TechSpot

Google search redirect malware

By Hamerdin
Jan 7, 2011
  1. Hi its happening to me i have been browsing the net in order to find the right answer and decipher thew all the info that everyone has posted and still no luck. I nee help i have win7 32bit also using firefox . i did the MBR check.
    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: P55A-UD3
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 197):
    0x8300D000 \SystemRoot\system32\ntkrnlpa.exe
    0x8341D000 \SystemRoot\system32\halmacpi.dll
    0x80BC2000 \SystemRoot\system32\kdcom.dll
    0x83614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8368C000 \SystemRoot\system32\PSHED.dll
    0x8369D000 \SystemRoot\system32\BOOTVID.dll
    0x836A5000 \SystemRoot\system32\CLFS.SYS
    0x836E7000 \SystemRoot\system32\CI.dll
    0x8C813000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8C884000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8C97C000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8C985000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8C9AB000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8C9F3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8C800000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x83792000 \SystemRoot\system32\DRIVERS\pci.sys
    0x837BC000 \SystemRoot\System32\drivers\partmgr.sys
    0x837CD000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8CA04000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8CA4F000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8CA56000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8CA64000 \SystemRoot\system32\DRIVERS\mv91cons.sys
    0x8CA6D000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8CA83000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8CA8C000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8CAAF000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8CAB8000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8CAEC000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8CC33000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8CD62000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8CD8D000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8CDA0000 \SystemRoot\System32\Drivers\cng.sys
    0x8CC00000 \SystemRoot\System32\drivers\pcw.sys
    0x8CC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8CAFD000 \SystemRoot\system32\drivers\ndis.sys
    0x8CBB4000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8CE33000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8CE58000 \SystemRoot\System32\drivers\tcpip.sys
    0x8CFA1000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8CFD2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8D003000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8D042000 \SystemRoot\System32\Drivers\spldr.sys
    0x8D04A000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8D077000 \SystemRoot\System32\Drivers\mup.sys
    0x8D087000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8D08F000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8D0C1000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8D0D2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8D129000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8D148000 \SystemRoot\System32\Drivers\Null.SYS
    0x8D14F000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8D156000 \SystemRoot\System32\drivers\vga.sys
    0x8D162000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8D183000 \SystemRoot\System32\drivers\watchdog.sys
    0x8D190000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8D198000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8D1A0000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8D1A8000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8D1B3000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8D1C1000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8D1D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8C892000 \SystemRoot\system32\drivers\afd.sys
    0x8CE00000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8D1E3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8CFDB000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8D1EA000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8CC17000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8C8EC000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8C8FF000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8C90F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8CBF2000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8C950000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C95A000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
    0x837DD000 \SystemRoot\System32\drivers\discache.sys
    0x92627000 \SystemRoot\system32\drivers\csc.sys
    0x9268B000 \SystemRoot\System32\Drivers\dfsc.sys
    0x926A3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x926B1000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x926D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x926E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x926EF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x9273A000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x92749000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92768000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x9279A000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    0x927BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x927BE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x9303D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x92A09000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x92AC0000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x92AF9000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x92B04000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x92B0E000 \SystemRoot\system32\DRIVERS\parport.sys
    0x92B26000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x92B2C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x92B39000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x92B4B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x92B63000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x92B6E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x92B90000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x92BA8000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x92BBF000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x92BD6000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x92BE2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x92BEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x9357E000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x92BF9000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x93000000 \SystemRoot\system32\DRIVERS\ks.sys
    0x92BFB000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x9358B000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x93599000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x935DD000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
    0x935EB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x927E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x82009000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x822AC000 \SystemRoot\system32\drivers\portcls.sys
    0x822DB000 \SystemRoot\system32\drivers\drmk.sys
    0x822F4000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x82620000 \SystemRoot\System32\win32k.sys
    0x82311000 \SystemRoot\System32\drivers\Dxapi.sys
    0x8231B000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x82880000 \SystemRoot\System32\TSDDD.dll
    0x828B0000 \SystemRoot\System32\ATMFD.DLL
    0x82900000 \SystemRoot\System32\cdd.dll
    0x82326000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x8233D000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x82348000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x8235B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x82362000 \SystemRoot\system32\drivers\luafv.sys
    0x8237D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x82389000 \SystemRoot\system32\drivers\WudfPf.sys
    0x823A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x823AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x823CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x823DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x9963B000 \SystemRoot\system32\drivers\HTTP.sys
    0x996C0000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x996D9000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x996EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x9970E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x99749000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x99764000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0x9B222000 \SystemRoot\system32\drivers\peauth.sys
    0x9B2B9000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9B2C3000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9B2E4000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9B35B000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9B3AA000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x9976B000 \SystemRoot\System32\DRIVERS\srv.sys
    0x9B3EA000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x9B200000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x9B20B000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x997BC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x997CD000 \SystemRoot\System32\drivers\rdpdr.sys
    0x9B214000 \SystemRoot\system32\drivers\tdtcp.sys
    0x997F2000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x99600000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x9B21E000 \SystemRoot\system32\drivers\LGVirHid.sys
    0x77960000 \Windows\System32\ntdll.dll
    0x47CD0000 \Windows\System32\smss.exe
    0x77BA0000 \Windows\System32\apisetschema.dll
    0x00DB0000 \Windows\System32\autochk.exe
    0x77B80000 \Windows\System32\nsi.dll
    0x77B60000 \Windows\System32\sechost.dll
    0x77B40000 \Windows\System32\imm32.dll
    0x77890000 \Windows\System32\msctf.dll
    0x77AC0000 \Windows\System32\comdlg32.dll
    0x77690000 \Windows\System32\iertutil.dll
    0x77AB0000 \Windows\System32\psapi.dll
    0x77590000 \Windows\System32\wininet.dll
    0x77530000 \Windows\System32\difxapi.dll
    0x77480000 \Windows\System32\rpcrt4.dll
    0x77340000 \Windows\System32\urlmon.dll
    0x77310000 \Windows\System32\imagehlp.dll
    0x77AA0000 \Windows\System32\lpk.dll
    0x77230000 \Windows\System32\kernel32.dll
    0x77160000 \Windows\System32\user32.dll
    0x77110000 \Windows\System32\gdi32.dll
    0x77060000 \Windows\System32\msvcrt.dll
    0x77020000 \Windows\System32\ws2_32.dll
    0x76EC0000 \Windows\System32\ole32.dll
    0x76270000 \Windows\System32\shell32.dll
    0x760D0000 \Windows\System32\setupapi.dll
    0x76030000 \Windows\System32\advapi32.dll
    0x75F90000 \Windows\System32\usp10.dll
    0x75F30000 \Windows\System32\shlwapi.dll
    0x75EE0000 \Windows\System32\Wldap32.dll
    0x75ED0000 \Windows\System32\normaliz.dll
    0x75E40000 \Windows\System32\clbcatq.dll
    0x75DB0000 \Windows\System32\oleaut32.dll
    0x75C90000 \Windows\System32\crypt32.dll
    0x75C60000 \Windows\System32\cfgmgr32.dll
    0x75C30000 \Windows\System32\wintrust.dll
    0x75C10000 \Windows\System32\devobj.dll
    0x75BC0000 \Windows\System32\KernelBase.dll
    0x75B30000 \Windows\System32\comctl32.dll
    0x75B20000 \Windows\System32\msasn1.dll

    Processes (total 51):
    0 System Idle Process
    4 System
    316 C:\Windows\System32\smss.exe
    460 csrss.exe
    532 C:\Windows\System32\wininit.exe
    540 csrss.exe
    584 C:\Windows\System32\services.exe
    592 C:\Windows\System32\lsass.exe
    600 C:\Windows\System32\lsm.exe
    704 C:\Windows\System32\svchost.exe
    784 C:\Windows\System32\winlogon.exe
    836 C:\Windows\System32\svchost.exe
    920 C:\Windows\System32\svchost.exe
    976 C:\Windows\System32\svchost.exe
    1024 C:\Windows\System32\svchost.exe
    1108 C:\Windows\System32\audiodg.exe
    1168 C:\Windows\System32\svchost.exe
    1268 WUDFHost.exe
    1320 WUDFHost.exe
    1396 C:\Windows\System32\svchost.exe
    1516 C:\Windows\System32\spoolsv.exe
    1544 C:\Windows\System32\svchost.exe
    1660 C:\Windows\System32\svchost.exe
    1768 C:\Windows\System32\svchost.exe
    2116 C:\Windows\System32\dwm.exe
    2124 C:\Windows\System32\taskhost.exe
    2260 C:\Windows\explorer.exe
    2460 C:\Windows\SOUNDMAN.EXE
    2488 C:\Windows\System32\svchost.exe
    2540 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2592 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    2648 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    2716 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    2744 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    2772 C:\Windows\System32\rundll32.exe
    2788 C:\Program Files\Steam\steam.exe
    2968 C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
    3160 C:\Windows\System32\SearchIndexer.exe
    3268 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3580 C:\Windows\System32\svchost.exe
    4068 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    2372 C:\Program Files\Windows Media Player\wmplayer.exe
    3328 taskhost.exe
    3256 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3892 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    1656 C:\Windows\System32\svchost.exe
    3916 C:\Windows\System32\wuauclt.exe
    2444 C:\Program Files\Mozilla Firefox\firefox.exe
    3572 C:\Users\Darmentle\Desktop\mal\MBRCheck.exe
    2080 C:\Windows\System32\conhost.exe
    404 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2000BB-22RDA0, Rev: 20.00K20

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ------------------------------------------------------------------------------------------------------
    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5363

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    1/7/2011 7:42:33 PM
    mbam-log-2011-01-07 (19-42-33).txt

    Scan type: Quick scan
    Objects scanned: 143932
    Time elapsed: 4 minute(s), 0 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    -----------------------------------------------------------------------------------------------------------------------------------------------------------------
    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2011-01-07 20:20:59
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2000BB-22RDA0 rev.20.00K20
    Running: 7yeu6h2f.exe; Driver: C:\Users\DARMEN~1\AppData\Local\Temp\pfkiifog.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0x8CD31F68]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0x8CD32230]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateUserProcess [0x8CD3252C]
    SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0x8CD319D8]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83088599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830ACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 32C 830B483C 8 Bytes [68, 1F, D3, 8C, 30, 22, D3, ...]
    .text ntkrnlpa.exe!RtlSidHashLookup + 364 830B4874 4 Bytes [2C, 25, D3, 8C]
    .text ntkrnlpa.exe!RtlSidHashLookup + 7B8 830B4CC8 4 Bytes [D8, 19, D3, 8C]
    ? system32\drivers\PCTCore.sys The system cannot find the path specified. !
    ? system32\drivers\pctDS.sys The system cannot find the path specified. !
    ? system32\drivers\pctEFA.sys The system cannot find the path specified. !
    .text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x93422000, 0x2D1F8A, 0xE8000020]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74862494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74845624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7486250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74858573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74854D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74858819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7485907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7485E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74854C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

    Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

    ---- EOF - GMER 1.0.15 ----
    ----------------------------------------------------------------------------------------------------
    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Darmentle at 20:27:44.84 on Fri 01/07/2011
    Internet Explorer: 8.0.7600.16385
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.2367 [GMT -8:00]

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\wuauclt.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Darmentle\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.google.com/
    uURLSearchHooks: H - No File
    BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    uRun: [PlayNC Launcher]
    uRun: [fxCommonInit] rundll32.exe "c:\users\darmentle\appdata\local\acroauthenticationsnap\fxCommonInit.dll",CdMouseOffice tapiWISupport
    uRun: [Steam] "c:\program files\steam\steam.exe" -silent
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
    mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
    mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
    mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\darmen~1\appdata\roaming\mozilla\firefox\profiles\j0j6bb43.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}

    ============= SERVICES / DRIVERS ===============

    R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-9 20008]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 5188096]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 125440]
    R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
    R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
    R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-9-25 56576]
    R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-9-25 138240]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 189440]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]

    =============== Created Last 30 ================

    2011-01-08 03:38:22 -------- d-----w- c:\users\darmen~1\appdata\roaming\Malwarebytes
    2011-01-08 03:38:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-08 03:38:17 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-08 03:38:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-08 03:38:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 02:16:34 -------- d-----w- C:\New folder (2)
    2011-01-08 02:16:33 -------- d-----w- C:\New folder
    2011-01-05 05:28:17 -------- d-----w- c:\program files\PC Tools Security
    2011-01-05 05:28:17 -------- d-----w- c:\program files\common files\PC Tools
    2011-01-05 03:52:22 -------- d-----w- c:\users\darmen~1\appdata\local\Activision
    2010-12-31 21:59:31 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5150af31-9583-4545-a2de-21c9390a1f2f}\mpengine.dll
    2010-12-31 21:55:27 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-11 17:03:59 -------- d-----w- c:\users\darmen~1\appdata\local\AcroAuthenticationSnap

    ==================== Find3M ====================

    2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
    2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
    2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    ============= FINISH: 20:27:57.94 ===============

    I hope i did this the way it needs to go.
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    Do NOT attach any logs.
    All logs have to be pasted.
    Paste Attach.txt into your next reply.

    Also. MBRCheck log is incomplete.
    Please, redo.

    I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
    Update, run full scan, report on any findings.
     
  3. Hamerdin

    Hamerdin TS Rookie Topic Starter

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/24/2009 8:44:50 PM
    System Uptime: 1/7/2011 12:12:21 PM (8 hours ago)

    Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
    Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | Socket 1156 | 2794/133mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 186 GiB total, 67.488 GiB free.
    D: is CDROM (UDF)
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
    Description: Logitech GamePanel Devices (QVGA)
    Device ID: ROOT\SIDESHOW\0000
    Manufacturer: Logitech Inc
    Name: Logitech GamePanel Devices (QVGA)
    PNP Device ID: ROOT\SIDESHOW\0000
    Service: WUDFRd

    Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
    Description: Logitech GamePanel Devices (Mono)
    Device ID: ROOT\SIDESHOW\0001
    Manufacturer: Logitech Inc
    Name: Logitech GamePanel Devices (Mono)
    PNP Device ID: ROOT\SIDESHOW\0001
    Service: WUDFRd

    ==== System Restore Points ===================

    RP142: 1/4/2011 7:29:29 PM - Installed Steam
    RP143: 1/4/2011 9:32:21 PM - Spyware Doctor: Cleaning Threats

    ==== Installed Programs ======================

    Acrobat.com
    Adobe After Effects CS4
    Adobe After Effects CS4 Presets
    Adobe After Effects CS4 Third Party Content
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles AE CS4
    Adobe Color Video Profiles CS CS4
    Adobe Creative Suite 4 Master Collection
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Dynamiclink Support
    Adobe Encore CS4 Codecs
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe InDesign CS4
    Adobe InDesign CS4 Application Feature Set Files (Roman)
    Adobe InDesign CS4 Common Base Files
    Adobe InDesign CS4 Icon Handler
    Adobe Linguistics CS4
    Adobe Media Encoder CS4
    Adobe Media Encoder CS4 Additional Exporter
    Adobe Media Encoder CS4 Dolby
    Adobe Media Encoder CS4 Exporter
    Adobe Media Encoder CS4 Importer
    Adobe MotionPicture Color Files CS4
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Premiere Pro CS4
    Adobe Premiere Pro CS4 Functional Content
    Adobe Premiere Pro CS4 Third Party Content
    Adobe Reader 9.3
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe SGM CS4
    Adobe Shockwave Player 11
    Adobe SING CS4
    Adobe Soundbooth CS4 Codecs
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    AMD DnD V1.0.19
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    ATI Catalyst Registration
    ATI Problem Report Wizard
    Battlefield: Bad Company™ 2
    Call of Duty: Black Ops
    Call of Duty: Black Ops - Multiplayer
    Camtasia Studio 7
    Catalyst Control Center - Branding
    Catalyst Control Center Core Implementation
    Catalyst Control Center Graphics Full Existing
    Catalyst Control Center Graphics Full New
    Catalyst Control Center Graphics Light
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center HydraVision Full
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Connect
    ConvertXtoDVD 3.5.2.137
    Curse Client
    Diablo II
    Fraps (remove only)
    HydraVision
    ImagXpress
    Internet Download Manager
    iTunes
    kuler
    League of Legends
    Logitech GamePanel Software 3.06.109
    Malwarebytes' Anti-Malware
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ Run Time Lib Setup
    MicroVolts
    Mozilla Firefox (3.5.16)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NavyFIELD NorthAmerica
    NCsoft Launcher
    NEC Electronics USB 3.0 Host Controller Driver
    neroxml
    NVIDIA PhysX
    PDF Settings CS4
    Photoshop Camera Raw
    Power Commander Control Center 3.2.0 (Test Build 1)
    PunkBuster Services
    QuickTime
    Realtek AC'97 Audio
    Realtek Ethernet Controller Driver For Windows Vista and Later
    Realtek High Definition Audio Driver
    Steam
    Suite Shared Configuration CS4
    TeamSpeak 2 RC2
    TeamSpeak 3 Client
    TmNationsForever
    UltraISO Premium V9.35
    Ventrilo Client
    Windows Media Player Firefox Plugin
    Windows Movie Maker 2.6
    WinRAR archiver
    World of Warcraft
    Xfire (remove only)
    Yoshimura EMS

    ==== Event Viewer Messages From Past Week ========

    1/7/2011 8:21:55 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    1/7/2011 8:21:55 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    1/7/2011 8:21:55 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    1/7/2011 12:12:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
    1/7/2011 12:12:23 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
    1/4/2011 7:25:16 PM, Error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.

    ==== End Of File ===========================


    I just installed Avira anti virus going to scan now. said a virus or unwanted program has been found (TR/ATRAPS.Gen2)

    C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap\fxCommonInit.dll
    [WARNING] The file could not be copied to quarantine!
    C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap\fxCommonInit.dll
    [WARNING] The file could not be deleted!


    Avira AntiVir Personal
    Report file date: Saturday, January 08, 2011 09:07

    Scanning for 2336006 virus strains and unwanted programs.

    The program is running as an unrestricted full version.
    Online services are available:

    Licensee : Avira AntiVir Personal - FREE Antivirus
    Serial number : 0000149996-ADJIE-0000001
    Platform : Windows 7
    Windows version : (plain) [6.1.7600]
    Boot mode : Normally booted
    Username : Darmentle
    Computer name : THEDESTROYER-PC

    Version information:
    BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
    AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
    AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
    LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
    LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
    VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
    VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:38:01
    VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 05:38:01
    VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 05:38:02
    VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 05:38:02
    VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 05:38:02
    VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 05:38:02
    VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 05:38:02
    VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 05:38:03
    VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 05:38:03
    VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 05:38:03
    VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 05:38:03
    VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 05:38:03
    VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 05:38:06
    VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 05:38:08
    VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 05:38:08
    VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 05:38:09
    VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 05:38:09
    VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 05:38:11
    VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 05:38:12
    VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 05:38:12
    VBASE021.VDF : 7.11.1.38 2048 Bytes 1/7/2011 05:38:13
    VBASE022.VDF : 7.11.1.39 2048 Bytes 1/7/2011 05:38:13
    VBASE023.VDF : 7.11.1.40 2048 Bytes 1/7/2011 05:38:13
    VBASE024.VDF : 7.11.1.41 2048 Bytes 1/7/2011 05:38:13
    VBASE025.VDF : 7.11.1.42 2048 Bytes 1/7/2011 05:38:13
    VBASE026.VDF : 7.11.1.43 2048 Bytes 1/7/2011 05:38:14
    VBASE027.VDF : 7.11.1.44 2048 Bytes 1/7/2011 05:38:14
    VBASE028.VDF : 7.11.1.45 2048 Bytes 1/7/2011 05:38:14
    VBASE029.VDF : 7.11.1.46 2048 Bytes 1/7/2011 05:38:14
    VBASE030.VDF : 7.11.1.47 2048 Bytes 1/7/2011 05:38:14
    VBASE031.VDF : 7.11.1.57 58368 Bytes 1/7/2011 05:38:15
    Engineversion : 8.2.4.140
    AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
    AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/8/2011 05:38:24
    AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
    AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
    AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
    AEPACK.DLL : 8.2.4.7 512375 Bytes 1/8/2011 05:38:22
    AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 16:39:49
    AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/8/2011 05:38:21
    AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42
    AEGEN.DLL : 8.1.5.1 397683 Bytes 1/8/2011 05:38:16
    AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
    AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 16:39:41
    AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
    AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
    AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
    AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
    AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
    AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
    AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
    AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
    SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
    AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
    NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
    RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
    RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

    Configuration settings for the scan:
    Jobname.............................: Local Drives
    Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
    Logging.............................: low
    Primary action......................: interactive
    Secondary action....................: ignore
    Scan master boot sector.............: on
    Scan boot sector....................: on
    Boot sectors........................: C:, A:, D:, E:,
    Process scan........................: on
    Scan registry.......................: on
    Search for rootkits.................: off
    Integrity checking of system files..: off
    Scan all files......................: Intelligent file selection
    Scan archives.......................: on
    Recursion depth.....................: 20
    Smart extensions....................: on
    Macro heuristic.....................: on
    File heuristic......................: medium

    Start of the scan: Saturday, January 08, 2011 09:07

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Module(s) have been scanned
    Scan process 'avcenter.exe' - '1' Module(s) have been scanned
    Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
    Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'taskhost.exe' - '1' Module(s) have been scanned
    Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
    Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
    Scan process 'WMPSideShowGadget.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'LCDSirReal.exe' - '1' Module(s) have been scanned
    Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
    Scan process 'avgnt.exe' - '1' Module(s) have been scanned
    Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
    Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
    Scan process 'LGDevAgt.exe' - '1' Module(s) have been scanned
    Scan process 'conhost.exe' - '1' Module(s) have been scanned
    Scan process 'avshadow.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'avguard.exe' - '1' Module(s) have been scanned
    Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned
    Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
    Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
    Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
    Scan process 'Dwm.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'taskhost.exe' - '1' Module(s) have been scanned
    Scan process 'sched.exe' - '1' Module(s) have been scanned
    Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'svchost.exe' - '1' Module(s) have been scanned
    Scan process 'winlogon.exe' - '1' Module(s) have been scanned
    Scan process 'lsm.exe' - '1' Module(s) have been scanned
    Scan process 'lsass.exe' - '1' Module(s) have been scanned
    Scan process 'services.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'wininit.exe' - '1' Module(s) have been scanned
    Scan process 'csrss.exe' - '1' Module(s) have been scanned
    Scan process 'smss.exe' - '1' Module(s) have been scanned

    Starting master boot sector scan:
    Master boot sector HD0
    [INFO] No virus was found!

    Start scanning boot sectors:
    Boot sector 'C:\'
    [INFO] No virus was found!
    Boot sector 'A:\'
    [INFO] In the drive 'A:\' no data medium is inserted!

    Starting to scan executable files (registry).
    The registry was scanned ( '400' files ).


    Starting the file scan:

    Begin scan in 'C:\'
    C:\Program Files\City of Heroes\doublefusion\cache\data\generic_tech_wall_128_512\A48A936E.dll
    [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
    C:\Users\Darmentle\Documents\Downloads\Compressed\Gold_Wave_Editor_Pro_10.5.2.By.VICTORIOUS.rar
    [0] Archive type: RAR
    [DETECTION] Contains code of the W32/Induc.A Windows virus
    --> Gold Wave Editor Pro 10.5.2\GoldWaveEditorPro.exe
    [DETECTION] Contains code of the W32/Induc.A Windows virus
    C:\Users\Darmentle\Downloads\Internet_Download_ManagerVer.5.15.Build.05.rar
    [0] Archive type: RAR
    [DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
    --> Ver.5.15.Build.05\Patch 5.xx (2008-12-06).exe
    [DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
    Begin scan in 'A:\'
    Search path A:\ could not be opened!
    System error [21]: The device is not ready.
    Begin scan in 'D:\' <BLACK_OPS>
    Begin scan in 'E:\'
    Search path E:\ could not be opened!
    System error [21]: The device is not ready.

    Beginning disinfection:
    C:\Users\Darmentle\Downloads\Internet_Download_ManagerVer.5.15.Build.05.rar
    [DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
    [NOTE] The file was moved to the quarantine directory under the name '4918144e.qua'.
    C:\Users\Darmentle\Documents\Downloads\Compressed\Gold_Wave_Editor_Pro_10.5.2.By.VICTORIOUS.rar
    [DETECTION] Contains code of the W32/Induc.A Windows virus
    [NOTE] The file was moved to the quarantine directory under the name '51873bea.qua'.
    C:\Program Files\City of Heroes\doublefusion\cache\data\generic_tech_wall_128_512\A48A936E.dll
    [DETECTION] Is the TR/Crypt.TPM.Gen Trojan
    [NOTE] The file was moved to the quarantine directory under the name '032c614f.qua'.


    End of the scan: Saturday, January 08, 2011 10:44
    Used time: 52:19 Minute(s)

    The scan has been done completely.

    21307 Scanned directories
    652709 Files were scanned
    3 Viruses and/or unwanted programs were found
    0 Files were classified as suspicious
    0 files were deleted
    0 Viruses and unwanted programs were repaired
    3 Files were moved to quarantine
    0 Files were renamed
    0 Files cannot be scanned
    652706 Files not concerned
    2495 Archives were scanned
    0 Warnings
    3 Notes
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    MBRCheck log is still missing.
    Yours was incomplete.
     
  5. Hamerdin

    Hamerdin TS Rookie Topic Starter

    I ran the mbr check and this is what it put on my desktop

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Base Board Manufacturer: Gigabyte Technology Co., Ltd.
    BIOS Manufacturer: Award Software International, Inc.
    System Manufacturer: Gigabyte Technology Co., Ltd.
    System Product Name: P55A-UD3
    Logical Drives Mask: 0x0000001d

    Kernel Drivers (total 200):
    0x8303C000 \SystemRoot\system32\ntkrnlpa.exe
    0x83005000 \SystemRoot\system32\halmacpi.dll
    0x80BCA000 \SystemRoot\system32\kdcom.dll
    0x83606000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8367E000 \SystemRoot\system32\PSHED.dll
    0x8368F000 \SystemRoot\system32\BOOTVID.dll
    0x83697000 \SystemRoot\system32\CLFS.SYS
    0x836D9000 \SystemRoot\system32\CI.dll
    0x83784000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x8C822000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x8C91A000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x8C923000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x8C949000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8C991000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8C999000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x8C9A4000 \SystemRoot\system32\DRIVERS\pci.sys
    0x8C9CE000 \SystemRoot\System32\drivers\partmgr.sys
    0x8C9DF000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x8CA12000 \SystemRoot\System32\drivers\volmgrx.sys
    0x8CA5D000 \SystemRoot\system32\DRIVERS\pciide.sys
    0x8CA64000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x8CA72000 \SystemRoot\system32\DRIVERS\mv91cons.sys
    0x8CA7B000 \SystemRoot\System32\drivers\mountmgr.sys
    0x8CA91000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x8CA9A000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x8CABD000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x8CAC6000 \SystemRoot\system32\drivers\fltmgr.sys
    0x8CAFA000 \SystemRoot\system32\drivers\fileinfo.sys
    0x8CC39000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x8CD68000 \SystemRoot\System32\Drivers\msrpc.sys
    0x8CD93000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x8CB0B000 \SystemRoot\System32\Drivers\cng.sys
    0x8CDA6000 \SystemRoot\System32\drivers\pcw.sys
    0x8CDB4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x8CE16000 \SystemRoot\system32\drivers\ndis.sys
    0x8CECD000 \SystemRoot\system32\drivers\NETIO.SYS
    0x8CF0B000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x8D030000 \SystemRoot\System32\drivers\tcpip.sys
    0x8D179000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x8D1AA000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x8D1B3000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x8D1F2000 \SystemRoot\System32\Drivers\spldr.sys
    0x8D000000 \SystemRoot\System32\drivers\rdyboost.sys
    0x8CF30000 \SystemRoot\System32\Drivers\mup.sys
    0x8CF40000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x8CF48000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x8CF7A000 \SystemRoot\system32\DRIVERS\disk.sys
    0x8CF8B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x8CDBD000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x8CFE2000 \SystemRoot\System32\Drivers\Null.SYS
    0x8CFE9000 \SystemRoot\System32\Drivers\Beep.SYS
    0x8CFF0000 \SystemRoot\System32\drivers\vga.sys
    0x8CDDC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x8CE00000 \SystemRoot\System32\drivers\watchdog.sys
    0x8CE0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x8CC10000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x8CC1B000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x8CB68000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x8CC29000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x8CB7F000 \SystemRoot\system32\drivers\afd.sys
    0x8C830000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x8CBD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x8CBE0000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x8CA00000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x8C862000 \SystemRoot\system32\DRIVERS\serial.sys
    0x8C87C000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x8C88F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x8D1FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x8C89F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x8C8E0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x8C8EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x8C8F4000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
    0x8C90B000 \SystemRoot\System32\drivers\discache.sys
    0x9221F000 \SystemRoot\system32\drivers\csc.sys
    0x92283000 \SystemRoot\System32\Drivers\dfsc.sys
    0x9229B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x922A9000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x922CF000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x922F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x92302000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x9230D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x92358000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x92367000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x92386000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
    0x923B8000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
    0x923DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x923DC000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x9262F000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x93006000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x930BD000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x930F6000 \SystemRoot\system32\DRIVERS\fdc.sys
    0x93101000 \SystemRoot\system32\DRIVERS\serenum.sys
    0x9310B000 \SystemRoot\system32\DRIVERS\parport.sys
    0x93123000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
    0x93129000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x93136000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x93148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x93160000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x9316B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x9318D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x931A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x931BC000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x931D3000 \SystemRoot\System32\Drivers\pcouffin.sys
    0x931DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x931E9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x92B70000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x931F6000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x92BBF000 \SystemRoot\system32\DRIVERS\ks.sys
    0x931F8000 \SystemRoot\system32\drivers\LGBusEnum.sys
    0x92600000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x97836000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x9787A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
    0x97888000 \SystemRoot\system32\DRIVERS\flpydisk.sys
    0x97892000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x81E35000 \SystemRoot\system32\drivers\RTKVHDA.sys
    0x820D8000 \SystemRoot\system32\drivers\portcls.sys
    0x82107000 \SystemRoot\system32\drivers\drmk.sys
    0x82120000 \SystemRoot\system32\drivers\AtiHdmi.sys
    0x82750000 \SystemRoot\System32\win32k.sys
    0x8213D000 \SystemRoot\System32\drivers\Dxapi.sys
    0x82147000 \SystemRoot\system32\DRIVERS\udfs.sys
    0x82187000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x82194000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8219F000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x821A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x821B9000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x829B0000 \SystemRoot\System32\TSDDD.dll
    0x82600000 \SystemRoot\System32\ATMFD.DLL
    0x82650000 \SystemRoot\System32\cdd.dll
    0x821C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x821DB000 \SystemRoot\system32\DRIVERS\hidusb.sys
    0x821E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x821F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x81E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
    0x81E0C000 \SystemRoot\system32\drivers\luafv.sys
    0x978A3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x978B8000 \SystemRoot\system32\drivers\WudfPf.sys
    0x81E27000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x978D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
    0x978F3000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x97903000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x97916000 \SystemRoot\system32\drivers\HTTP.sys
    0x9799B000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x979B4000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x979C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x92B7D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x97800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x9781B000 \SystemRoot\system32\DRIVERS\parvdm.sys
    0x9A424000 \SystemRoot\system32\drivers\peauth.sys
    0x9A4BB000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x9A4C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x9A4E6000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x9A4F3000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x9A542000 \SystemRoot\System32\DRIVERS\srv.sys
    0x8CFB0000 \SystemRoot\System32\drivers\rdpdr.sys
    0x9A400000 \SystemRoot\system32\drivers\tdtcp.sys
    0x9A40A000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x9EA2B000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x9EA5C000 \SystemRoot\system32\drivers\LGVirHid.sys
    0x77100000 \Windows\System32\ntdll.dll
    0x477F0000 \Windows\System32\smss.exe
    0x77340000 \Windows\System32\apisetschema.dll
    0x00C60000 \Windows\System32\autochk.exe
    0x77260000 \Windows\System32\user32.dll
    0x770B0000 \Windows\System32\Wldap32.dll
    0x77020000 \Windows\System32\clbcatq.dll
    0x76FC0000 \Windows\System32\shlwapi.dll
    0x76EC0000 \Windows\System32\wininet.dll
    0x76CC0000 \Windows\System32\iertutil.dll
    0x77250000 \Windows\System32\normaliz.dll
    0x76C30000 \Windows\System32\oleaut32.dll
    0x75FE0000 \Windows\System32\shell32.dll
    0x75F30000 \Windows\System32\rpcrt4.dll
    0x75EE0000 \Windows\System32\gdi32.dll
    0x75E30000 \Windows\System32\msvcrt.dll
    0x75E10000 \Windows\System32\sechost.dll
    0x77240000 \Windows\System32\lpk.dll
    0x75DE0000 \Windows\System32\imagehlp.dll
    0x75D40000 \Windows\System32\advapi32.dll
    0x75BE0000 \Windows\System32\ole32.dll
    0x75B80000 \Windows\System32\difxapi.dll
    0x75B70000 \Windows\System32\nsi.dll
    0x75AF0000 \Windows\System32\comdlg32.dll
    0x75950000 \Windows\System32\setupapi.dll
    0x75880000 \Windows\System32\msctf.dll
    0x75840000 \Windows\System32\ws2_32.dll
    0x75830000 \Windows\System32\psapi.dll
    0x75750000 \Windows\System32\kernel32.dll
    0x75730000 \Windows\System32\imm32.dll
    0x75690000 \Windows\System32\usp10.dll
    0x75550000 \Windows\System32\urlmon.dll
    0x75520000 \Windows\System32\cfgmgr32.dll
    0x75490000 \Windows\System32\comctl32.dll
    0x75470000 \Windows\System32\devobj.dll
    0x75350000 \Windows\System32\crypt32.dll
    0x75300000 \Windows\System32\KernelBase.dll
    0x752D0000 \Windows\System32\wintrust.dll
    0x752C0000 \Windows\System32\msasn1.dll

    Processes (total 52):
    0 System Idle Process
    4 System
    320 C:\Windows\System32\smss.exe
    464 csrss.exe
    536 C:\Windows\System32\wininit.exe
    544 csrss.exe
    588 C:\Windows\System32\services.exe
    596 C:\Windows\System32\lsass.exe
    604 C:\Windows\System32\lsm.exe
    708 C:\Windows\System32\svchost.exe
    768 C:\Windows\System32\winlogon.exe
    872 C:\Windows\System32\svchost.exe
    960 C:\Windows\System32\svchost.exe
    1012 C:\Windows\System32\svchost.exe
    1068 C:\Windows\System32\svchost.exe
    1152 C:\Windows\System32\audiodg.exe
    1212 C:\Windows\System32\svchost.exe
    1320 WUDFHost.exe
    1380 WUDFHost.exe
    1440 C:\Windows\System32\svchost.exe
    1556 C:\Windows\System32\spoolsv.exe
    1584 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1604 C:\Windows\System32\svchost.exe
    1732 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    1776 C:\Windows\System32\svchost.exe
    1864 C:\Windows\System32\svchost.exe
    1964 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    2012 C:\Windows\System32\conhost.exe
    2136 C:\Windows\System32\dwm.exe
    2144 C:\Windows\System32\taskhost.exe
    2240 C:\Windows\explorer.exe
    2420 C:\Windows\SOUNDMAN.EXE
    2808 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    2848 C:\Windows\System32\svchost.exe
    2872 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    2976 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    3012 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    3088 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    3260 C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
    3364 C:\Windows\System32\SearchIndexer.exe
    3600 C:\Program Files\Windows Media Player\wmpnetwk.exe
    4092 C:\Windows\System32\svchost.exe
    2692 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
    1024 C:\Program Files\Windows Media Player\wmplayer.exe
    3488 taskhost.exe
    892 C:\Windows\System32\svchost.exe
    216 C:\Windows\System32\wuauclt.exe
    1292 C:\Program Files\Steam\steam.exe
    240 C:\Program Files\Mozilla Firefox\firefox.exe
    3684 C:\Windows\System32\dllhost.exe
    3132 C:\Users\Darmentle\Desktop\mal\MBRCheck.exe
    3100 C:\Windows\System32\conhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD2000BB-22RDA0, Rev: 20.00K20

    Size Device Name MBR Status
    --------------------------------------------
    186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  7. Hamerdin

    Hamerdin TS Rookie Topic Starter

    Does this look right

    ComboFix 11-01-08.05 - Darmentle 01/09/2011 13:49:53.1.8 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.2775 [GMT -8:00]
    Running from: c:\users\Darmentle\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\install.exe
    c:\users\Darmentle\AppData\Roaming\.#
    c:\users\Darmentle\AppData\Roaming\inst.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
    .

    2011-01-09 21:54 . 2011-01-09 21:54 -------- d-----w- c:\users\Darmentle\AppData\Local\temp
    2011-01-09 21:54 . 2011-01-09 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\users\Darmentle\AppData\Roaming\Malwarebytes
    2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-08 03:38 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-08 03:38 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-08 02:16 . 2011-01-08 02:16 -------- d-----w- C:\New folder (2)
    2011-01-08 02:16 . 2011-01-08 02:16 -------- d-----w- C:\New folder
    2011-01-05 05:26 . 2011-01-08 04:35 -------- d-----w- c:\program files\Google
    2011-01-05 03:52 . 2011-01-05 03:52 -------- d--h--w- c:\users\Darmentle\AppData\Local\Activision
    2010-12-31 21:59 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5150AF31-9583-4545-A2DE-21C9390A1F2F}\mpengine.dll
    2010-12-31 21:55 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\programdata\Logitech
    2010-12-11 17:03 . 2011-01-08 16:55 -------- d--h--w- c:\users\Darmentle\AppData\Local\AcroAuthenticationSnap

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-19 18:41 . 2009-12-25 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMan"="SOUNDMAN.EXE" [2009-12-25 604704]
    "ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
    "Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
    "Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
    "Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKLM\~\startupfolder\C:^Users^Darmentle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
    path=c:\users\Darmentle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
    backup=c:\windows\pss\CurseClientStartup.ccip.Startup
    backupExtension=.Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
    2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
    2010-08-03 17:43 1809992 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
    2010-08-03 18:05 358472 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2011-01-05 03:29 1242448 ----a-w- c:\program files\Steam\steam.exe

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-19 685816]
    R3 XDva363;XDva363;c:\windows\system32\XDva363.sys [x]
    R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
    S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 20008]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
    S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
    S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
    S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 56576]
    S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 138240]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    FF - ProfilePath - c:\users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-PlayNC Launcher - (no file)
    MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
    MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
    MSConfigStartUp-MRUTray - c:\program files\Marvell\raid\tray\MarvellTray.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-2876254613-464567395-228984483-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):19,8e,27,d0,bb,ad,82,b1,e6,98,33,cd,19,8b,b1,12,75,fe,39,7f,74,
    1c,84,2e,40,76,7c,da,26,c9,6d,db,80,19,a4,23,6e,53,ae,35,00,00,00,00,00,00,\

    [HKEY_USERS\S-1-5-21-2876254613-464567395-228984483-1002_Classes\CLSID\{e9856be6-9fd7-4393-8031-746e3b652062}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000063
    "Therad"=dword:00000015
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-09 13:55:51
    ComboFix-quarantined-files.txt 2011-01-09 21:55

    Pre-Run: 73,828,401,152 bytes free
    Post-Run: 73,734,180,864 bytes free

    - - End Of File - - 6556218B3A4244FF8D780670C96D3DBD
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Combofix look good now...

    How is redirection?

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  9. Hamerdin

    Hamerdin TS Rookie Topic Starter

    OTL Extras logfile created on: 1/9/2011 2:34:15 PM - Run 1
    OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Darmentle\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
    7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 186.21 Gb Total Space | 68.74 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
    Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

    Computer Name: THEDESTROYER-PC | User Name: Darmentle | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
    "{02EB6BB9-2A29-B5FA-DF9D-A45383A21C9C}" = ccc-utility
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
    "{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
    "{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
    "{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
    "{0EA7F867-D362-2E76-77B8-9396B9245B66}" = CCC Help Finnish
    "{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
    "{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
    "{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
    "{16CF7BB1-672E-BC9F-E5CE-5854112E2C35}" = CCC Help Japanese
    "{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
    "{1700FEE9-EB3D-35C8-28ED-0BE7860BA710}" = CCC Help Portuguese
    "{190CCE82-4867-B16E-F96A-3F21A058ED9B}" = CCC Help Korean
    "{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
    "{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{250F0B5E-E926-C628-B639-FD1432A850EC}" = ATI AVIVO Codecs
    "{280E47E4-4EFB-D268-B042-F793EB2D8E4E}" = CCC Help Italian
    "{2A7D1710-31EB-3B24-BF52-1755099CE2C0}" = CCC Help Chinese Traditional
    "{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
    "{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
    "{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
    "{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
    "{3A6B7222-A439-1BBE-58DD-76D1B632EEA8}" = CCC Help Turkish
    "{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
    "{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
    "{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
    "{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
    "{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
    "{3F7BBDE9-79B4-4E77-B878-7E6B36F3A766}" = CCC Help French
    "{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
    "{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
    "{4835B10F-61D4-E60C-860D-DF71C93FDC37}" = ATI Catalyst Install Manager
    "{484EE870-ACAD-4520-88D5-9F465881238E}" = ATI Problem Report Wizard
    "{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
    "{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
    "{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
    "{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
    "{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
    "{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
    "{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
    "{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
    "{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
    "{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
    "{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
    "{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
    "{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
    "{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
    "{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
    "{6CF37701-7E02-873F-9543-183116AC905C}" = CCC Help Danish
    "{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
    "{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
    "{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.2.137
    "{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
    "{7A587AD7-EDEF-BD63-C054-5E5FBC47105C}" = CCC Help Russian
    "{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
    "{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
    "{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
    "{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
    "{82130914-DF2E-4AD3-BC73-5DC2A180924C}" = CCC Help Thai
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
    "{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
    "{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
    "{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
    "{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
    "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
    "{88F066D3-5662-95C4-AE4E-D39174ED8F43}" = CCC Help Dutch
    "{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
    "{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
    "{9DFC3864-1C52-E552-B039-09AE59F35801}" = CCC Help Swedish
    "{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A43C0289-EE84-FEC7-595D-A6F8489B2C44}" = CCC Help Polish
    "{A77B5C97-77AD-54E9-FB97-52F0A9EF72AC}" = CCC Help Spanish
    "{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
    "{AA2E2EA3-D999-D8A0-7C6F-DF451DF9135C}" = CCC Help Greek
    "{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
    "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
    "{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
    "{B08201F3-AE80-58C6-E832-7DF5B87795FB}" = CCC Help Hungarian
    "{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
    "{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
    "{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
    "{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
    "{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
    "{B569ACCD-8F95-53CE-AF51-70CB8EA34656}" = CCC Help German
    "{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
    "{B9BDD486-EF12-B0BC-1C88-B3046092A8BD}" = CCC Help Chinese Standard
    "{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
    "{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
    "{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
    "{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
    "{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
    "{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
    "{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
    "{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
    "{CED2C398-A03E-A70D-6894-78C79C501296}" = CCC Help Czech
    "{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
    "{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
    "{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
    "{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
    "{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
    "{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
    "{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
    "{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
    "{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
    "{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
    "{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F175273F-6F15-23E2-1DF9-D2A8DD477502}" = CCC Help Norwegian
    "{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
    "{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
    "{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
    "{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
    "{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
    "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11
    "Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
    "com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
    "CurseClient" = Curse Client
    "Diablo II" = Diablo II
    "Fraps" = Fraps (remove only)
    "InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
    "Internet Download Manager" = Internet Download Manager
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
    "Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
    "PunkBusterSvc" = PunkBuster Services
    "Steam App 42700" = Call of Duty: Black Ops
    "Steam App 42710" = Call of Duty: Black Ops - Multiplayer
    "Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
    "TeamSpeak 3 Client" = TeamSpeak 3 Client
    "TmNationsForever_is1" = TmNationsForever
    "UltraISO_is1" = UltraISO Premium V9.35
    "WinRAR archiver" = WinRAR archiver
    "World of Warcraft" = World of Warcraft
    "Xfire" = Xfire (remove only)
    "Yoshimura EMS" = Yoshimura EMS

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client

    ========== Last 10 Event Log Errors ==========

    Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

    < End of report >
     
  10. Hamerdin

    Hamerdin TS Rookie Topic Starter

    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
    PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
    PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
    PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
    PRC - [2009/12/24 21:44:13 | 000,115,200 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
    PRC - [2009/12/24 21:30:53 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
    PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/09/25 06:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
    PRC - [2009/09/22 05:12:56 | 007,739,936 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
    MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/09/10 16:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
    SRV - [2010/03/12 06:06:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2009/12/11 12:44:40 | 000,172,032 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva363.sys -- (XDva363)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
    DRV - [2010/02/11 20:45:20 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
    DRV - [2010/01/18 20:25:27 | 000,685,816 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - [2009/12/24 21:30:52 | 004,172,832 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
    DRV - [2009/12/11 13:03:58 | 005,188,096 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
    DRV - [2009/12/11 13:03:58 | 005,188,096 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
    DRV - [2009/12/11 11:50:52 | 000,125,440 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/11/23 17:37:18 | 000,014,856 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
    DRV - [2009/11/23 17:37:08 | 000,019,720 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
    DRV - [2009/10/09 14:55:54 | 000,020,008 | -H-- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv91cons.sys -- (mv91cons)
    DRV - [2009/09/25 06:57:40 | 000,138,240 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
    DRV - [2009/09/25 06:57:36 | 000,056,576 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
    DRV - [2009/09/22 05:05:58 | 002,771,232 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
    DRV - [2009/08/23 06:01:24 | 000,103,952 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
    DRV - [2009/08/20 08:04:54 | 000,189,440 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
    DRV - [2009/07/13 17:26:21 | 000,015,952 | -H-- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 17:26:17 | 000,297,552 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 17:26:15 | 000,422,976 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 17:26:15 | 000,159,312 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 17:26:15 | 000,146,512 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 17:26:15 | 000,086,608 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 17:26:15 | 000,079,952 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 17:26:15 | 000,076,368 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 17:26:15 | 000,023,616 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 17:26:15 | 000,014,400 | -H-- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 17:20:44 | 000,142,416 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 17:20:44 | 000,117,312 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 17:20:44 | 000,044,624 | -H-- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 17:20:37 | 000,089,168 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 17:20:36 | 000,332,352 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 17:20:36 | 000,235,584 | -H-- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 17:20:36 | 000,096,848 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 17:20:36 | 000,095,824 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 17:20:36 | 000,054,864 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 17:20:36 | 000,041,040 | -H-- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 17:20:36 | 000,030,800 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 17:20:28 | 000,453,712 | -H-- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 17:20:28 | 000,070,720 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 17:20:28 | 000,067,152 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 17:19:11 | 000,141,904 | -H-- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 17:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 17:19:10 | 000,159,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 17:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 17:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 17:19:10 | 000,016,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 17:19:04 | 001,383,488 | -H-- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 17:19:04 | 000,106,064 | -H-- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 17:19:04 | 000,077,888 | -H-- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 17:19:04 | 000,040,016 | -H-- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 17:19:04 | 000,021,072 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 16:57:25 | 000,272,128 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 15:51:35 | 000,008,192 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 15:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
    DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 15:46:55 | 000,012,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 15:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 15:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 15:16:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 15:11:04 | 000,052,736 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 14:54:14 | 000,026,624 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 14:53:33 | 000,012,160 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 14:53:33 | 000,011,904 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 14:53:32 | 000,062,336 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 14:53:28 | 000,013,568 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 14:53:28 | 000,005,248 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 14:02:52 | 000,347,264 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
    DRV - [2009/07/13 14:02:49 | 000,229,888 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 14:02:48 | 003,100,160 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 14:02:48 | 000,430,080 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2009/06/10 13:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
    DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========


    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 4F 0E D3 88 AC CB 01 [binary data]
    IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..extensions.enabledItems: {a45e6b3a-725d-4b20-afde-e7486bfe317c}:3.5.4

    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 09:15:29 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 09:15:29 | 000,000,000 | ---D | M]

    [2009/12/24 20:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Extensions
    [2011/01/08 21:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\extensions
    [2010/03/31 19:04:08 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
    [2009/12/24 20:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

    O1 HOSTS File: ([2011/01/09 13:54:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
    O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
    O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
    O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
    O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
    O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O32 - AutoRun File - [2010/09/23 11:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
    Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
    Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/09 14:32:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
    [2011/01/09 13:55:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/09 13:55:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/01/09 13:55:52 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Local\temp
    [2011/01/09 13:46:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/09 13:45:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/09 13:45:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/09 13:45:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/09 13:39:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/09 13:38:36 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/07 20:36:01 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\Desktop\mal
    [2011/01/07 19:38:22 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Roaming\Malwarebytes
    [2011/01/07 19:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/07 19:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/07 19:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/07 19:38:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/07 19:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/07 18:16:34 | 000,000,000 | ---D | C] -- C:\New folder (2)
    [2011/01/07 18:16:33 | 000,000,000 | ---D | C] -- C:\New folder
    [2011/01/04 21:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/01/04 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
    [2011/01/04 19:52:22 | 000,000,000 | -H-D | C] -- C:\Users\Darmentle\AppData\Local\Activision
    [2011/01/04 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/01/04 19:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
    [2011/01/04 19:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
    [2010/12/31 20:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NavyFIELD
    [2010/12/13 16:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
    [2010/12/13 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
    [2010/12/11 09:03:59 | 000,000,000 | -H-D | C] -- C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap
    [2010/01/30 12:04:24 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\Darmentle\AppData\Roaming\pcouffin.sys

    ========== Files - Modified Within 30 Days ==========

    [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
    [2011/01/09 13:54:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/09 13:49:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/09 13:49:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/09 13:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/09 13:43:47 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/09 13:37:06 | 004,151,517 | R--- | M] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
    [2011/01/08 21:42:51 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
    [2011/01/07 21:35:23 | 059,325,912 | ---- | M] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
    [2011/01/04 21:29:13 | 000,997,062 | -H-- | M] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/01/04 19:50:16 | 000,000,215 | ---- | M] () -- C:\Users\Darmentle\Desktop\Call of Duty Black Ops - Multiplayer.url
    [2010/12/31 14:42:48 | 002,194,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

    ========== Files Created - No Company Name ==========

    [2011/01/09 13:45:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/09 13:45:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/09 13:45:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/09 13:45:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/09 13:45:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/09 13:37:00 | 004,151,517 | R--- | C] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
    [2011/01/07 21:34:28 | 059,325,912 | ---- | C] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
    [2011/01/04 21:29:07 | 000,997,062 | -H-- | C] () -- C:\Windows\System32\drivers\Cat.DB
    [2011/01/04 19:50:16 | 000,000,215 | ---- | C] () -- C:\Users\Darmentle\Desktop\Call of Duty Black Ops - Multiplayer.url
    [2010/12/02 17:15:54 | 000,007,597 | -H-- | C] () -- C:\Users\Darmentle\AppData\Local\Resmon.ResmonCfg
    [2010/11/25 19:18:07 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
    [2010/08/23 20:05:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2010/07/09 11:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
    [2010/02/16 20:50:46 | 000,007,680 | -H-- | C] () -- C:\Users\Darmentle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/02/12 10:27:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2010/02/12 10:25:29 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
    [2010/02/12 10:25:29 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
    [2010/02/12 10:21:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
    [2010/01/30 12:05:24 | 000,000,671 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\vso_ts_preview.xml
    [2010/01/30 12:05:04 | 000,000,034 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.log
    [2010/01/30 12:04:24 | 000,007,887 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.cat
    [2010/01/30 12:04:24 | 000,001,144 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.inf
    [2010/01/23 14:25:26 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
    [2010/01/16 20:25:46 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
    [2010/01/16 20:25:46 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
    [2010/01/16 20:25:45 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
    [2010/01/04 21:42:59 | 000,139,128 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
    [2010/01/04 21:42:59 | 000,138,056 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\PnkBstrK.sys
    [2009/12/24 21:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
    [2009/12/24 21:31:31 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
    [2009/09/29 13:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
    [2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

    ========== LOP Check ==========

    [2010/12/24 17:59:02 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\DMCache
    [2010/05/29 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\GetRightToGo
    [2010/02/21 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Gold Wave Editor Pro
    [2010/01/18 06:51:39 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\IDM
    [2010/11/25 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Leawo
    [2010/01/05 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
    [2010/11/25 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Moyea
    [2010/05/18 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\TeamViewer
    [2010/03/30 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\TS3Client
    [2010/10/13 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Vso
    [2010/11/26 18:26:31 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/09 13:55:51 | 000,008,556 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2010/02/12 10:28:55 | 000,000,032 | ---- | M] () -- C:\csb.log
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
    [2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
    [2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
    [2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
    [2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/01/09 13:43:47 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
    [2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2010/02/12 10:27:19 | 000,000,086 | ---- | M] () -- C:\Install.log
    [2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/01/09 13:43:55 | 3753,369,600 | -HS- | M] () -- C:\pagefile.sys
    [2010/02/12 10:25:24 | 000,002,014 | ---- | M] () -- C:\RHDSetup.log
    [2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
    [2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 17:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
    [2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/13 17:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2009/12/24 20:53:47 | 000,000,221 | -HS- | M] () -- C:\Users\Darmentle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/07 21:35:23 | 059,325,912 | ---- | M] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
    [2011/01/09 13:37:06 | 004,151,517 | R--- | M] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
    [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/10/04 07:37:09 | 000,000,402 | -HS- | M] () -- C:\Users\Darmentle\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >
     
  11. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    .....
     
  12. Hamerdin

    Hamerdin TS Rookie Topic Starter

    Im pretty sure it worked cause im not seeing the problem anymore i search a bunch of sites on google and it did not redirect me anywhere thank you so much for your help and time.
     
  13. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Very good, but we still have couple of steps in front of us.
    I just had to know how redirection is.
    Hold on there for more instructions...
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

    =======================================================================

    Update your Java version here: http://www.java.com/en/download/installed.jsp

    Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

    Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

    Now, we need to remove old Java version and its remnants...

    Download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
    • Accept any prompts.

    ======================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
      IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
      O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
      O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =====================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  15. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Are you still out there?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...