System32\ATMFD.DLL
    0x007A0000 \SystemRoot\System32\cdd.dll
    0x040C1000 \SystemRoot\system32\drivers\luafv.sys
    0x01A00000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x05E86000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x01A1B000 \SystemRoot\system32\drivers\WudfPf.sys
    0x01A3C000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x0621D000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06270000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x06283000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x0629B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x062B9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x062D1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x062FE000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x0634C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x0636F000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x07407000 \SystemRoot\system32\drivers\HTTP.sys
    0x074CF000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x074DC000 \SystemRoot\system32\drivers\peauth.sys
    0x07582000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x0758D000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x075BA000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x078A2000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07909000 \SystemRoot\System32\DRIVERS\srv.sys
    0x079AA000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x07871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x07800000 \SystemRoot\system32\DRIVERS\wg111v2.sys
    0x76D10000 \Windows\System32\ntdll.dll
    0x47960000 \Windows\System32\smss.exe
    0xFF030000 \Windows\System32\apisetschema.dll
    0xFF740000 \Windows\System32\autochk.exe
    0xFEF80000 \Windows\System32\comdlg32.dll
    0xFEF60000 \Windows\System32\sechost.dll
    0xFEF30000 \Windows\System32\imm32.dll
    0xFEDB0000 \Windows\System32\urlmon.dll
    0xFEDA0000 \Windows\System32\lpk.dll
    0xFED00000 \Windows\System32\clbcatq.dll
    0xFEC20000 \Windows\System32\advapi32.dll
    0xFEBD0000 \Windows\System32\ws2_32.dll
    0xFEBB0000 \Windows\System32\imagehlp.dll
    0xFEB60000 \Windows\System32\Wldap32.dll
    0xFEA30000 \Windows\System32\wininet.dll
    0xFE9B0000 \Windows\System32\difxapi.dll
    0xFE930000 \Windows\System32\shlwapi.dll
    0x76EE0000 \Windows\System32\normaliz.dll
    0xFE920000 \Windows\System32\nsi.dll
    0xFE6C0000 \Windows\System32\iertutil.dll
    0xFE590000 \Windows\System32\rpcrt4.dll
    0xFE380000 \Windows\System32\ole32.dll
    0xFD5F0000 \Windows\System32\shell32.dll
    0x76ED0000 \Windows\System32\psapi.dll
    0xFD510000 \Windows\System32\oleaut32.dll
    0xFD470000 \Windows\System32\msvcrt.dll
    0xFD3A0000 \Windows\System32\usp10.dll
    0x76C10000 \Windows\System32\user32.dll
    0xFD1C0000 \Windows\System32\setupapi.dll
    0x76AF0000 \Windows\System32\kernel32.dll
    0xFD0B0000 \Windows\System32\msctf.dll
    0xFD040000 \Windows\System32\gdi32.dll
    0xFCFD0000 \Windows\System32\KernelBase.dll
    0xFCF30000 \Windows\System32\comctl32.dll
    0xFCEF0000 \Windows\System32\wintrust.dll
    0xFCD80000 \Windows\System32\crypt32.dll
    0xFCD60000 \Windows\System32\devobj.dll
    0xFCD20000 \Windows\System32\cfgmgr32.dll
    0xFCD10000 \Windows\System32\msasn1.dll
    0x750A0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 58):
    0 System Idle Process
    4 System
    312 C:\Windows\System32\smss.exe
    448 csrss.exe
    496 C:\Windows\System32\wininit.exe
    528 csrss.exe
    552 C:\Windows\System32\services.exe
    572 C:\Windows\System32\lsass.exe
    580 C:\Windows\System32\lsm.exe
    688 C:\Windows\System32\svchost.exe
    772 C:\Windows\System32\nvvsvc.exe
    812 C:\Windows\System32\svchost.exe
    884 C:\Windows\System32\svchost.exe
    924 C:\Windows\System32\svchost.exe
    956 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\winlogon.exe
    628 C:\Windows\System32\audiodg.exe
    508 C:\Windows\System32\svchost.exe
    1088 C:\Windows\System32\svchost.exe
    1168 C:\Windows\System32\nvvsvc.exe
    1188 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1464 C:\Windows\System32\dwm.exe
    1488 C:\Windows\explorer.exe
    1580 C:\Windows\System32\spoolsv.exe
    1624 C:\Windows\System32\taskhost.exe
    1632 C:\Windows\System32\svchost.exe
    1780 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1808 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1964 C:\Windows\System32\svchost.exe
    2004 C:\Windows\System32\svchost.exe
    2512 C:\Windows\System32\nvraidservice.exe
    2552 C:\Program Files (x86)\uTorrent\uTorrent.exe
    2584 C:\Windows\System32\StikyNot.exe
    2604 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    2628 WmiPrvSE.exe
    2936 C:\Windows\System32\wbem\unsecapp.exe
    3000 C:\Windows\System32\SearchIndexer.exe
    2108 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    2160 C:\Program Files\Windows Sidebar\sidebar.exe
    2900 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    168 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    380 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    2100 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    2616 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    2500 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3156 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3604 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3624 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
    780 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
    3164 C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    2484 C:\Windows\System32\wuauclt.exe
    2396 C:\Program Files (x86)\Combined Community Codec Pack\MPC\mpc-hc.exe
    4544 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4712 C:\Windows\System32\SearchProtocolHost.exe
    932 C:\Windows\System32\SearchFilterHost.exe
    2388 C:\Users\Sache'\Desktop\MBRCheck.exe
    152 C:\Windows\System32\conhost.exe
    4160 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`93f9e000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0
    PhysicalDrive1 Model Number: ST3250824AS, Rev: 3.AA

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 RE: Unknown MBR code
    SHA1: CEFD837A02A1F4445A136688B10013AE4399C2CF
    232 GB \\.\PhysicalDrive1 RE: Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!




    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 11/29/2010 at 02:28 AM

    Application Version : 4.46.1000

    Core Rules Database Version : 5923
    Trace Rules Database Version: 3735

    Scan type : Complete Scan
    Total Scan Time : 03:25:44

    Memory items scanned : 346
    Memory threats detected : 0
    Registry items scanned : 14331
    Registry threats detected : 147
    File items scanned : 485811
    File threats detected : 1

    Adware.Gamevance
    (x86) HKU\S-1-5-21-3733315040-2452636875-3314474338-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}
    (x86) HKCR\CLSID\{BEAC7DC8-E106-4C6A-931E-5A42E7362883}

    Malware.Trace
    (x86) HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL
    (x86) HKU\S-1-5-18\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON#SHELL

    Adware.MyWebSearch/FunWebProducts
    (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}
    (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
    (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib
    (x64) HKCR\Interface\{07B18EAA-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
    (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}
    (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\ProxyStubClsid32
    (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib
    (x64) HKCR\Interface\{07B18EAC-A523-4961-B6BB-170DE4475CCA}\TypeLib#Version
    (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}
    (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\ProxyStubClsid32
    (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib
    (x64) HKCR\Interface\{1093995A-BA37-41D2-836E-091067C4AD17}\TypeLib#Version
    (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}
    (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\ProxyStubClsid32
    (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib
    (x64) HKCR\Interface\{120927BF-1700-43BC-810F-FAB92549B390}\TypeLib#Version
    (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}
    (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\ProxyStubClsid32
    (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib
    (x64) HKCR\Interface\{17DE5E5E-BFE3-4E83-8E1F-8755795359EC}\TypeLib#Version
    (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}
    (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\ProxyStubClsid32
    (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib
    (x64) HKCR\Interface\{1F52A5FA-A705-4415-B975-88503B291728}\TypeLib#Version
    (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}
    (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\ProxyStubClsid32
    (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib
    (x64) HKCR\Interface\{247A115F-06C2-4FB3-967D-2D62D3CF4F0A}\TypeLib#Version
    (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}
    (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    (x64) HKCR\Interface\{2E3537FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    (x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
    (x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid
    (x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\ProxyStubClsid32
    (x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib
    (x64) HKCR\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}\TypeLib#Version
    (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}
    (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\ProxyStubClsid32
    (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib
    (x64) HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495}\TypeLib#Version
    (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}
    (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\ProxyStubClsid32
    (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib
    (x64) HKCR\Interface\{3E53E2CB-86DB-4A4A-8BD9-FFEB7A64DF82}\TypeLib#Version
    (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}
    (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
    (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib
    (x64) HKCR\Interface\{3E720451-B472-4954-B7AA-33069EB53906}\TypeLib#Version
    (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}
    (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\ProxyStubClsid32
    (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib
    (x64) HKCR\Interface\{3E720453-B472-4954-B7AA-33069EB53906}\TypeLib#Version
    (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}
    (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
    (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
    (x64) HKCR\Interface\{63D0ED2B-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
    (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}
    (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\ProxyStubClsid32
    (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib
    (x64) HKCR\Interface\{63D0ED2D-B45B-4458-8B3B-60C69BBBD83C}\TypeLib#Version
    (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}
    (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\ProxyStubClsid32
    (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib
    (x64) HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA}\TypeLib#Version
    (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}
    (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\ProxyStubClsid32
    (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib
    (x64) HKCR\Interface\{72EE7F04-15BD-4845-A005-D6711144D86A}\TypeLib#Version
    (x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
    (x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid
    (x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\ProxyStubClsid32
    (x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib
    (x64) HKCR\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}\TypeLib#Version
    (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}
    (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    (x64) HKCR\Interface\{7473D291-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}
    (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    (x64) HKCR\Interface\{7473D293-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}
    (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    (x64) HKCR\Interface\{7473D295-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}
    (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\ProxyStubClsid32
    (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib
    (x64) HKCR\Interface\{7473D297-B7BB-4F24-AE82-7E2CE94BB6A9}\TypeLib#Version
    (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}
    (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\ProxyStubClsid32
    (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib
    (x64) HKCR\Interface\{90449521-D834-4703-BB4E-D3AA44042FF8}\TypeLib#Version
    (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}
    (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\ProxyStubClsid32
    (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib
    (x64) HKCR\Interface\{991AAC62-B100-47CE-8B75-253965244F69}\TypeLib#Version
    (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}
    (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\ProxyStubClsid32
    (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib
    (x64) HKCR\Interface\{A626CDBD-3D13-4F78-B819-440A28D7E8FC}\TypeLib#Version
    (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}
    (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\ProxyStubClsid32
    (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib
    (x64) HKCR\Interface\{BBABDC90-F3D5-4801-863A-EE6AE529862D}\TypeLib#Version
    (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
    (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid
    (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\ProxyStubClsid32
    (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib
    (x64) HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}\TypeLib#Version
    (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}
    (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\ProxyStubClsid32
    (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib
    (x64) HKCR\Interface\{D6FF3684-AD3B-48EB-BBB4-B9E6C5A355C1}\TypeLib#Version
    (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}
    (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\ProxyStubClsid32
    (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib
    (x64) HKCR\Interface\{DE38C398-B328-4F4C-A3AD-1B5E4ED93477}\TypeLib#Version
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\ProxyStubClsid32
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25E}\TypeLib#Version
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\ProxyStubClsid32
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib
    (x64) HKCR\Interface\{E342AF55-B78A-4CD0-A2BB-DA7F52D9D25F}\TypeLib#Version
    (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}
    (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    (x64) HKCR\Interface\{E79DFBC9-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}
    (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\ProxyStubClsid32
    (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib
    (x64) HKCR\Interface\{E79DFBCB-5697-4FBD-94E5-5B2A9C7C1612}\TypeLib#Version
    (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}
    (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\ProxyStubClsid32
    (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib
    (x64) HKCR\Interface\{EB9E5C1C-B1F9-4C2B-BE8A-27D6446FDAF8}\TypeLib#Version
    (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}
    (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\ProxyStubClsid32
    (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib
    (x64) HKCR\Interface\{F87D7FB5-9DC5-4C8C-B998-D8DFE02E2978}\TypeLib#Version

    Trojan.Vundo-Variant/F
    E:\WINDOWS\SYSTEM32\JESTERSS.DLL
     
  4. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    We need to fix your MBR...

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  5. sache16

    sache16 TS Rookie Topic Starter

    does it have to be a cd? i have one re-writable cd and the rest are dvds.
     
  6. sache16

    sache16 TS Rookie Topic Starter

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: PEGATRON CORPORATION
    BIOS Manufacturer: American Megatrends Inc.
    System Manufacturer: HP-Pavilion
    System Product Name: NP218AA-ABA p6142p
    Logical Drives Mask: 0x00005ffc

    Kernel Drivers (total 193):
    0x0320D000 \SystemRoot\system32\ntoskrnl.exe
    0x037E9000 \SystemRoot\system32\hal.dll
    0x00BAC000 \SystemRoot\system32\kdcom.dll
    0x00CAE000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
    0x00CBB000 \SystemRoot\system32\PSHED.dll
    0x00CCF000 \SystemRoot\system32\CLFS.SYS
    0x00D2D000 \SystemRoot\system32\CI.dll
    0x00C00000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x00E78000 \SystemRoot\System32\Drivers\spko.sys
    0x00F9E000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x00FA7000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x00E57000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x00E61000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x01062000 \SystemRoot\system32\DRIVERS\pci.sys
    0x01095000 \SystemRoot\System32\drivers\partmgr.sys
    0x010AA000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x010BF000 \SystemRoot\System32\drivers\volmgrx.sys
    0x0111B000 \SystemRoot\system32\DRIVERS\nvrd64.sys
    0x01193000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x011C3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01000000 \SystemRoot\system32\DRIVERS\nvraid.sys
    0x01293000 \SystemRoot\system32\DRIVERS\nvstor64.sys
    0x012D1000 \SystemRoot\system32\DRIVERS\storport.sys
    0x01333000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x0133E000 \SystemRoot\system32\drivers\fltmgr.sys
    0x0138A000 \SystemRoot\system32\drivers\fileinfo.sys
    0x0143F000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0139E000 \SystemRoot\System32\Drivers\msrpc.sys
    0x015E2000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01200000 \SystemRoot\System32\Drivers\cng.sys
    0x01400000 \SystemRoot\System32\drivers\pcw.sys
    0x01411000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x0161D000 \SystemRoot\system32\drivers\ndis.sys
    0x0170F000 \SystemRoot\system32\drivers\NETIO.SYS
    0x0176F000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x0179A000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01A3B000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x01A87000 \SystemRoot\System32\Drivers\spldr.sys
    0x01A8F000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01AC9000 \SystemRoot\System32\Drivers\mup.sys
    0x01ADB000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x01AE4000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01B1E000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01B9D000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x01BC7000 \SystemRoot\System32\Drivers\Null.SYS
    0x01BD0000 \SystemRoot\System32\Drivers\Beep.SYS
    0x01BD7000 \SystemRoot\System32\drivers\vga.sys
    0x01A00000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x01A25000 \SystemRoot\System32\drivers\watchdog.sys
    0x01BE5000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x01BEE000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x01BF7000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x017E4000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x017EF000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x0141B000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x01600000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x0160D000 \SystemRoot\System32\Drivers\aswTdi.SYS
    0x02E86000 \SystemRoot\system32\drivers\afd.sys
    0x02F10000 \SystemRoot\System32\Drivers\aswRdr.SYS
    0x02F1A000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02F5F000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02F68000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02F8E000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02F9D000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02FB8000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x02FCC000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
    0x02FD6000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
    0x02E00000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x02E51000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x02E5D000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x02E68000 \SystemRoot\System32\drivers\discache.sys
    0x02FE0000 \SystemRoot\System32\Drivers\dfsc.sys
    0x01273000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x01029000 \SystemRoot\System32\Drivers\aswSP.SYS
    0x0104C000 \SystemRoot\system32\DRIVERS\amdppm.sys
    0x02E77000 \SystemRoot\system32\DRIVERS\nvsmu.sys
    0x01284000 \SystemRoot\system32\DRIVERS\usbohci.sys
    0x03CD9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x03D2F000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03D40000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03D64000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x03DA2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x03DAF000 \SystemRoot\System32\Drivers\fastfat.SYS
    0x03C00000 \SystemRoot\system32\DRIVERS\nvmf6264.sys
    0x04AF9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
    0x055F9000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
    0x04A00000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x03C52000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x04425000 \SystemRoot\System32\Drivers\a89j5gva.SYS
    0x0446A000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x04473000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x04483000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x04499000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x044BD000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x044C9000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x044F8000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x04513000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x04534000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x0454E000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x0455D000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x0456C000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x0456E000 \SystemRoot\system32\DRIVERS\ks.sys
    0x045B1000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x05AE2000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x05B3C000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x05E04000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x05B51000 \SystemRoot\system32\drivers\portcls.sys
    0x05B8E000 \SystemRoot\system32\drivers\drmk.sys
    0x05FE5000 \SystemRoot\system32\drivers\ksthunk.sys
    0x00010000 \SystemRoot\System32\win32k.sys
    0x05FEB000 \SystemRoot\System32\drivers\Dxapi.sys
    0x05BB0000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x05BBE000 \SystemRoot\System32\Drivers\dump_diskdump.sys
    0x05A00000 \SystemRoot\System32\Drivers\dump_nvstor64.sys
    0x05A3E000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x05A51000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x05A5F000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x05FF7000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x05E00000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x05A78000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x05A85000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x05AA2000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x05AB0000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
    0x01B34000 \SystemRoot\system32\DRIVERS\wg111v2.sys
    0x05ACB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x005D0000 \SystemRoot\System32\TSDDD.dll
    0x008E0000 \SystemRoot\System32\ATMFD.DLL
    0x00700000 \SystemRoot\System32\cdd.dll
    0x05BC8000 \SystemRoot\system32\drivers\luafv.sys
    0x045C3000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
    0x05BEB000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
    0x045DE000 \SystemRoot\system32\drivers\WudfPf.sys
    0x04400000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x06293000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x062E6000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x062F9000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x06311000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x0632F000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x06347000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x06374000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x063C2000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06200000 \SystemRoot\system32\DRIVERS\atksgt.sys
    0x06C12000 \SystemRoot\system32\drivers\HTTP.sys
    0x06CDA000 \SystemRoot\system32\DRIVERS\lirsgt.sys
    0x06CE7000 \SystemRoot\system32\drivers\peauth.sys
    0x06D8D000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x06D98000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06DC5000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x070C2000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x07129000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77340000 \Windows\System32\ntdll.dll
    0x47B20000 \Windows\System32\smss.exe
    0xFF660000 \Windows\System32\apisetschema.dll
    0xFFAC0000 \Windows\System32\autochk.exe
    0xFF5D0000 \Windows\System32\difxapi.dll
    0xFF530000 \Windows\System32\comdlg32.dll
    0xFE7A0000 \Windows\System32\shell32.dll
    0xFE5C0000 \Windows\System32\setupapi.dll
    0xFE5B0000 \Windows\System32\nsi.dll
    0xFE4D0000 \Windows\System32\advapi32.dll
    0xFE4B0000 \Windows\System32\sechost.dll
    0x77240000 \Windows\System32\user32.dll
    0x77120000 \Windows\System32\kernel32.dll
    0xFE460000 \Windows\System32\ws2_32.dll
    0xFE430000 \Windows\System32\imm32.dll
    0xFE390000 \Windows\System32\clbcatq.dll
    0xFE2F0000 \Windows\System32\msvcrt.dll
    0xFE210000 \Windows\System32\oleaut32.dll
    0xFE1A0000 \Windows\System32\gdi32.dll
    0xFE090000 \Windows\System32\msctf.dll
    0x77510000 \Windows\System32\psapi.dll
    0xFE070000 \Windows\System32\imagehlp.dll
    0x77500000 \Windows\System32\normaliz.dll
    0xFDE60000 \Windows\System32\ole32.dll
    0xFDE50000 \Windows\System32\lpk.dll
    0xFDD80000 \Windows\System32\usp10.dll
    0xFDC00000 \Windows\System32\urlmon.dll
    0xFDBB0000 \Windows\System32\Wldap32.dll
    0xFDA80000 \Windows\System32\rpcrt4.dll
    0xFD950000 \Windows\System32\wininet.dll
    0xFD6F0000 \Windows\System32\iertutil.dll
    0xFD670000 \Windows\System32\shlwapi.dll
    0xFD630000 \Windows\System32\cfgmgr32.dll
    0xFD5C0000 \Windows\System32\KernelBase.dll
    0xFD580000 \Windows\System32\wintrust.dll
    0xFD560000 \Windows\System32\devobj.dll
    0xFD3F0000 \Windows\System32\crypt32.dll
    0xFD350000 \Windows\System32\comctl32.dll
    0xFD340000 \Windows\System32\msasn1.dll
    0x769B0000 \Windows\SysWOW64\normaliz.dll

    Processes (total 58):
    0 System Idle Process
    4 System
    312 C:\Windows\System32\smss.exe
    448 csrss.exe
    496 C:\Windows\System32\wininit.exe
    528 csrss.exe
    552 C:\Windows\System32\services.exe
    572 C:\Windows\System32\lsass.exe
    580 C:\Windows\System32\lsm.exe
    692 C:\Windows\System32\svchost.exe
    784 C:\Windows\System32\nvvsvc.exe
    824 C:\Windows\System32\svchost.exe
    860 C:\Windows\System32\winlogon.exe
    924 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\svchost.exe
    1000 C:\Windows\System32\svchost.exe
    624 C:\Windows\System32\audiodg.exe
    532 C:\Windows\System32\svchost.exe
    1040 C:\Windows\System32\nvvsvc.exe
    1116 C:\Windows\System32\svchost.exe
    1192 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    1348 C:\Windows\System32\dwm.exe
    1372 C:\Windows\explorer.exe
    1600 C:\Windows\System32\spoolsv.exe
    1636 C:\Windows\System32\taskhost.exe
    1648 C:\Windows\System32\svchost.exe
    1792 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    1812 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    1840 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    1984 C:\Windows\System32\svchost.exe
    1052 C:\Windows\System32\svchost.exe
    2416 C:\Windows\System32\taskeng.exe
    2544 C:\Windows\System32\nvraidservice.exe
    2572 C:\Program Files (x86)\uTorrent\uTorrent.exe
    2588 C:\Windows\System32\StikyNot.exe
    2628 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
    2656 WmiPrvSE.exe
    2844 C:\Windows\System32\wbem\unsecapp.exe
    2952 C:\Windows\System32\SearchIndexer.exe
    1020 C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    2224 C:\Program Files\Windows Sidebar\sidebar.exe
    2244 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    3016 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    3048 C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe
    2644 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    2536 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    1536 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    2564 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    3036 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    2560 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    3080 C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    3164 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    3608 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3056 C:\Users\Sache'\Desktop\MBRCheck.exe
    3532 C:\Windows\System32\conhost.exe
    2908 C:\Windows\System32\dllhost.exe
    3476 <unknown>

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
    \\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`93f9e000 (NTFS)
    \\.\E: --> \\.\PhysicalDrive1 at offset 0x00000001`56b1f600 (NTFS)
    \\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (FAT32)

    PhysicalDrive0 Model Number: WDC WD6400AAKS-65A7B, Rev: 01.0
    PhysicalDrive1 Model Number: ST3250824AS, Rev: 3.AA

    Size Device Name MBR Status
    --------------------------------------------
    596 GB \\.\PhysicalDrive0 RE: Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
    232 GB \\.\PhysicalDrive1 RE: Gateway MBR code detected
    SHA1: 007DADCB3671462B53686F6996D328CFD544ABBD


    Done!
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good job :)

    Can you check, if IE is getting redirected too?

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
     
  8. sache16

    sache16 TS Rookie Topic Starter

    GooredFix by jpshortstuff (03.07.10.1)
    Log created at 20:45 on 29/11/2010 (Sache')
    Firefox version 3.5.6 (en-US)

    ========== GooredScan ==========

    Removing Orphan:
    "FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\" -> Success!

    ========== GooredLog ==========

    C:\Program Files (x86)\Mozilla Firefox\extensions\
    {972ce4c6-7e08-4474-a285-3208198ce6fd} [21:42 15/11/2009]
    {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [02:15 22/10/2009]
    {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [05:35 10/11/2009]
    {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} [04:24 02/04/2010]
    {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [19:20 02/05/2010]
    {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [17:52 20/11/2010]

    C:\Users\Sache'\Application Data\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions\
    {20a82645-c095-46ed-80e3-08825760534b} [05:28 18/11/2009]

    C:\Users\Sache'\Application Data\Mozilla\Firefox\Profiles\ks50in09.default\extensions\
    fireloop@drawloop.com [03:58 04/08/2010]
    {20a82645-c095-46ed-80e3-08825760534b} [16:26 21/11/2010]
    {53A03D43-5363-4669-8190-99061B2DEBA5} [16:26 21/11/2010]

    [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
    "{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [04:30 22/10/2009]

    -=E.O.F=-
     
  9. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Still redirected?

     
  10. sache16

    sache16 TS Rookie Topic Starter

    oh, no its not doing that any more. it seems to be working perfectly now.
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Very good :)
    We still need to run couple more checks.

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  12. sache16

    sache16 TS Rookie Topic Starter

    OTL Extras logfile created on: 11/29/2010 9:33:07 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sache'\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 82.00% Memory free
    15.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.31 Gb Total Space | 161.29 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
    Drive D: | 13.86 Gb Total Space | 1.59 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
    Drive E: | 227.53 Gb Total Space | 26.94 Gb Free Space | 11.84% Space Free | Partition Type: NTFS
    Drive J: | 5.34 Gb Total Space | 2.12 Gb Free Space | 39.62% Space Free | Partition Type: FAT32
    Drive O: | 1.96 Gb Total Space | 1.29 Gb Free Space | 66.01% Space Free | Partition Type: FAT

    Computer Name: SACHE-PC | User Name: Sache' | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
    .url [@ = InternetShortcut] -- C:\Windows\system32\ieframe.DLL (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %* File not found
    cmdfile [open] -- "%1" %* File not found
    comfile [open] -- "%1" %* File not found
    exefile [open] -- "%1" %* File not found
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %* File not found
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1" File not found
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S File not found
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- Reg Error: Value error.
    inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{4CE36E6A-300B-427C-BEC7-B261CC13814E}" = iTunes
    "{4FFA2088-8317-3B14-93CD-4C699DB37843}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    "{5F240DB8-0D74-4F13-86C3-929760392A8D}" = HP Remote Software
    "{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
    "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    "{877924AA-E044-4266-B37D-E974CD799934}" = Bonjour
    "{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
    "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    "{CA4AF936-3312-4AF4-A191-527531490DCD}" = Apple Mobile Device Support
    "{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
    "{D2E8F543-D23A-4A38-AFFC-4BDEBFBA6FDA}" = HP MediaSmart SmartMenu
    "{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "NVIDIA Drivers" = NVIDIA Drivers
    "PC-Doctor for Windows" = Hardware Diagnostic Tools

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{0295F89F-F698-4101-9A7D-49F407EC2D82}" = HP Active Support Library
    "{03BF5CB1-B72E-4CA6-A278-F65680F05420}" = HP Picasso Media Center Add-In
    "{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
    "{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
    "{1896E712-2B3D-45eb-BCE9-542742A51032}" = PictureMover
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
    "{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 22
    "{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
    "{290CA856-3737-4874-864B-BA142F4823C8}_is1" = HP MediaSmart Demo
    "{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
    "{37904E11-A053-48C4-90D4-6DFDA2886381}" = Before You Know It 3.6 Deluxe
    "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
    "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = The Sims™ 3 Late Night
    "{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
    "{453C9E55-80DF-4BD2-9885-52A1FB0D9382}" = eReader
    "{47F36D92-E58E-456D-B73C-3382737E4C42}" = HP Update
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4F94119D-1B71-400e-9F04-B4E5CEAE71F8}_is1" = Sothink Movie DVD Maker
    "{527BBE2F-1FED-3D8B-91CB-4DB0F838E69E}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
    "{61174B54-26FC-48F3-AF5C-7C9B9A9E9A8C}" = Human Japanese 2.0
    "{628C2C7D-8AD1-E614-E8E2-6EEAD8D5F2D0}" = Acrobat.com
    "{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = The Sims™ 3 High-End Loft Stuff
    "{7210BCFE-ED8D-4261-8537-81B5A4BDFA2A}" = Rosetta Stone V3
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{73A43E42-3658-4DD9-8551-FACDA3632538}" = HP Advisor
    "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    "{784BEA84-FA66-4B19-BB80-7B545F248AC6}" = HP Total Care Setup
    "{7F10292C-A190-4176-A665-A1ED3478DF86}" = LightScribe System Software
    "{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
    "{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{E64BA721-2310-4B55-BE5A-2925F9706192}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{9082C257-9729-4009-8299-6916CD556EAC}" = TSR Launcher
    "{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = The Sims™ 3 Ambitions
    "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
    "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
    "{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9CC89170-000B-457D-91F1-53691F85B223}" = Python 2.6.1
    "{A0640EC2-B97E-4FC1-AD14-227C9E386BB4}" = HP Recovery Manager RSS
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
    "{A67BB21E-D419-45BB-AB86-7D87D14BBCE2}" = Safari
    "{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3.2
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.1
    "{AE469025-08BA-4B2A-915D-CC7765132419}" = Default Manager
    "{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
    "{B84739A3-F943-47E4-95D8-96381EF5AC48}" = HP Customer Experience Enhancements
    "{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = The Sims™ 3 World Adventures
    "{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = The Sims™ 3
    "{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
    "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "{C611CF88-969D-43E6-A877-D6D6439DD081}" = HP Remote Solution
    "{C79BF5BB-5671-41C0-A028-E9A2097D1AAD}" = Microsoft Live Search Toolbar
    "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
    "{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
    "{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "{DF802C05-4660-418c-970C-B988ADB1D316}" = Microsoft Live Search Toolbar
    "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
    "{E9E34215-82EF-4909-BE2F-F581F0DC9062}" = DirectX for Managed Code Update (Summer 2004)
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
    "{FD9E03B5-AEEA-4D59-B512-6CE4AA0281D4}" = Byki
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "ABC Amber LIT Converter" = ABC Amber LIT Converter
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "avast5" = avast! Free Antivirus
    "AviSynth" = AviSynth 2.5
    "Byki Express" = Byki Express
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "DVDFab 8_is1" = DVDFab 8.0.5.0 (18/11/2010)
    "EADM" = EA Download Manager
    "ffdshow_is1" = ffdshow [rev 2583] [2009-01-05]
    "Gravity_is1" = Gravity
    "HaaliMkx" = Haali Media Splitter
    "HijackThis" = HijackThis 2.0.2
    "HOMESTUDENTR" = Microsoft Office Home and Student 2007 Trial
    "HP Remote Solution" = HP Remote Solution
    "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
    "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
    "InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
    "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
    "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
    "InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
    "LimeWire" = LimeWire 5.3.6
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
    "Mozilla Firefox (3.5.6)" = Mozilla Firefox (3.5.6)
    "pywin32-py2.6" = Python 2.6 pywin32-212
    "ReadWrite Kanji_is1" = ReadWrite Kanji Version 1.5
    "RealMedia" = RealMedia (remove only)
    "TellmeMoreV50" = TeLL me More CJ
    "uTorrent" = µTorrent
    "WildTangent hp Master Uninstall" = HP Games
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "WinRAR archiver" = WinRAR archiver

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  13. sache16

    sache16 TS Rookie Topic Starter

    OTL logfile created on: 11/29/2010 9:33:07 PM - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Sache'\Desktop
    64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.00 Gb Total Physical Memory | 6.00 Gb Available Physical Memory | 82.00% Memory free
    15.00 Gb Paging File | 14.00 Gb Available in Paging File | 90.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 582.31 Gb Total Space | 161.29 Gb Free Space | 27.70% Space Free | Partition Type: NTFS
    Drive D: | 13.86 Gb Total Space | 1.59 Gb Free Space | 11.47% Space Free | Partition Type: NTFS
    Drive E: | 227.53 Gb Total Space | 26.94 Gb Free Space | 11.84% Space Free | Partition Type: NTFS
    Drive J: | 5.34 Gb Total Space | 2.12 Gb Free Space | 39.62% Space Free | Partition Type: FAT32
    Drive O: | 1.96 Gb Total Space | 1.29 Gb Free Space | 66.01% Space Free | Partition Type: FAT

    Computer Name: SACHE-PC | User Name: Sache' | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
    PRC - [2010/11/20 21:51:48 | 000,328,056 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe
    PRC - [2010/05/06 14:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    PRC - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    PRC - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    PRC - [2009/10/30 05:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    PRC - [2009/04/10 00:26:02 | 001,328,424 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    PRC - [2009/04/10 00:22:06 | 000,185,640 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    PRC - [2009/03/19 11:54:52 | 001,148,200 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    PRC - [2008/11/20 11:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
    MOD - [2010/11/21 03:06:05 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - File not found [Auto | Stopped] -- C:\Windows\SysNative\FastUv32.dll -- (FastUserSwitchingCompatibility)
    SRV:64bit: - [2010/06/29 11:49:27 | 000,128,752 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
    SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
    SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
    SRV:64bit: - [2010/05/06 14:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2010/07/26 17:00:57 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2010/03/19 09:49:20 | 000,144,672 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2010/01/04 12:03:42 | 000,238,328 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\sxuptp.sys -- (sxuptp)
    DRV:64bit: - File not found [Kernel | Auto | Stopped] -- C:\Program Files\MERCURE\VMLaunch\BuddyVM.sys -- ({09BB444F-B2E2-4009-BAF2-7B727681223E})
    DRV:64bit: - [2010/11/24 20:15:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
    DRV:64bit: - [2010/11/24 20:15:31 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
    DRV:64bit: - [2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
    DRV:64bit: - [2010/05/06 14:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2010/03/30 16:34:39 | 000,046,112 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,014,920 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
    DRV:64bit: - [2010/02/17 12:23:05 | 000,012,360 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
    DRV:64bit: - [2010/01/30 00:23:04 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
    DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2009/07/13 19:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 19:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 14:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
    DRV:64bit: - [2009/06/10 14:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
    DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
    DRV:64bit: - [2007/12/26 00:46:26 | 000,340,992 | ---- | M] (NETGEAR Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\wg111v2.sys -- (RTL8187)

    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
    IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15772&l=dis
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
    FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
    FF - prefs.js..browser.search.order.1: "Fast Browser Search"
    FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: fireloop@drawloop.com:2.1
    FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/04/08 23:31:33 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.6\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/11/28 15:05:36 | 000,000,000 | ---D | M]

    [2009/12/22 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Extensions
    [2009/10/21 20:16:14 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org
    [2010/03/31 02:49:42 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions
    [2009/12/22 15:48:03 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\idvgwzno.Default User\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/27 15:55:33 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions
    [2010/11/21 10:26:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2010/11/21 10:26:49 | 000,000,000 | ---D | M] (ScrapBook) -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
    [2010/08/03 21:58:01 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\extensions\fireloop@drawloop.com
    [2010/01/30 13:22:51 | 000,002,055 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\searchplugins\daemon-search.xml
    [2009/11/04 00:19:34 | 000,005,413 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\searchplugins\fast-browser-search.xml
    [2010/11/27 15:55:33 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2010/05/02 13:20:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/11/20 11:52:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2009/11/05 11:41:02 | 000,047,104 | ---- | M] (BitDefender S.R.L.) -- C:\Program Files (x86)\Mozilla Firefox\components\FFComm.dll
    [2010/09/15 04:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/11/28 05:33:13 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml

    O1 HOSTS File: ([2006/09/18 15:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O1 - Hosts: ::1 localhost
    O2 - BHO: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll (Microsoft Corp.)
    O3 - HKLM\..\Toolbar: (WhiteSmoke Toolbar) - {52794457-af6c-4c50-9def-f2e24f4c8889} - C:\Program Files (x86)\whitesmoketoolbar\whitesmoketoolbarX.dll ()
    O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
    O4:64bit: - HKLM..\Run: [HP Remote Software] C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe ()
    O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
    O4:64bit: - HKLM..\Run: [NVRaidService] C:\Windows\SysNative\nvraidservice.exe (NVIDIA Corporation)
    O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
    O4 - HKLM..\Run: [CLMLServer for HP TouchSmart] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
    O4 - HKLM..\Run: [DVDAgent] c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
    O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
    O4 - HKLM..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.exe (Microsoft)
    O4 - HKLM..\Run: [TSMAgent] c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateLBPShortCut] c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdateP2GoShortCut] c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePDIRShortCut] c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKLM..\Run: [UpdatePSTShortCut] c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
    O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
    O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\SysWow64\StikyNot.exe File not found
    O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
    O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
    O4:64bit: - HKLM..\RunOnce: [PCDrProfiler] C:\Program Files\PC-Doctor for Windows\RunProfiler.exe (PC-Doctor, Inc.)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL File not found
    O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
    O13 - gopher Prefix: missing
    O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
    O16 - DPF: {36299202-09EF-4ABF-ADB9-47C599DBE778} https://www.hpwindows7upgrade.arvato.com/north_america/Endcustomer/HPProdDetect.cab (HP Product Detection Control)
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinner.com/games/shared/wwlaunch.cab (Wwlaunch Control)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinner.com/games/v57/wof/wof.cab (WoF Control)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} http://www.worldwinner.com/games/v54/wwspades/wwspades.cab (WWSpades Control)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
    O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL File not found
    O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O24 - Desktop WallPaper: C:\Users\Sache'\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Sache'\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/06/17 03:41:16 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2004/09/13 12:15:24 | 000,000,053 | -HS- | M] () - J:\Autorun.inf -- [ FAT32 ]
    O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell - "" = AutoRun
    O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
    O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
    O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe -- File not found
    O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
    O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs:64bit: FastUserSwitchingCompatibility - C:\Windows\SysNative\FastUv32.dll File not found

    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.ac3acm - C:\Windows\SysWow64\AC3ACM.acm (fccHandler)
    Drivers32: msacm.alf2cd - C:\Windows\SysWow64\alf2cd.acm (NCT Company)
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.scg726 - C:\Windows\SysWow64\Scg726.acm (SHARP Corporation)
    Drivers32: msacm.voxacm160 - C:\Windows\SysWow64\vct3216.acm (Voxware, Inc.)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.DIVX - C:\Windows\SysWow64\divx.dll (DivXNetworks, Inc.)
    Drivers32: vidc.dvsd - C:\Windows\SysWow64\mcdvd_32.dll (MainConcept)
    Drivers32: vidc.ffds - C:\Program Files (x86)\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.mp42 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
    Drivers32: vidc.mp43 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)
    Drivers32: vidc.mpg4 - C:\Windows\SysWow64\mpg4c32.dll (Microsoft Corporation)

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/29 21:31:21 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
    [2010/11/29 20:45:07 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\GooredFix Backups
    [2010/11/29 20:44:01 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
    [2010/11/29 19:34:09 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\NTBR_CD
    [2010/11/28 22:50:38 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\SUPERAntiSpyware.com
    [2010/11/28 22:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2010/11/28 22:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\!SASCORE
    [2010/11/28 22:50:18 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2010/11/28 22:08:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ReflexiveArcade
    [2010/11/28 21:59:51 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Desktop\virus
    [2010/11/28 21:58:43 | 000,255,552 | ---- | C] (MagicISO, Inc.) -- C:\Windows\SysNative\drivers\mcdbus.sys
    [2010/11/28 15:07:22 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
    [2010/11/28 05:33:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\whitesmoketoolbar
    [2010/11/27 22:46:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\The Sims Resource
    [2010/11/27 16:19:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
    [2010/11/27 16:11:19 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Malwarebytes
    [2010/11/27 16:11:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    [2010/11/27 16:11:12 | 000,024,664 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
    [2010/11/27 16:11:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    [2010/11/27 16:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2010/11/27 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
    [2010/11/24 23:51:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia
    [2010/11/24 23:51:07 | 000,000,000 | ---D | C] -- C:\Windows\Mystic Emporium
    [2010/11/24 22:19:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
    [2010/11/24 22:19:14 | 000,000,000 | -HSD | C] -- C:\Users\Sache'\AppData\Local\.#
    [2010/11/24 21:56:46 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\vlc
    [2010/11/24 20:11:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gravity
    [2010/11/24 15:35:05 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\DVDFab
    [2010/11/24 15:02:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
    [2010/11/24 15:02:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
    [2010/11/24 15:02:31 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Vso
    [2010/11/24 15:02:31 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\PcSetup
    [2010/11/24 15:02:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDFab 8
    [2010/11/22 00:45:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Documents\Harry Potter
    [2010/11/21 01:19:29 | 000,000,000 | ---D | C] -- C:\Users\Sache'\[Kira-Fansub] My-HiME Complete (BD H264 1280x960 24fps AAC 2.0J)
    [2010/11/20 23:44:52 | 000,000,000 | ---D | C] -- C:\Users\Sache'\Heroic age [Complete Eps 1- 26][Eng Subs]
    [2010/11/20 16:46:35 | 000,000,000 | ---D | C] -- C:\games
    [2010/11/20 11:52:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2010/11/20 03:28:44 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
    [2010/11/18 20:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belkin
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe
    [2010/11/29 20:44:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
    [2010/11/29 20:03:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2010/11/29 20:03:18 | 000,010,896 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2010/11/29 19:56:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2010/11/29 19:55:59 | 1945,542,655 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/29 19:10:17 | 002,565,432 | ---- | M] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
    [2010/11/29 04:20:01 | 366,915,584 | ---- | M] () -- C:\Users\Sache'\The.Price.Is.Right.2010.11.23.HDTV.Xvid-GRamos.avi
    [2010/11/28 22:59:12 | 000,001,967 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/28 22:42:57 | 000,080,384 | ---- | M] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
    [2010/11/27 22:43:08 | 000,739,918 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2010/11/27 22:43:08 | 000,632,708 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2010/11/27 22:43:08 | 000,110,342 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2010/11/27 18:13:46 | 000,001,937 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2010/11/27 18:12:09 | 456,557,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2010/11/27 15:50:33 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
    [2010/11/27 15:33:26 | 000,016,384 | ---- | M] () -- C:\Windows\cftm.exe
    [2010/11/27 15:33:14 | 000,939,543 | ---- | M] () -- C:\Windows\plugincontainers.exe
    [2010/11/27 13:08:32 | 000,388,504 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2010/11/24 20:15:31 | 000,314,016 | ---- | M] () -- C:\Windows\SysNative\drivers\atksgt.sys
    [2010/11/24 20:15:31 | 000,043,680 | ---- | M] () -- C:\Windows\SysNative\drivers\lirsgt.sys
    [2010/11/24 15:21:10 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\lmhosts
    [2010/11/24 15:02:31 | 000,099,384 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\inst.exe
    [2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) -- C:\Windows\SysNative\drivers\pcouffin.sys
    [2010/11/24 15:02:31 | 000,082,816 | ---- | M] (VSO Software) -- C:\Users\Sache'\AppData\Roaming\pcouffin.sys
    [2010/11/24 15:02:31 | 000,007,859 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.cat
    [2010/11/24 15:02:31 | 000,001,167 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.inf
    [2010/11/24 15:02:29 | 000,001,025 | ---- | M] () -- C:\Users\Sache'\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [2010/11/19 22:06:07 | 000,005,938 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\wklnhst.dat
    [2010/11/15 17:56:03 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForSache'.job
    [2010/11/14 16:34:40 | 002,497,912 | ---- | M] () -- C:\Windows\SysWow64\HGRGMSJ0.TAL
    [2010/11/14 16:34:39 | 000,184,328 | ---- | M] () -- C:\Windows\SysWow64\T7M6S0.TAL
    [2010/11/14 16:34:37 | 000,138,332 | ---- | M] () -- C:\Windows\SysWow64\0R75L0.TAL
    [2010/11/03 20:24:29 | 000,002,214 | ---- | M] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
    [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/29 19:10:16 | 002,565,432 | ---- | C] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
    [2010/11/28 22:50:20 | 000,001,967 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
    [2010/11/28 22:42:57 | 000,080,384 | ---- | C] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
    [2010/11/28 22:37:33 | 366,915,584 | ---- | C] () -- C:\Users\Sache'\The.Price.Is.Right.2010.11.23.HDTV.Xvid-GRamos.avi
    [2010/11/27 15:50:33 | 000,000,268 | ---- | C] () -- C:\Windows\tasks\RMSchedule.job
    [2010/11/27 15:33:26 | 000,016,384 | ---- | C] () -- C:\Windows\cftm.exe
    [2010/11/27 15:33:08 | 000,939,543 | ---- | C] () -- C:\Windows\plugincontainers.exe
    [2010/11/24 19:36:04 | 000,314,016 | ---- | C] () -- C:\Windows\SysNative\drivers\atksgt.sys
    [2010/11/24 19:36:04 | 000,043,680 | ---- | C] () -- C:\Windows\SysNative\drivers\lirsgt.sys
    [2010/11/24 15:02:59 | 000,000,034 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.log
    [2010/11/24 15:02:31 | 000,099,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\inst.exe
    [2010/11/24 15:02:31 | 000,007,859 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.cat
    [2010/11/24 15:02:31 | 000,001,167 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\pcouffin.inf
    [2010/11/24 15:02:29 | 000,001,025 | ---- | C] () -- C:\Users\Sache'\Application Data\Microsoft\Internet Explorer\Quick Launch\DVDFab 8.lnk
    [2010/11/03 20:24:29 | 000,002,214 | ---- | C] () -- C:\Users\Public\Desktop\The Sims™ 3 Late Night.lnk
    [2010/09/28 16:06:25 | 000,003,584 | ---- | C] () -- C:\Users\Sache'\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/09/26 10:44:04 | 006,581,215 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Rihanna - Only Girl (In The World) 2010.zip
    [2010/06/24 22:54:35 | 000,129,024 | ---- | C] () -- C:\Windows\SysWow64\AVERM.dll
    [2010/05/29 20:59:46 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
    [2010/05/19 05:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Windowz.exe
    [2010/04/20 01:13:02 | 000,005,080 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
    [2010/04/18 19:27:11 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
    [2010/04/18 18:10:28 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/03/25 13:37:27 | 000,000,569 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\AutoGK.ini
    [2010/03/21 18:48:03 | 000,000,051 | ---- | C] () -- C:\Windows\wininit.ini
    [2010/02/18 23:13:15 | 000,000,000 | ---- | C] () -- C:\Windows\Game.INI
    [2010/01/07 02:25:26 | 000,000,017 | ---- | C] () -- C:\Users\Sache'\AppData\Local\resmon.resmoncfg
    [2009/12/22 15:21:38 | 003,240,818 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2009/11/12 20:19:54 | 000,000,025 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\bdfvconp.ini
    [2009/11/01 12:01:46 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
    [2009/10/03 17:55:29 | 000,005,938 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\wklnhst.dat
    [2009/10/01 13:41:40 | 000,029,216 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\UserTile.png
    [2009/07/13 17:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 15:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/05/06 04:25:03 | 000,354,816 | ---- | C] () -- C:\Windows\SysWow64\pythoncom26.dll
    [2009/05/06 04:25:03 | 000,108,032 | ---- | C] () -- C:\Windows\SysWow64\pywintypes26.dll

    ========== LOP Check ==========

    [2010/10/05 23:27:11 | 000,000,000 | -HSD | M] -- C:\Users\Sache'\AppData\Roaming\.#
    [2010/09/28 20:04:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Academagia
    [2010/03/22 23:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\AnvSoft
    [2010/01/08 06:09:34 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Auslogics
    [2010/10/25 23:19:29 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Avanquest
    [2010/01/08 05:54:58 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\CleanMyPC Software
    [2010/03/25 13:46:21 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\CocoonSoftware
    [2009/12/22 15:47:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/01/30 13:27:34 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\DAEMON Tools Lite
    [2010/01/30 13:12:00 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\DAEMON Tools Pro
    [2009/12/22 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Farm Mania
    [2009/12/22 15:47:44 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\funkitron
    [2010/10/03 11:36:19 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\GameInvest
    [2010/03/24 18:12:45 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\GetRightToGo
    [2010/11/19 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\LimeWire
    [2009/12/22 15:47:47 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Ludia
    [2010/10/17 15:32:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Merscom
    [2010/06/15 09:37:10 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\mjusbsp
    [2009/12/22 15:48:03 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Mobipocket
    [2010/04/20 01:13:04 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\MOVAVI
    [2010/09/28 20:35:48 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Namco
    [2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PDM
    [2009/10/01 13:41:40 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PeerNetworking
    [2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PictureMover
    [2010/11/24 23:51:50 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\PlayFirst
    [2010/11/27 15:53:36 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
    [2009/12/27 01:35:20 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Softland
    [2010/08/04 03:53:21 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\StarDict
    [2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Template
    [2010/03/17 22:47:57 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Uniblue
    [2010/05/14 23:38:43 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Unity
    [2010/11/29 21:36:26 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\uTorrent
    [2010/05/04 01:08:26 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\ViiKiiDesktopPlugin.5E22EA0FF243470AB5EDDF282C0A5B52E9909C36.1
    [2010/01/30 02:56:20 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Virtual City
    [2010/11/24 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\Vso
    [2010/11/28 15:08:00 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WhiteSmokeTranslator
    [2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WildTangent
    [2010/03/25 13:31:09 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WinAVI
    [2009/12/22 15:48:06 | 000,000,000 | ---D | M] -- C:\Users\Sache'\AppData\Roaming\WinBatch
    [2010/11/27 15:50:33 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
    [2010/09/18 19:58:57 | 000,032,594 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr
    [2009/12/22 17:14:50 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2010/03/21 22:13:13 | 000,000,238 | ---- | M] () -- C:\debug.txt
    [2010/11/29 19:55:59 | 1945,542,655 | -HS- | M] () -- C:\hiberfil.sys
    [2009/03/19 15:49:10 | 000,368,640 | R--- | M] () -- C:\lua5.1.dll
    [2010/11/29 19:56:01 | 4025,716,735 | -HS- | M] () -- C:\pagefile.sys
    [2009/05/06 05:07:15 | 000,000,361 | ---- | M] () -- C:\updatedatfix.log

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 14:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2009/07/10 11:15:46 | 000,306,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\WLXPGSS.SCR

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 22:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/07/13 23:01:14 | 000,000,442 | -HS- | M] () -- C:\ProgramData\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/11/01 13:27:02 | 000,000,286 | -HS- | M] () -- C:\Users\Sache'\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop (1).ini
    [2009/12/22 16:10:29 | 000,000,221 | -HS- | M] () -- C:\Users\Sache'\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2008/02/12 13:45:00 | 006,541,312 | ---- | M] (Palm Digital Media) -- C:\Users\Sache'\Desktop\eReader.exe
    [2010/11/29 20:44:02 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Users\Sache'\Desktop\GooredFix.exe
    [2010/11/28 22:42:57 | 000,080,384 | ---- | M] () -- C:\Users\Sache'\Desktop\MBRCheck.exe
    [2010/10/07 10:59:54 | 000,359,656 | ---- | M] (Microsoft Corporation) -- C:\Users\Sache'\Desktop\msicuu2.exe
    [2010/11/29 19:10:17 | 002,565,432 | ---- | M] () -- C:\Users\Sache'\Desktop\NTBR_CD.exe
    [2010/11/29 21:31:21 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Sache'\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 15:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/08/03 23:22:16 | 000,000,402 | -HS- | M] () -- C:\Users\Sache'\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2010/04/20 01:13:02 | 000,005,080 | ---- | M] () -- C:\ProgramData\kbkwknay.ayh

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/29 21:31:21 | 000,360,448 | -HS- | M] () -- C:\Users\Sache'\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [1998/09/02 02:46:12 | 000,075,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2010/01/16 18:34:58 | 000,000,000 | ---D | M](C:\Users\Sache'\Favorites\??sorted Bookmarks) -- C:\Users\Sache'\Favorites\ﰠǣsorted Bookmarks

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ECF54A0E
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FE720CE3
    @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995
    @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp:D1B5B4F1

    < End of report >
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
      FF - prefs.js..browser.search.defaulturl: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q="
      FF - prefs.js..browser.search.order.1: "Fast Browser Search"
      [2009/11/04 00:19:34 | 000,005,413 | ---- | M] () -- C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\s earchplugins\fast-browser-search.xml
      [2010/11/28 05:33:13 | 000,001,919 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml
      O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
      O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL File not found
      O15 - HKCU\..Trusted Domains: juno.com ([]* in Trusted sites)
      O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell - "" = AutoRun
      O33 - MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\Shell\AutoRun\command - "" = M:\AutoRun.exe -- File not found
      O33 - MountPoints2\L\Shell\AutoRun\command - "" = L:\autorun.exe -- File not found
      O33 - MountPoints2\L\Shell\phone\command - "" = L:\autorun.exe -- File not found
      O33 - MountPoints2\M\Shell\AutoRun\command - "" = M:\autorun.exe -- File not found
      O33 - MountPoints2\M\Shell\phone\command - "" = M:\autorun.exe -- File not found
      [2010/11/27 15:53:36 | 000,000,000 | ---D | C] -- C:\Users\Sache'\AppData\Roaming\Registry Mechanic
      [1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
      [2010/05/19 05:18:04 | 000,016,384 | ---- | C] () -- C:\Users\Sache'\AppData\Roaming\Windowz.exe
      [2010/04/20 01:13:02 | 000,005,080 | ---- | C] () -- C:\ProgramData\kbkwknay.ayh
      @Alternate Data Stream - 131 bytes -> C:\ProgramData\Temp:ECF54A0E
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:FE720CE3
      @Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A1063995
      @Alternate Data Stream - 104 bytes -> C:\ProgramData\Temp1B5B4F1:D
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. sache16

    sache16 TS Rookie Topic Starter

    All processes killed
    ========== OTL ==========
    Prefs.js: "Fast Browser Search" removed from browser.search.defaultenginename
    Prefs.js: "http://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=19&q=" removed from browser.search.defaulturl
    Prefs.js: "Fast Browser Search" removed from browser.search.order.1
    File C:\Users\Sache'\AppData\Roaming\Mozilla\Firefox\Profiles\ks50in09.default\s earchplugins\fast-browser-search.xml not found.
    C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing-zugo.xml moved successfully.
    64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
    64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\juno.com\ deleted successfully.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ffafabb9-8013-11df-bc5a-0026187a7a71}\ not found.
    File M:\AutoRun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ deleted successfully.
    File L:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\L\ not found.
    File L:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ deleted successfully.
    File M:\autorun.exe not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\M\ not found.
    File M:\autorun.exe not found.
    C:\Users\Sache'\AppData\Roaming\Registry Mechanic folder moved successfully.
    C:\Windows\SysNative\drivers\~GLH0020.TMP deleted successfully.
    C:\Users\Sache'\AppData\Roaming\Windowz.exe moved successfully.
    C:\ProgramData\kbkwknay.ayh moved successfully.
    ADS C:\ProgramData\Temp:ECF54A0E deleted successfully.
    ADS C:\ProgramData\Temp:FE720CE3 deleted successfully.
    ADS C:\ProgramData\Temp:A1063995 deleted successfully.
    Unable to delete ADS C:\ProgramData\Temp1B5B4F1:D .
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Temp folder emptied: 9477406 bytes
    ->Temporary Internet Files folder emptied: 11022235 bytes
    ->Java cache emptied: 20074 bytes
    ->FireFox cache emptied: 97634969 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 4497 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 61112 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 113.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11302010_011932

    Files\Folders moved on Reboot...
    C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...



    Results of screen317's Security Check version 0.99.5
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    HijackThis 2.0.2
    Java(TM) 6 Update 22
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader 9.3.2
    Adobe Reader 9.4.1
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Alwil Software Avast5 AvastSvc.exe
    Alwil Software Avast5 AvastUI.exe
    ````````````````````````````````
    DNS Vulnerability Check:

    Unknown. This method cannot test your vulnerability to DNS cache poisoning. (Wireless connection?)

    ``````````End of Log````````````


    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe a variant of Win32/Kryptik.SH trojan
    C:\Windows\plugincontainers.exe Win32/Packed.Autoit.B.Gen application
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini Win32/Adware.Virtumonde.NEO application
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 Win32/Adware.Virtumonde.NEO application
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini Win32/Adware.Virtumonde.NEO application
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      
      :Services
      
      :Reg
      
      :Files
      C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe 
      C:\Windows\plugincontainers.exe 
      E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini 
      E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 
      E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ======================================================================

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  17. sache16

    sache16 TS Rookie Topic Starter

    the internet is working fine now. i havent had any more problems.
    thanks a whole bunch!

    All processes killed
    ========== OTL ==========
    ========== SERVICES/DRIVERS ==========
    ========== REGISTRY ==========
    ========== FILES ==========
    C:\Program Files (x86)\HP Games\Farm Mania\Farm-WT.exe moved successfully.
    C:\Windows\plugincontainers.exe moved successfully.
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini moved successfully.
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\BcLTCJlm.ini2 moved successfully.
    E:\My Backup -- 09-01-13 1009PM\WINDOWS\system32\uryoeukq.ini moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Temp folder emptied: 454680 bytes
    ->Temporary Internet Files folder emptied: 302762 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 77937180 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 776 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 11956 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 75.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.17.3 log created on 11302010_202809

    Files\Folders moved on Reboot...
    C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...


    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Temp folder emptied: 412179 bytes
    ->Temporary Internet Files folder emptied: 187051 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 3592992 bytes
    ->Apple Safari cache emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 4.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: Sache'
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Restore point Set: OTL Restore Point

    OTL by OldTimer - Version 3.2.17.3 log created on 11302010_205227

    Files\Folders moved on Reboot...
    C:\Users\Sache'\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

    Registry entries deleted on Reboot...
     
  18. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Yes!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...