Inactive Google search redirect malware

Status
Not open for further replies.
H

Hamerdin

Posts: 7   +0
Hi its happening to me i have been browsing the net in order to find the right answer and decipher thew all the info that everyone has posted and still no luck. I nee help i have win7 32bit also using firefox . i did the MBR check.
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55A-UD3
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 197):
0x8300D000 \SystemRoot\system32\ntkrnlpa.exe
0x8341D000 \SystemRoot\system32\halmacpi.dll
0x80BC2000 \SystemRoot\system32\kdcom.dll
0x83614000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8368C000 \SystemRoot\system32\PSHED.dll
0x8369D000 \SystemRoot\system32\BOOTVID.dll
0x836A5000 \SystemRoot\system32\CLFS.SYS
0x836E7000 \SystemRoot\system32\CI.dll
0x8C813000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C884000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C97C000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C985000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C9AB000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C9F3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C800000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x83792000 \SystemRoot\system32\DRIVERS\pci.sys
0x837BC000 \SystemRoot\System32\drivers\partmgr.sys
0x837CD000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8CA04000 \SystemRoot\System32\drivers\volmgrx.sys
0x8CA4F000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8CA56000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8CA64000 \SystemRoot\system32\DRIVERS\mv91cons.sys
0x8CA6D000 \SystemRoot\System32\drivers\mountmgr.sys
0x8CA83000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8CA8C000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8CAAF000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8CAB8000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CAEC000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CC33000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CD62000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CD8D000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CDA0000 \SystemRoot\System32\Drivers\cng.sys
0x8CC00000 \SystemRoot\System32\drivers\pcw.sys
0x8CC0E000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CAFD000 \SystemRoot\system32\drivers\ndis.sys
0x8CBB4000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CE33000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8CE58000 \SystemRoot\System32\drivers\tcpip.sys
0x8CFA1000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8CFD2000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8D003000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8D042000 \SystemRoot\System32\Drivers\spldr.sys
0x8D04A000 \SystemRoot\System32\drivers\rdyboost.sys
0x8D077000 \SystemRoot\System32\Drivers\mup.sys
0x8D087000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8D08F000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8D0C1000 \SystemRoot\system32\DRIVERS\disk.sys
0x8D0D2000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8D129000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8D148000 \SystemRoot\System32\Drivers\Null.SYS
0x8D14F000 \SystemRoot\System32\Drivers\Beep.SYS
0x8D156000 \SystemRoot\System32\drivers\vga.sys
0x8D162000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8D183000 \SystemRoot\System32\drivers\watchdog.sys
0x8D190000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8D198000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8D1A0000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8D1A8000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8D1B3000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8D1C1000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8D1D8000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8C892000 \SystemRoot\system32\drivers\afd.sys
0x8CE00000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8D1E3000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CFDB000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8D1EA000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8CC17000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C8EC000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C8FF000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8C90F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8CBF2000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C950000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C95A000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x837DD000 \SystemRoot\System32\drivers\discache.sys
0x92627000 \SystemRoot\system32\drivers\csc.sys
0x9268B000 \SystemRoot\System32\Drivers\dfsc.sys
0x926A3000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x926B1000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x926D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x926E4000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x926EF000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x9273A000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92749000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92768000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x9279A000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x927BC000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x927BE000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9303D000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x92A09000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x92AC0000 \SystemRoot\System32\drivers\dxgmms1.sys
0x92AF9000 \SystemRoot\system32\DRIVERS\fdc.sys
0x92B04000 \SystemRoot\system32\DRIVERS\serenum.sys
0x92B0E000 \SystemRoot\system32\DRIVERS\parport.sys
0x92B26000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x92B2C000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x92B39000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x92B4B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x92B63000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x92B6E000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x92B90000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x92BA8000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x92BBF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x92BD6000 \SystemRoot\System32\Drivers\pcouffin.sys
0x92BE2000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x92BEC000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9357E000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x92BF9000 \SystemRoot\system32\DRIVERS\swenum.sys
0x93000000 \SystemRoot\system32\DRIVERS\ks.sys
0x92BFB000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x9358B000 \SystemRoot\system32\DRIVERS\umbus.sys
0x93599000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x935DD000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x935EB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x927E2000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x82009000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x822AC000 \SystemRoot\system32\drivers\portcls.sys
0x822DB000 \SystemRoot\system32\drivers\drmk.sys
0x822F4000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x82620000 \SystemRoot\System32\win32k.sys
0x82311000 \SystemRoot\System32\drivers\Dxapi.sys
0x8231B000 \SystemRoot\system32\DRIVERS\monitor.sys
0x82880000 \SystemRoot\System32\TSDDD.dll
0x828B0000 \SystemRoot\System32\ATMFD.DLL
0x82900000 \SystemRoot\System32\cdd.dll
0x82326000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x8233D000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x82348000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x8235B000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x82362000 \SystemRoot\system32\drivers\luafv.sys
0x8237D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x82389000 \SystemRoot\system32\drivers\WudfPf.sys
0x823A3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x823AE000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x823CF000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x823DF000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x9963B000 \SystemRoot\system32\drivers\HTTP.sys
0x996C0000 \SystemRoot\system32\DRIVERS\bowser.sys
0x996D9000 \SystemRoot\System32\drivers\mpsdrv.sys
0x996EB000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9970E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x99749000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x99764000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9B222000 \SystemRoot\system32\drivers\peauth.sys
0x9B2B9000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9B2C3000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9B2E4000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9B35B000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9B3AA000 \SystemRoot\system32\DRIVERS\udfs.sys
0x9976B000 \SystemRoot\System32\DRIVERS\srv.sys
0x9B3EA000 \SystemRoot\System32\Drivers\crashdmp.sys
0x9B200000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x9B20B000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x997BC000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x997CD000 \SystemRoot\System32\drivers\rdpdr.sys
0x9B214000 \SystemRoot\system32\drivers\tdtcp.sys
0x997F2000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x99600000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9B21E000 \SystemRoot\system32\drivers\LGVirHid.sys
0x77960000 \Windows\System32\ntdll.dll
0x47CD0000 \Windows\System32\smss.exe
0x77BA0000 \Windows\System32\apisetschema.dll
0x00DB0000 \Windows\System32\autochk.exe
0x77B80000 \Windows\System32\nsi.dll
0x77B60000 \Windows\System32\sechost.dll
0x77B40000 \Windows\System32\imm32.dll
0x77890000 \Windows\System32\msctf.dll
0x77AC0000 \Windows\System32\comdlg32.dll
0x77690000 \Windows\System32\iertutil.dll
0x77AB0000 \Windows\System32\psapi.dll
0x77590000 \Windows\System32\wininet.dll
0x77530000 \Windows\System32\difxapi.dll
0x77480000 \Windows\System32\rpcrt4.dll
0x77340000 \Windows\System32\urlmon.dll
0x77310000 \Windows\System32\imagehlp.dll
0x77AA0000 \Windows\System32\lpk.dll
0x77230000 \Windows\System32\kernel32.dll
0x77160000 \Windows\System32\user32.dll
0x77110000 \Windows\System32\gdi32.dll
0x77060000 \Windows\System32\msvcrt.dll
0x77020000 \Windows\System32\ws2_32.dll
0x76EC0000 \Windows\System32\ole32.dll
0x76270000 \Windows\System32\shell32.dll
0x760D0000 \Windows\System32\setupapi.dll
0x76030000 \Windows\System32\advapi32.dll
0x75F90000 \Windows\System32\usp10.dll
0x75F30000 \Windows\System32\shlwapi.dll
0x75EE0000 \Windows\System32\Wldap32.dll
0x75ED0000 \Windows\System32\normaliz.dll
0x75E40000 \Windows\System32\clbcatq.dll
0x75DB0000 \Windows\System32\oleaut32.dll
0x75C90000 \Windows\System32\crypt32.dll
0x75C60000 \Windows\System32\cfgmgr32.dll
0x75C30000 \Windows\System32\wintrust.dll
0x75C10000 \Windows\System32\devobj.dll
0x75BC0000 \Windows\System32\KernelBase.dll
0x75B30000 \Windows\System32\comctl32.dll
0x75B20000 \Windows\System32\msasn1.dll

Processes (total 51):
0 System Idle Process
4 System
316 C:\Windows\System32\smss.exe
460 csrss.exe
532 C:\Windows\System32\wininit.exe
540 csrss.exe
584 C:\Windows\System32\services.exe
592 C:\Windows\System32\lsass.exe
600 C:\Windows\System32\lsm.exe
704 C:\Windows\System32\svchost.exe
784 C:\Windows\System32\winlogon.exe
836 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1024 C:\Windows\System32\svchost.exe
1108 C:\Windows\System32\audiodg.exe
1168 C:\Windows\System32\svchost.exe
1268 WUDFHost.exe
1320 WUDFHost.exe
1396 C:\Windows\System32\svchost.exe
1516 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1660 C:\Windows\System32\svchost.exe
1768 C:\Windows\System32\svchost.exe
2116 C:\Windows\System32\dwm.exe
2124 C:\Windows\System32\taskhost.exe
2260 C:\Windows\explorer.exe
2460 C:\Windows\SOUNDMAN.EXE
2488 C:\Windows\System32\svchost.exe
2540 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2592 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2648 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
2716 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
2744 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
2772 C:\Windows\System32\rundll32.exe
2788 C:\Program Files\Steam\steam.exe
2968 C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
3160 C:\Windows\System32\SearchIndexer.exe
3268 C:\Program Files\Windows Media Player\wmpnetwk.exe
3580 C:\Windows\System32\svchost.exe
4068 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
2372 C:\Program Files\Windows Media Player\wmplayer.exe
3328 taskhost.exe
3256 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
3892 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1656 C:\Windows\System32\svchost.exe
3916 C:\Windows\System32\wuauclt.exe
2444 C:\Program Files\Mozilla Firefox\firefox.exe
3572 C:\Users\Darmentle\Desktop\mal\MBRCheck.exe
2080 C:\Windows\System32\conhost.exe
404 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2000BB-22RDA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!

------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5363

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

1/7/2011 7:42:33 PM
mbam-log-2011-01-07 (19-42-33).txt

Scan type: Quick scan
Objects scanned: 143932
Time elapsed: 4 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


-----------------------------------------------------------------------------------------------------------------------------------------------------------------
GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2011-01-07 20:20:59
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD2000BB-22RDA0 rev.20.00K20
Running: 7yeu6h2f.exe; Driver: C:\Users\DARMEN~1\AppData\Local\Temp\pfkiifog.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcess [0x8CD31F68]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateProcessEx [0x8CD32230]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwCreateUserProcess [0x8CD3252C]
SSDT \SystemRoot\system32\drivers\PCTCore.sys ZwTerminateProcess [0x8CD319D8]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 83088599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 830ACF52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 32C 830B483C 8 Bytes [68, 1F, D3, 8C, 30, 22, D3, ...]
.text ntkrnlpa.exe!RtlSidHashLookup + 364 830B4874 4 Bytes [2C, 25, D3, 8C]
.text ntkrnlpa.exe!RtlSidHashLookup + 7B8 830B4CC8 4 Bytes [D8, 19, D3, 8C]
? system32\drivers\PCTCore.sys The system cannot find the path specified. !
? system32\drivers\pctDS.sys The system cannot find the path specified. !
? system32\drivers\pctEFA.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atipmdag.sys section is writeable [0x93422000, 0x2D1F8A, 0xE8000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipAlloc] [74862494] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusStartup] [74845624] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdiplusShutdown] [748456E2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipFree] [7486250F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDeleteGraphics] [74858573] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDisposeImage] [74854D27] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageWidth] [748550CE] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipGetImageHeight] [748551A3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [748566D0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCreateFromHDC] [748582CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetCompositingMode] [74858819] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipSetInterpolationMode] [7485907A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipDrawImageRectI] [7485E21D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\explorer.exe[1780] @ C:\Windows\explorer.exe [gdiplus.dll!GdipCloneImage] [74854C59] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7600.16385_none_72fc7cbf861225ca\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2668] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[4024] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75C45E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\ACPI_HAL \Device\0000004f halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
----------------------------------------------------------------------------------------------------
DDS (Ver_10-12-12.02) - NTFSx86
Run by Darmentle at 20:27:44.84 on Fri 01/07/2011
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.2367 [GMT -8:00]

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\Dwm.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\rundll32.exe
C:\Windows\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Darmentle\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
uRun: [PlayNC Launcher]
uRun: [fxCommonInit] rundll32.exe "c:\users\darmentle\appdata\local\acroauthenticationsnap\fxCommonInit.dll",CdMouseOffice tapiWISupport
uRun: [Steam] "c:\program files\steam\steam.exe" -silent
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [ATICustomerCare] "c:\program files\ati\aticustomercare\ATICustomerCare.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "c:\program files\nec electronics\usb 3.0 host controller driver\application\nusb3mon.exe"
mRun: [Launch LgDeviceAgent] "c:\program files\logitech\gamepanel software\LgDevAgt.exe"
mRun: [Launch LCDMon] "c:\program files\logitech\gamepanel software\lcd manager\LCDMon.exe"
mRun: [Launch LGDCore] "c:\program files\logitech\gamepanel software\g-series software\LGDCore.exe" /SHOWHIDE
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

================= FIREFOX ===================

FF - ProfilePath - c:\users\darmen~1\appdata\roaming\mozilla\firefox\profiles\j0j6bb43.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}

============= SERVICES / DRIVERS ===============

R0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2009-10-9 20008]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atipmdag.sys [2009-12-11 5188096]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2009-12-11 125440]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 19720]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 14856]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2009-9-25 56576]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2009-9-25 138240]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2010-2-12 189440]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]

=============== Created Last 30 ================

2011-01-08 03:38:22 -------- d-----w- c:\users\darmen~1\appdata\roaming\Malwarebytes
2011-01-08 03:38:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 03:38:17 -------- d-----w- c:\progra~2\Malwarebytes
2011-01-08 03:38:14 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 03:38:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 02:16:34 -------- d-----w- C:\New folder (2)
2011-01-08 02:16:33 -------- d-----w- C:\New folder
2011-01-05 05:28:17 -------- d-----w- c:\program files\PC Tools Security
2011-01-05 05:28:17 -------- d-----w- c:\program files\common files\PC Tools
2011-01-05 03:52:22 -------- d-----w- c:\users\darmen~1\appdata\local\Activision
2010-12-31 21:59:31 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{5150af31-9583-4545-a2de-21c9390a1f2f}\mpengine.dll
2010-12-31 21:55:27 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-11 17:03:59 -------- d-----w- c:\users\darmen~1\appdata\local\AcroAuthenticationSnap

==================== Find3M ====================

2010-11-04 05:52:17 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41:26 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08:54 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

============= FINISH: 20:27:57.94 ===============

I hope i did this the way it needs to go.
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

====================================================================

Do NOT attach any logs.
All logs have to be pasted.
Paste Attach.txt into your next reply.

Also. MBRCheck log is incomplete.
Please, redo.

I don't see any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html
Update, run full scan, report on any findings.
 
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 12/24/2009 8:44:50 PM
System Uptime: 1/7/2011 12:12:21 PM (8 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | P55A-UD3
Processor: Intel(R) Core(TM) i7 CPU 860 @ 2.80GHz | Socket 1156 | 2794/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 67.488 GiB free.
D: is CDROM (UDF)
E: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel Devices (QVGA)
Device ID: ROOT\SIDESHOW\0000
Manufacturer: Logitech Inc
Name: Logitech GamePanel Devices (QVGA)
PNP Device ID: ROOT\SIDESHOW\0000
Service: WUDFRd

Class GUID: {997b5d8d-c442-4f2e-baf3-9c8e671e9e21}
Description: Logitech GamePanel Devices (Mono)
Device ID: ROOT\SIDESHOW\0001
Manufacturer: Logitech Inc
Name: Logitech GamePanel Devices (Mono)
PNP Device ID: ROOT\SIDESHOW\0001
Service: WUDFRd

==== System Restore Points ===================

RP142: 1/4/2011 7:29:29 PM - Installed Steam
RP143: 1/4/2011 9:32:21 PM - Spyware Doctor: Cleaning Threats

==== Installed Programs ======================

Acrobat.com
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe CSI CS4
Adobe Default Language CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Reader 9.3
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe Shockwave Player 11
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AMD DnD V1.0.19
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ATI AVIVO Codecs
ATI Catalyst Install Manager
ATI Catalyst Registration
ATI Problem Report Wizard
Battlefield: Bad Company™ 2
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Camtasia Studio 7
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Connect
ConvertXtoDVD 3.5.2.137
Curse Client
Diablo II
Fraps (remove only)
HydraVision
ImagXpress
Internet Download Manager
iTunes
kuler
League of Legends
Logitech GamePanel Software 3.06.109
Malwarebytes' Anti-Malware
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ Run Time Lib Setup
MicroVolts
Mozilla Firefox (3.5.16)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavyFIELD NorthAmerica
NCsoft Launcher
NEC Electronics USB 3.0 Host Controller Driver
neroxml
NVIDIA PhysX
PDF Settings CS4
Photoshop Camera Raw
Power Commander Control Center 3.2.0 (Test Build 1)
PunkBuster Services
QuickTime
Realtek AC'97 Audio
Realtek Ethernet Controller Driver For Windows Vista and Later
Realtek High Definition Audio Driver
Steam
Suite Shared Configuration CS4
TeamSpeak 2 RC2
TeamSpeak 3 Client
TmNationsForever
UltraISO Premium V9.35
Ventrilo Client
Windows Media Player Firefox Plugin
Windows Movie Maker 2.6
WinRAR archiver
World of Warcraft
Xfire (remove only)
Yoshimura EMS

==== Event Viewer Messages From Past Week ========

1/7/2011 8:21:55 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
1/7/2011 8:21:55 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
1/7/2011 8:21:55 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
1/7/2011 12:12:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: sptd
1/7/2011 12:12:23 PM, Error: sptd [4] - Driver detected an internal error in its data structures for .
1/4/2011 7:25:16 PM, Error: Service Control Manager [7023] - The Akamai NetSession Interface service terminated with the following error: The specified module could not be found.

==== End Of File ===========================


I just installed Avira anti virus going to scan now. said a virus or unwanted program has been found (TR/ATRAPS.Gen2)

C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap\fxCommonInit.dll
[WARNING] The file could not be copied to quarantine!
C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap\fxCommonInit.dll
[WARNING] The file could not be deleted!


Avira AntiVir Personal
Report file date: Saturday, January 08, 2011 09:07

Scanning for 2336006 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : Darmentle
Computer name : THEDESTROYER-PC

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 12/13/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 12/13/2010 16:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 20:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 12/13/2010 16:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 07:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 17:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 12/14/2010 05:38:01
VBASE002.VDF : 7.11.0.1 2048 Bytes 12/14/2010 05:38:01
VBASE003.VDF : 7.11.0.2 2048 Bytes 12/14/2010 05:38:02
VBASE004.VDF : 7.11.0.3 2048 Bytes 12/14/2010 05:38:02
VBASE005.VDF : 7.11.0.4 2048 Bytes 12/14/2010 05:38:02
VBASE006.VDF : 7.11.0.5 2048 Bytes 12/14/2010 05:38:02
VBASE007.VDF : 7.11.0.6 2048 Bytes 12/14/2010 05:38:02
VBASE008.VDF : 7.11.0.7 2048 Bytes 12/14/2010 05:38:03
VBASE009.VDF : 7.11.0.8 2048 Bytes 12/14/2010 05:38:03
VBASE010.VDF : 7.11.0.9 2048 Bytes 12/14/2010 05:38:03
VBASE011.VDF : 7.11.0.10 2048 Bytes 12/14/2010 05:38:03
VBASE012.VDF : 7.11.0.11 2048 Bytes 12/14/2010 05:38:03
VBASE013.VDF : 7.11.0.52 128000 Bytes 12/16/2010 05:38:06
VBASE014.VDF : 7.11.0.91 226816 Bytes 12/20/2010 05:38:08
VBASE015.VDF : 7.11.0.122 136192 Bytes 12/21/2010 05:38:08
VBASE016.VDF : 7.11.0.156 122880 Bytes 12/24/2010 05:38:09
VBASE017.VDF : 7.11.0.185 146944 Bytes 12/27/2010 05:38:09
VBASE018.VDF : 7.11.0.228 132608 Bytes 12/30/2010 05:38:11
VBASE019.VDF : 7.11.1.5 148480 Bytes 1/3/2011 05:38:12
VBASE020.VDF : 7.11.1.37 156672 Bytes 1/7/2011 05:38:12
VBASE021.VDF : 7.11.1.38 2048 Bytes 1/7/2011 05:38:13
VBASE022.VDF : 7.11.1.39 2048 Bytes 1/7/2011 05:38:13
VBASE023.VDF : 7.11.1.40 2048 Bytes 1/7/2011 05:38:13
VBASE024.VDF : 7.11.1.41 2048 Bytes 1/7/2011 05:38:13
VBASE025.VDF : 7.11.1.42 2048 Bytes 1/7/2011 05:38:13
VBASE026.VDF : 7.11.1.43 2048 Bytes 1/7/2011 05:38:14
VBASE027.VDF : 7.11.1.44 2048 Bytes 1/7/2011 05:38:14
VBASE028.VDF : 7.11.1.45 2048 Bytes 1/7/2011 05:38:14
VBASE029.VDF : 7.11.1.46 2048 Bytes 1/7/2011 05:38:14
VBASE030.VDF : 7.11.1.47 2048 Bytes 1/7/2011 05:38:14
VBASE031.VDF : 7.11.1.57 58368 Bytes 1/7/2011 05:38:15
Engineversion : 8.2.4.140
AEVDF.DLL : 8.1.2.1 106868 Bytes 12/13/2010 16:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 1/8/2011 05:38:24
AESCN.DLL : 8.1.7.2 127349 Bytes 12/13/2010 16:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 12/13/2010 16:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 12/13/2010 16:39:50
AEPACK.DLL : 8.2.4.7 512375 Bytes 1/8/2011 05:38:22
AEOFFICE.DLL : 8.1.1.10 201084 Bytes 12/13/2010 16:39:49
AEHEUR.DLL : 8.1.2.64 3154294 Bytes 1/8/2011 05:38:21
AEHELP.DLL : 8.1.16.0 246136 Bytes 12/13/2010 16:39:42
AEGEN.DLL : 8.1.5.1 397683 Bytes 1/8/2011 05:38:16
AEEMU.DLL : 8.1.3.0 393589 Bytes 12/13/2010 16:39:42
AECORE.DLL : 8.1.19.0 196984 Bytes 12/13/2010 16:39:41
AEBB.DLL : 8.1.1.0 53618 Bytes 12/13/2010 16:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 12/13/2010 16:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 12/13/2010 16:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 6/17/2010 22:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 12/13/2010 16:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 12/13/2010 16:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 12/13/2010 16:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 12/13/2010 16:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 6/17/2010 22:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 12/13/2010 16:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 6/17/2010 22:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 21:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 12/13/2010 16:40:20

Configuration settings for the scan:
Jobname.............................: Local Drives
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\alldrives.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, A:, D:, E:,
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Saturday, January 08, 2011 09:07

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'TrustedInstaller.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'wmpnetwk.exe' - '1' Module(s) have been scanned
Scan process 'wmplayer.exe' - '1' Module(s) have been scanned
Scan process 'WMPSideShowGadget.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LCDSirReal.exe' - '1' Module(s) have been scanned
Scan process 'SearchIndexer.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
Scan process 'LGDevAgt.exe' - '1' Module(s) have been scanned
Scan process 'conhost.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'nusb3mon.exe' - '1' Module(s) have been scanned
Scan process 'RtHDVCpl.exe' - '1' Module(s) have been scanned
Scan process 'SOUNDMAN.EXE' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'Dwm.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'taskhost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'WUDFHost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'lsm.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'wininit.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'A:\'
[INFO] In the drive 'A:\' no data medium is inserted!

Starting to scan executable files (registry).
The registry was scanned ( '400' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\City of Heroes\doublefusion\cache\data\generic_tech_wall_128_512\A48A936E.dll
[DETECTION] Is the TR/Crypt.TPM.Gen Trojan
C:\Users\Darmentle\Documents\Downloads\Compressed\Gold_Wave_Editor_Pro_10.5.2.By.VICTORIOUS.rar
[0] Archive type: RAR
[DETECTION] Contains code of the W32/Induc.A Windows virus
--> Gold Wave Editor Pro 10.5.2\GoldWaveEditorPro.exe
[DETECTION] Contains code of the W32/Induc.A Windows virus
C:\Users\Darmentle\Downloads\Internet_Download_ManagerVer.5.15.Build.05.rar
[0] Archive type: RAR
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
--> Ver.5.15.Build.05\Patch 5.xx (2008-12-06).exe
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
Begin scan in 'A:\'
Search path A:\ could not be opened!
System error [21]: The device is not ready.
Begin scan in 'D:\' <BLACK_OPS>
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: The device is not ready.

Beginning disinfection:
C:\Users\Darmentle\Downloads\Internet_Download_ManagerVer.5.15.Build.05.rar
[DETECTION] Contains recognition pattern of the WORM/Agent.143872 worm
[NOTE] The file was moved to the quarantine directory under the name '4918144e.qua'.
C:\Users\Darmentle\Documents\Downloads\Compressed\Gold_Wave_Editor_Pro_10.5.2.By.VICTORIOUS.rar
[DETECTION] Contains code of the W32/Induc.A Windows virus
[NOTE] The file was moved to the quarantine directory under the name '51873bea.qua'.
C:\Program Files\City of Heroes\doublefusion\cache\data\generic_tech_wall_128_512\A48A936E.dll
[DETECTION] Is the TR/Crypt.TPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '032c614f.qua'.


End of the scan: Saturday, January 08, 2011 10:44
Used time: 52:19 Minute(s)

The scan has been done completely.

21307 Scanned directories
652709 Files were scanned
3 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
3 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
652706 Files not concerned
2495 Archives were scanned
0 Warnings
3 Notes
 
I ran the mbr check and this is what it put on my desktop

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: P55A-UD3
Logical Drives Mask: 0x0000001d

Kernel Drivers (total 200):
0x8303C000 \SystemRoot\system32\ntkrnlpa.exe
0x83005000 \SystemRoot\system32\halmacpi.dll
0x80BCA000 \SystemRoot\system32\kdcom.dll
0x83606000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8367E000 \SystemRoot\system32\PSHED.dll
0x8368F000 \SystemRoot\system32\BOOTVID.dll
0x83697000 \SystemRoot\system32\CLFS.SYS
0x836D9000 \SystemRoot\system32\CI.dll
0x83784000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8C822000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8C91A000 \SystemRoot\System32\Drivers\WMILIB.SYS
0x8C923000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
0x8C949000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8C991000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8C999000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8C9A4000 \SystemRoot\system32\DRIVERS\pci.sys
0x8C9CE000 \SystemRoot\System32\drivers\partmgr.sys
0x8C9DF000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8CA12000 \SystemRoot\System32\drivers\volmgrx.sys
0x8CA5D000 \SystemRoot\system32\DRIVERS\pciide.sys
0x8CA64000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8CA72000 \SystemRoot\system32\DRIVERS\mv91cons.sys
0x8CA7B000 \SystemRoot\System32\drivers\mountmgr.sys
0x8CA91000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8CA9A000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8CABD000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8CAC6000 \SystemRoot\system32\drivers\fltmgr.sys
0x8CAFA000 \SystemRoot\system32\drivers\fileinfo.sys
0x8CC39000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8CD68000 \SystemRoot\System32\Drivers\msrpc.sys
0x8CD93000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8CB0B000 \SystemRoot\System32\Drivers\cng.sys
0x8CDA6000 \SystemRoot\System32\drivers\pcw.sys
0x8CDB4000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8CE16000 \SystemRoot\system32\drivers\ndis.sys
0x8CECD000 \SystemRoot\system32\drivers\NETIO.SYS
0x8CF0B000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8D030000 \SystemRoot\System32\drivers\tcpip.sys
0x8D179000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8D1AA000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
0x8D1B3000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8D1F2000 \SystemRoot\System32\Drivers\spldr.sys
0x8D000000 \SystemRoot\System32\drivers\rdyboost.sys
0x8CF30000 \SystemRoot\System32\Drivers\mup.sys
0x8CF40000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8CF48000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8CF7A000 \SystemRoot\system32\DRIVERS\disk.sys
0x8CF8B000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8CDBD000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8CFE2000 \SystemRoot\System32\Drivers\Null.SYS
0x8CFE9000 \SystemRoot\System32\Drivers\Beep.SYS
0x8CFF0000 \SystemRoot\System32\drivers\vga.sys
0x8CDDC000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8CE00000 \SystemRoot\System32\drivers\watchdog.sys
0x8CE0D000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8CC00000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8CC08000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8CC10000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8CC1B000 \SystemRoot\System32\Drivers\Npfs.SYS
0x8CB68000 \SystemRoot\system32\DRIVERS\tdx.sys
0x8CC29000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x8CB7F000 \SystemRoot\system32\drivers\afd.sys
0x8C830000 \SystemRoot\System32\DRIVERS\netbt.sys
0x8CBD9000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x8CBE0000 \SystemRoot\system32\DRIVERS\pacer.sys
0x8CA00000 \SystemRoot\system32\DRIVERS\netbios.sys
0x8C862000 \SystemRoot\system32\DRIVERS\serial.sys
0x8C87C000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x8C88F000 \SystemRoot\system32\DRIVERS\termdd.sys
0x8D1FA000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
0x8C89F000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x8C8E0000 \SystemRoot\system32\drivers\nsiproxy.sys
0x8C8EA000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x8C8F4000 \??\C:\Program Files\UltraISO\drivers\ISODrive.sys
0x8C90B000 \SystemRoot\System32\drivers\discache.sys
0x9221F000 \SystemRoot\system32\drivers\csc.sys
0x92283000 \SystemRoot\System32\Drivers\dfsc.sys
0x9229B000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x922A9000 \SystemRoot\system32\DRIVERS\avipbb.sys
0x922CF000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x922F0000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x92302000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x9230D000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x92358000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x92367000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x92386000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x923B8000 \SystemRoot\system32\DRIVERS\nusb3xhc.sys
0x923DA000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x923DC000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x9262F000 \SystemRoot\system32\DRIVERS\atipmdag.sys
0x93006000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x930BD000 \SystemRoot\System32\drivers\dxgmms1.sys
0x930F6000 \SystemRoot\system32\DRIVERS\fdc.sys
0x93101000 \SystemRoot\system32\DRIVERS\serenum.sys
0x9310B000 \SystemRoot\system32\DRIVERS\parport.sys
0x93123000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x93129000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x93136000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x93148000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x93160000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x9316B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x9318D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x931A5000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x931BC000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x931D3000 \SystemRoot\System32\Drivers\pcouffin.sys
0x931DF000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x931E9000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x92B70000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x931F6000 \SystemRoot\system32\DRIVERS\swenum.sys
0x92BBF000 \SystemRoot\system32\DRIVERS\ks.sys
0x931F8000 \SystemRoot\system32\drivers\LGBusEnum.sys
0x92600000 \SystemRoot\system32\DRIVERS\umbus.sys
0x97836000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x9787A000 \SystemRoot\system32\DRIVERS\nusb3hub.sys
0x97888000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x97892000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x81E35000 \SystemRoot\system32\drivers\RTKVHDA.sys
0x820D8000 \SystemRoot\system32\drivers\portcls.sys
0x82107000 \SystemRoot\system32\drivers\drmk.sys
0x82120000 \SystemRoot\system32\drivers\AtiHdmi.sys
0x82750000 \SystemRoot\System32\win32k.sys
0x8213D000 \SystemRoot\System32\drivers\Dxapi.sys
0x82147000 \SystemRoot\system32\DRIVERS\udfs.sys
0x82187000 \SystemRoot\System32\Drivers\crashdmp.sys
0x82194000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x8219F000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x821A8000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x821B9000 \SystemRoot\system32\DRIVERS\monitor.sys
0x829B0000 \SystemRoot\System32\TSDDD.dll
0x82600000 \SystemRoot\System32\ATMFD.DLL
0x82650000 \SystemRoot\System32\cdd.dll
0x821C4000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x821DB000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x821E6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x821F9000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x81E00000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x81E0C000 \SystemRoot\system32\drivers\luafv.sys
0x978A3000 \SystemRoot\system32\DRIVERS\avgntflt.sys
0x978B8000 \SystemRoot\system32\drivers\WudfPf.sys
0x81E27000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x978D2000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x978F3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x97903000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x97916000 \SystemRoot\system32\drivers\HTTP.sys
0x9799B000 \SystemRoot\system32\DRIVERS\bowser.sys
0x979B4000 \SystemRoot\System32\drivers\mpsdrv.sys
0x979C6000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x92B7D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x97800000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9781B000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9A424000 \SystemRoot\system32\drivers\peauth.sys
0x9A4BB000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9A4C5000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9A4E6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9A4F3000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9A542000 \SystemRoot\System32\DRIVERS\srv.sys
0x8CFB0000 \SystemRoot\System32\drivers\rdpdr.sys
0x9A400000 \SystemRoot\system32\drivers\tdtcp.sys
0x9A40A000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
0x9EA2B000 \SystemRoot\System32\Drivers\RDPWD.SYS
0x9EA5C000 \SystemRoot\system32\drivers\LGVirHid.sys
0x77100000 \Windows\System32\ntdll.dll
0x477F0000 \Windows\System32\smss.exe
0x77340000 \Windows\System32\apisetschema.dll
0x00C60000 \Windows\System32\autochk.exe
0x77260000 \Windows\System32\user32.dll
0x770B0000 \Windows\System32\Wldap32.dll
0x77020000 \Windows\System32\clbcatq.dll
0x76FC0000 \Windows\System32\shlwapi.dll
0x76EC0000 \Windows\System32\wininet.dll
0x76CC0000 \Windows\System32\iertutil.dll
0x77250000 \Windows\System32\normaliz.dll
0x76C30000 \Windows\System32\oleaut32.dll
0x75FE0000 \Windows\System32\shell32.dll
0x75F30000 \Windows\System32\rpcrt4.dll
0x75EE0000 \Windows\System32\gdi32.dll
0x75E30000 \Windows\System32\msvcrt.dll
0x75E10000 \Windows\System32\sechost.dll
0x77240000 \Windows\System32\lpk.dll
0x75DE0000 \Windows\System32\imagehlp.dll
0x75D40000 \Windows\System32\advapi32.dll
0x75BE0000 \Windows\System32\ole32.dll
0x75B80000 \Windows\System32\difxapi.dll
0x75B70000 \Windows\System32\nsi.dll
0x75AF0000 \Windows\System32\comdlg32.dll
0x75950000 \Windows\System32\setupapi.dll
0x75880000 \Windows\System32\msctf.dll
0x75840000 \Windows\System32\ws2_32.dll
0x75830000 \Windows\System32\psapi.dll
0x75750000 \Windows\System32\kernel32.dll
0x75730000 \Windows\System32\imm32.dll
0x75690000 \Windows\System32\usp10.dll
0x75550000 \Windows\System32\urlmon.dll
0x75520000 \Windows\System32\cfgmgr32.dll
0x75490000 \Windows\System32\comctl32.dll
0x75470000 \Windows\System32\devobj.dll
0x75350000 \Windows\System32\crypt32.dll
0x75300000 \Windows\System32\KernelBase.dll
0x752D0000 \Windows\System32\wintrust.dll
0x752C0000 \Windows\System32\msasn1.dll

Processes (total 52):
0 System Idle Process
4 System
320 C:\Windows\System32\smss.exe
464 csrss.exe
536 C:\Windows\System32\wininit.exe
544 csrss.exe
588 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
708 C:\Windows\System32\svchost.exe
768 C:\Windows\System32\winlogon.exe
872 C:\Windows\System32\svchost.exe
960 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
1068 C:\Windows\System32\svchost.exe
1152 C:\Windows\System32\audiodg.exe
1212 C:\Windows\System32\svchost.exe
1320 WUDFHost.exe
1380 WUDFHost.exe
1440 C:\Windows\System32\svchost.exe
1556 C:\Windows\System32\spoolsv.exe
1584 C:\Program Files\Avira\AntiVir Desktop\sched.exe
1604 C:\Windows\System32\svchost.exe
1732 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
1776 C:\Windows\System32\svchost.exe
1864 C:\Windows\System32\svchost.exe
1964 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
2012 C:\Windows\System32\conhost.exe
2136 C:\Windows\System32\dwm.exe
2144 C:\Windows\System32\taskhost.exe
2240 C:\Windows\explorer.exe
2420 C:\Windows\SOUNDMAN.EXE
2808 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
2848 C:\Windows\System32\svchost.exe
2872 C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
2976 C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
3012 C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
3088 C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
3260 C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
3364 C:\Windows\System32\SearchIndexer.exe
3600 C:\Program Files\Windows Media Player\wmpnetwk.exe
4092 C:\Windows\System32\svchost.exe
2692 C:\Program Files\Windows Media Player\WMPSideShowGadget.exe
1024 C:\Program Files\Windows Media Player\wmplayer.exe
3488 taskhost.exe
892 C:\Windows\System32\svchost.exe
216 C:\Windows\System32\wuauclt.exe
1292 C:\Program Files\Steam\steam.exe
240 C:\Program Files\Mozilla Firefox\firefox.exe
3684 C:\Windows\System32\dllhost.exe
3132 C:\Users\Darmentle\Desktop\mal\MBRCheck.exe
3100 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDCWD2000BB-22RDA0, Rev: 20.00K20

Size Device Name MBR Status
--------------------------------------------
186 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!
 
Looks good :)

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  1. Please, never rename Combofix unless instructed.
  2. Close any open browsers.
  3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    NOTE1. If Combofix asks you to install Recovery Console, please allow it.
    NOTE 2. If Combofix asks you to update the program, always do so.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  4. Double click on combofix.exe & follow the prompts.
  5. When finished, it will produce a report for you.
  6. Please post the "C:\ComboFix.txt"
**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
 
Does this look right

ComboFix 11-01-08.05 - Darmentle 01/09/2011 13:49:53.1.8 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.3579.2775 [GMT -8:00]
Running from: c:\users\Darmentle\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\install.exe
c:\users\Darmentle\AppData\Roaming\.#
c:\users\Darmentle\AppData\Roaming\inst.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-09 to 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 21:54 . 2011-01-09 21:54 -------- d-----w- c:\users\Darmentle\AppData\Local\temp
2011-01-09 21:54 . 2011-01-09 21:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\users\Darmentle\AppData\Roaming\Malwarebytes
2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\programdata\Malwarebytes
2011-01-08 03:38 . 2010-12-21 02:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-01-08 03:38 . 2011-01-08 03:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-01-08 03:38 . 2010-12-21 02:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-08 02:16 . 2011-01-08 02:16 -------- d-----w- C:\New folder (2)
2011-01-08 02:16 . 2011-01-08 02:16 -------- d-----w- C:\New folder
2011-01-05 05:26 . 2011-01-08 04:35 -------- d-----w- c:\program files\Google
2011-01-05 03:52 . 2011-01-05 03:52 -------- d--h--w- c:\users\Darmentle\AppData\Local\Activision
2010-12-31 21:59 . 2010-11-16 20:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5150AF31-9583-4545-A2DE-21C9390A1F2F}\mpengine.dll
2010-12-31 21:55 . 2010-10-20 03:00 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-12-14 00:59 . 2010-12-14 00:59 -------- d-----w- c:\programdata\Logitech
2010-12-11 17:03 . 2011-01-08 16:55 -------- d--h--w- c:\users\Darmentle\AppData\Local\AcroAuthenticationSnap

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 18:41 . 2009-12-25 05:10 222080 ------w- c:\windows\system32\MpSigStub.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2009-12-25 604704]
"ATICustomerCare"="c:\program files\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-06-15 307200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-09-22 7739936]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-09-25 106496]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 358472]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 1809992]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 3649096]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKLM\~\startupfolder\C:^Users^Darmentle^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CurseClientStartup.ccip]
path=c:\users\Darmentle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip
backup=c:\windows\pss\CurseClientStartup.ccip.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 09:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 15:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-06-15 23:33 141624 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LCDMon]
2010-08-03 17:43 1809992 ----a-w- c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Launch LgDeviceAgent]
2010-08-03 18:05 358472 ----a-w- c:\program files\Logitech\GamePanel Software\LGDevAgt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-19 05:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2011-01-05 03:29 1242448 ----a-w- c:\program files\Steam\steam.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-19 685816]
R3 XDva363;XDva363;c:\windows\system32\XDva363.sys [x]
R4 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-12-11 172032]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\DRIVERS\mv91cons.sys [2009-10-09 20008]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [2009-12-11 5188096]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2009-12-11 125440]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 19720]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 14856]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-09-25 56576]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-09-25 138240]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
FF - ProfilePath - c:\users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Aluminium Kai 2: {a45e6b3a-725d-4b20-afde-e7486bfe317c} - %profile%\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-PlayNC Launcher - (no file)
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-BCU - c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe
MSConfigStartUp-MRUTray - c:\program files\Marvell\raid\tray\MarvellTray.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2876254613-464567395-228984483-1002_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):19,8e,27,d0,bb,ad,82,b1,e6,98,33,cd,19,8b,b1,12,75,fe,39,7f,74,
1c,84,2e,40,76,7c,da,26,c9,6d,db,80,19,a4,23,6e,53,ae,35,00,00,00,00,00,00,\

[HKEY_USERS\S-1-5-21-2876254613-464567395-228984483-1002_Classes\CLSID\{e9856be6-9fd7-4393-8031-746e3b652062}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000063
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-01-09 13:55:51
ComboFix-quarantined-files.txt 2011-01-09 21:55

Pre-Run: 73,828,401,152 bytes free
Post-Run: 73,734,180,864 bytes free

- - End Of File - - 6556218B3A4244FF8D780670C96D3DBD
 
Combofix look good now...

How is redirection?

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
OTL Extras logfile created on: 1/9/2011 2:34:15 PM - Run 1
OTL by OldTimer - Version 3.2.20.1 Folder = C:\Users\Darmentle\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 72.00% Memory free
7.00 Gb Paging File | 6.00 Gb Available in Paging File | 87.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 186.21 Gb Total Space | 68.74 Gb Free Space | 36.92% Space Free | Partition Type: NTFS
Drive D: | 7.39 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF

Computer Name: THEDESTROYER-PC | User Name: Darmentle | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00ADFB20-AE75-46F4-AD2C-F48B15AC3100}" = Adobe Color NA Recommended Settings CS4
"{02EB6BB9-2A29-B5FA-DF9D-A45383A21C9C}" = ccc-utility
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0EA7F867-D362-2E76-77B8-9396B9245B66}" = CCC Help Finnish
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16CF7BB1-672E-BC9F-E5CE-5854112E2C35}" = CCC Help Japanese
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1700FEE9-EB3D-35C8-28ED-0BE7860BA710}" = CCC Help Portuguese
"{190CCE82-4867-B16E-F96A-3F21A058ED9B}" = CCC Help Korean
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{250F0B5E-E926-C628-B639-FD1432A850EC}" = ATI AVIVO Codecs
"{280E47E4-4EFB-D268-B042-F793EB2D8E4E}" = CCC Help Italian
"{2A7D1710-31EB-3B24-BF52-1755099CE2C0}" = CCC Help Chinese Traditional
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{37B03AA0-B125-4649-900C-F26E1081F163}" = Camtasia Studio 7
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3A6B7222-A439-1BBE-58DD-76D1B632EEA8}" = CCC Help Turkish
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3F7BBDE9-79B4-4E77-B878-7E6B36F3A766}" = CCC Help French
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4835B10F-61D4-E60C-860D-DF71C93FDC37}" = ATI Catalyst Install Manager
"{484EE870-ACAD-4520-88D5-9F465881238E}" = ATI Problem Report Wizard
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{5570C7F0-43D0-4916-8A9E-AEDD52FA86F4}" = Adobe Color EU Extra Settings CS4
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5E7A8F05-013C-44FD-B450-5434CA581098}_is1" = MicroVolts
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6CF37701-7E02-873F-9543-183116AC905C}" = CCC Help Danish
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.5.2.137
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{7A587AD7-EDEF-BD63-C054-5E5FBC47105C}" = CCC Help Russian
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{82130914-DF2E-4AD3-BC73-5DC2A180924C}" = CCC Help Thai
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support
"{868EC22E-7E82-4760-9265-3F2E705BF24B}" = League of Legends
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{88F066D3-5662-95C4-AE4E-D39174ED8F43}" = CCC Help Dutch
"{8A809006-C25A-4A3A-9DAB-94659BCDB107}" = NVIDIA PhysX
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{9DFC3864-1C52-E552-B039-09AE59F35801}" = CCC Help Swedish
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43C0289-EE84-FEC7-595D-A6F8489B2C44}" = CCC Help Polish
"{A77B5C97-77AD-54E9-FB97-52F0A9EF72AC}" = CCC Help Spanish
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AA2E2EA3-D999-D8A0-7C6F-DF451DF9135C}" = CCC Help Greek
"{AAF4238F-7C29-451D-9925-C753271A5728}" = Microsoft Visual C++ Run Time Lib Setup
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B08201F3-AE80-58C6-E832-7DF5B87795FB}" = CCC Help Hungarian
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B169BC97-B8AA-4ACA-9CF2-9D0FF5BABDF7}" = Adobe Premiere Pro CS4 Functional Content
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B3DAF54F-DB25-4586-9EF1-96D24BB14088}" = Windows Movie Maker 2.6
"{B569ACCD-8F95-53CE-AF51-70CB8EA34656}" = CCC Help German
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B9BDD486-EF12-B0BC-1C88-B3046092A8BD}" = CCC Help Chinese Standard
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9FB868B-2086-4EE2-BD4F-BFBA36B131F4}" = NCsoft Launcher
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CED2C398-A03E-A70D-6894-78C79C501296}" = CCC Help Czech
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D499F8DE-3F31-4900-9157-61061613704B}" = Adobe Premiere Pro CS4
"{D6D425D2-803F-40E8-9D65-3DC00D577C11}" = NavyFIELD NorthAmerica
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{EE353798-E875-42E0-B58D-7E6696182EA8}" = Adobe Media Encoder CS4 Dolby
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F175273F-6F15-23E2-1DF9-D2A8DD477502}" = CCC Help Norwegian
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"CurseClient" = Curse Client
"Diablo II" = Diablo II
"Fraps" = Fraps (remove only)
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"Internet Download Manager" = Internet Download Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.5.16)" = Mozilla Firefox (3.5.16)
"Power Commander 3 Usb_is1" = Power Commander Control Center 3.2.0 (Test Build 1)
"PunkBusterSvc" = PunkBuster Services
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TmNationsForever_is1" = TmNationsForever
"UltraISO_is1" = UltraISO Premium V9.35
"WinRAR archiver" = WinRAR archiver
"World of Warcraft" = World of Warcraft
"Xfire" = Xfire (remove only)
"Yoshimura EMS" = Yoshimura EMS

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
 
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
PRC - [2010/08/03 10:05:54 | 000,358,472 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
PRC - [2010/08/03 10:03:46 | 003,649,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2010/08/03 09:43:18 | 001,809,992 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2009/12/24 21:44:13 | 000,115,200 | ---- | M] () -- C:\Program Files\Logitech\GamePanel Software\Applets\LCDSirReal.exe
PRC - [2009/12/24 21:30:53 | 000,604,704 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Windows\SOUNDMAN.EXE
PRC - [2009/10/30 21:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/25 06:59:18 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009/09/22 05:12:56 | 007,739,936 | ---- | M] (Realtek Semiconductor) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
PRC - [2009/07/13 17:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe


========== Modules (SafeList) ==========

MOD - [2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
MOD - [2010/08/20 21:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
MOD - [2009/07/13 17:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
MOD - [2009/07/13 17:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
MOD - [2009/07/13 17:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
MOD - [2009/07/13 17:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
MOD - [2009/07/13 17:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
MOD - [2009/07/13 17:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
MOD - [2009/07/13 17:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
MOD - [2009/07/13 17:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
MOD - [2009/07/13 17:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
MOD - [2009/07/13 17:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/09/10 16:50:28 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010/06/10 20:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/03/12 06:06:59 | 000,655,624 | ---- | M] (Acresso Software Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/11 12:44:40 | 000,172,032 | ---- | M] (AMD) [Disabled | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/13 17:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
SRV - [2009/07/13 17:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
SRV - [2009/07/13 17:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
SRV - [2009/07/13 17:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
SRV - [2009/07/13 17:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
SRV - [2009/07/13 17:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
SRV - [2009/07/13 17:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 17:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
SRV - [2009/07/13 17:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
SRV - [2009/07/13 17:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
SRV - [2009/07/13 17:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
SRV - [2009/07/13 17:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/13 17:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
SRV - [2009/07/13 17:15:21 | 000,797,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/07/13 17:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
SRV - [2009/07/13 17:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
SRV - [2009/07/13 17:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
SRV - [2009/07/13 17:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
SRV - [2009/07/13 17:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
SRV - [2009/07/13 17:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\XDva363.sys -- (XDva363)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\mcdbus.sys -- (mcdbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
DRV - [2010/02/11 20:45:20 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2010/01/18 20:25:27 | 000,685,816 | -H-- | M] (Duplex Secure Ltd.) [Kernel | Boot | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/24 21:30:52 | 004,172,832 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTKVAC.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2009/12/11 13:03:58 | 005,188,096 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/12/11 13:03:58 | 005,188,096 | -H-- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atipmdag.sys -- (amdkmdag)
DRV - [2009/12/11 11:50:52 | 000,125,440 | -H-- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2009/12/10 23:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
DRV - [2009/11/23 17:37:18 | 000,014,856 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGVirHid.sys -- (LGVirHid)
DRV - [2009/11/23 17:37:08 | 000,019,720 | -H-- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV - [2009/10/09 14:55:54 | 000,020,008 | -H-- | M] (Marvell Semiconductor Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\mv91cons.sys -- (mv91cons)
DRV - [2009/09/25 06:57:40 | 000,138,240 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2009/09/25 06:57:36 | 000,056,576 | -H-- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/09/22 05:05:58 | 002,771,232 | -H-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009/08/23 06:01:24 | 000,103,952 | -H-- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2009/08/20 08:04:54 | 000,189,440 | -H-- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rt86win7.sys -- (RTL8167)
DRV - [2009/07/13 17:26:21 | 000,015,952 | -H-- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
DRV - [2009/07/13 17:26:17 | 000,297,552 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
DRV - [2009/07/13 17:26:15 | 000,422,976 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
DRV - [2009/07/13 17:26:15 | 000,159,312 | -H-- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
DRV - [2009/07/13 17:26:15 | 000,146,512 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
DRV - [2009/07/13 17:26:15 | 000,086,608 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
DRV - [2009/07/13 17:26:15 | 000,079,952 | -H-- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
DRV - [2009/07/13 17:26:15 | 000,076,368 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
DRV - [2009/07/13 17:26:15 | 000,023,616 | -H-- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
DRV - [2009/07/13 17:26:15 | 000,014,400 | -H-- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
DRV - [2009/07/13 17:20:44 | 000,142,416 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
DRV - [2009/07/13 17:20:44 | 000,117,312 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
DRV - [2009/07/13 17:20:44 | 000,044,624 | -H-- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
DRV - [2009/07/13 17:20:37 | 000,089,168 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
DRV - [2009/07/13 17:20:36 | 000,332,352 | -H-- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
DRV - [2009/07/13 17:20:36 | 000,235,584 | -H-- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
DRV - [2009/07/13 17:20:36 | 000,096,848 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2009/07/13 17:20:36 | 000,095,824 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
DRV - [2009/07/13 17:20:36 | 000,054,864 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
DRV - [2009/07/13 17:20:36 | 000,041,040 | -H-- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
DRV - [2009/07/13 17:20:36 | 000,030,800 | -H-- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
DRV - [2009/07/13 17:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
DRV - [2009/07/13 17:20:28 | 000,453,712 | -H-- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
DRV - [2009/07/13 17:20:28 | 000,070,720 | -H-- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
DRV - [2009/07/13 17:20:28 | 000,067,152 | -H-- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
DRV - [2009/07/13 17:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
DRV - [2009/07/13 17:19:11 | 000,141,904 | -H-- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
DRV - [2009/07/13 17:19:10 | 000,175,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
DRV - [2009/07/13 17:19:10 | 000,159,824 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
DRV - [2009/07/13 17:19:10 | 000,040,896 | -H-- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
DRV - [2009/07/13 17:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
DRV - [2009/07/13 17:19:10 | 000,028,224 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/07/13 17:19:10 | 000,016,976 | -H-- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
DRV - [2009/07/13 17:19:04 | 001,383,488 | -H-- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
DRV - [2009/07/13 17:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
DRV - [2009/07/13 17:19:04 | 000,106,064 | -H-- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
DRV - [2009/07/13 17:19:04 | 000,077,888 | -H-- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
DRV - [2009/07/13 17:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
DRV - [2009/07/13 17:19:04 | 000,040,016 | -H-- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
DRV - [2009/07/13 17:19:04 | 000,021,072 | -H-- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
DRV - [2009/07/13 17:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
DRV - [2009/07/13 16:57:25 | 000,272,128 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2009/07/13 16:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
DRV - [2009/07/13 16:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
DRV - [2009/07/13 15:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
DRV - [2009/07/13 15:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
DRV - [2009/07/13 15:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
DRV - [2009/07/13 15:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
DRV - [2009/07/13 15:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
DRV - [2009/07/13 15:51:35 | 000,008,192 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
DRV - [2009/07/13 15:51:23 | 000,080,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/07/13 15:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 15:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
DRV - [2009/07/13 15:46:55 | 000,012,288 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
DRV - [2009/07/13 15:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
DRV - [2009/07/13 15:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
DRV - [2009/07/13 15:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
DRV - [2009/07/13 15:28:47 | 000,005,632 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
DRV - [2009/07/13 15:28:45 | 000,017,920 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/13 15:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
DRV - [2009/07/13 15:16:36 | 000,009,728 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
DRV - [2009/07/13 15:11:04 | 000,052,736 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
DRV - [2009/07/13 14:54:14 | 000,026,624 | -H-- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 14:53:33 | 000,012,160 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
DRV - [2009/07/13 14:53:33 | 000,011,904 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
DRV - [2009/07/13 14:53:32 | 000,062,336 | -H-- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
DRV - [2009/07/13 14:53:28 | 000,013,568 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
DRV - [2009/07/13 14:53:28 | 000,005,248 | -H-- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
DRV - [2009/07/13 14:02:52 | 000,347,264 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm62x32.sys -- (NVENETFD)
DRV - [2009/07/13 14:02:49 | 000,229,888 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
DRV - [2009/07/13 14:02:48 | 003,100,160 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
DRV - [2009/07/13 14:02:48 | 000,430,080 | -H-- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
DRV - [2009/06/10 13:19:48 | 009,853,248 | -H-- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009/02/10 17:23:02 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Running] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8E 4F 0E D3 88 AC CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..extensions.enabledItems: {a45e6b3a-725d-4b20-afde-e7486bfe317c}:3.5.4

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/11 09:15:29 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/11 09:15:29 | 000,000,000 | ---D | M]

[2009/12/24 20:55:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Extensions
[2011/01/08 21:23:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\extensions
[2010/03/31 19:04:08 | 000,000,000 | ---D | M] (Aluminium Kai 2) -- C:\Users\Darmentle\AppData\Roaming\Mozilla\Firefox\Profiles\j0j6bb43.default\extensions\{a45e6b3a-725d-4b20-afde-e7486bfe317c}
[2009/12/24 20:55:04 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2011/01/09 13:54:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Tonec Inc.)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SoundMan] C:\Windows\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.205.224.36 24.205.192.61 68.116.46.115
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 13:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2010/09/23 11:32:44 | 000,000,133 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - File not found
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\System32\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\System32\frapsvid.dll (Beepa P/L)
Drivers32: vidc.tscc - C:\Windows\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XFR1 - C:\Windows\System32\xfcodec.dll ()


========== Files/Folders - Created Within 30 Days ==========

[2011/01/09 14:32:08 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
[2011/01/09 13:55:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/01/09 13:55:52 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/01/09 13:55:52 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Local\temp
[2011/01/09 13:46:24 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/01/09 13:45:05 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/01/09 13:45:05 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/01/09 13:45:05 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/01/09 13:39:06 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/01/09 13:38:36 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/07 20:36:01 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\Desktop\mal
[2011/01/07 19:38:22 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Roaming\Malwarebytes
[2011/01/07 19:38:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/01/07 19:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/01/07 19:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011/01/07 19:38:14 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/01/07 19:38:14 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/01/07 18:16:34 | 000,000,000 | ---D | C] -- C:\New folder (2)
[2011/01/07 18:16:33 | 000,000,000 | ---D | C] -- C:\New folder
[2011/01/04 21:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2011/01/04 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2011/01/04 19:52:22 | 000,000,000 | -H-D | C] -- C:\Users\Darmentle\AppData\Local\Activision
[2011/01/04 19:50:16 | 000,000,000 | ---D | C] -- C:\Users\Darmentle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2011/01/04 19:29:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
[2011/01/04 19:29:41 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/12/31 20:45:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NavyFIELD
[2010/12/13 16:59:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2010/12/13 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2010/12/11 09:03:59 | 000,000,000 | -H-D | C] -- C:\Users\Darmentle\AppData\Local\AcroAuthenticationSnap
[2010/01/30 12:04:24 | 000,047,360 | -H-- | C] (VSO Software) -- C:\Users\Darmentle\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe
[2011/01/09 13:54:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2011/01/09 13:49:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/01/09 13:49:01 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/01/09 13:43:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/01/09 13:43:47 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2011/01/09 13:37:06 | 004,151,517 | R--- | M] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
[2011/01/08 21:42:51 | 000,001,216 | ---- | M] () -- C:\Users\Public\Desktop\World of Warcraft.lnk
[2011/01/07 21:35:23 | 059,325,912 | ---- | M] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
[2011/01/04 21:29:13 | 000,997,062 | -H-- | M] () -- C:\Windows\System32\drivers\Cat.DB
[2011/01/04 19:50:16 | 000,000,215 | ---- | M] () -- C:\Users\Darmentle\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/12/31 14:42:48 | 002,194,008 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011/01/09 13:45:05 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/01/09 13:45:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/01/09 13:45:05 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/01/09 13:45:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/01/09 13:45:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/01/09 13:37:00 | 004,151,517 | R--- | C] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
[2011/01/07 21:34:28 | 059,325,912 | ---- | C] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
[2011/01/04 21:29:07 | 000,997,062 | -H-- | C] () -- C:\Windows\System32\drivers\Cat.DB
[2011/01/04 19:50:16 | 000,000,215 | ---- | C] () -- C:\Users\Darmentle\Desktop\Call of Duty Black Ops - Multiplayer.url
[2010/12/02 17:15:54 | 000,007,597 | -H-- | C] () -- C:\Users\Darmentle\AppData\Local\Resmon.ResmonCfg
[2010/11/25 19:18:07 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2010/08/23 20:05:34 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2010/07/09 11:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2010/02/16 20:50:46 | 000,007,680 | -H-- | C] () -- C:\Users\Darmentle\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/12 10:27:01 | 000,073,728 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2010/02/12 10:25:29 | 000,146,432 | ---- | C] () -- C:\Windows\System32\APOMngr.DLL
[2010/02/12 10:25:29 | 000,072,704 | ---- | C] () -- C:\Windows\System32\CmdRtr.DLL
[2010/02/12 10:21:33 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2010/01/30 12:05:24 | 000,000,671 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\vso_ts_preview.xml
[2010/01/30 12:05:04 | 000,000,034 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.log
[2010/01/30 12:04:24 | 000,007,887 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.cat
[2010/01/30 12:04:24 | 000,001,144 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\pcouffin.inf
[2010/01/23 14:25:26 | 000,000,262 | ---- | C] () -- C:\Windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/01/16 20:25:46 | 000,021,840 | ---- | C] () -- C:\Windows\System32\SIntfNT.dll
[2010/01/16 20:25:46 | 000,017,212 | ---- | C] () -- C:\Windows\System32\SIntf32.dll
[2010/01/16 20:25:45 | 000,012,067 | ---- | C] () -- C:\Windows\System32\SIntf16.dll
[2010/01/04 21:42:59 | 000,139,128 | -H-- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2010/01/04 21:42:59 | 000,138,056 | -H-- | C] () -- C:\Users\Darmentle\AppData\Roaming\PnkBstrK.sys
[2009/12/24 21:42:48 | 000,000,000 | ---- | C] () -- C:\Windows\LCDMedia.INI
[2009/12/24 21:31:31 | 000,154,144 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
[2009/09/29 13:16:26 | 000,000,127 | ---- | C] () -- C:\Windows\zraidtray.ini
[2009/07/13 15:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

========== LOP Check ==========

[2010/12/24 17:59:02 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\DMCache
[2010/05/29 17:40:55 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\GetRightToGo
[2010/02/21 16:39:14 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Gold Wave Editor Pro
[2010/01/18 06:51:39 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\IDM
[2010/11/25 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Leawo
[2010/01/05 17:06:19 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\LolClient.F24C99354F615F3BAB18AE7B93E3F9B9E8784FA6.1
[2010/11/25 19:19:13 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Moyea
[2010/05/18 15:09:19 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\TeamViewer
[2010/03/30 18:40:07 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\TS3Client
[2010/10/13 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Darmentle\AppData\Roaming\Vso
[2010/11/26 18:26:31 | 000,032,546 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/10 13:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2011/01/09 13:55:51 | 000,008,556 | ---- | M] () -- C:\ComboFix.txt
[2009/06/10 13:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/02/12 10:28:55 | 000,000,032 | ---- | M] () -- C:\csb.log
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2011/01/09 13:43:47 | 2815,025,152 | -HS- | M] () -- C:\hiberfil.sys
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2010/02/12 10:27:19 | 000,000,086 | ---- | M] () -- C:\Install.log
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2011/01/09 13:43:55 | 3753,369,600 | -HS- | M] () -- C:\pagefile.sys
[2010/02/12 10:25:24 | 000,002,014 | ---- | M] () -- C:\RHDSetup.log
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2009/07/13 20:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 20:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/13 20:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/13 20:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/06/10 13:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2009/07/13 17:15:05 | 000,071,168 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\prtprocs\w32x86\CNBPP4.DLL
[2009/07/13 17:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2009/07/13 17:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2009/07/13 20:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/12/24 20:53:47 | 000,000,221 | -HS- | M] () -- C:\Users\Darmentle\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/01/07 21:35:23 | 059,325,912 | ---- | M] () -- C:\Users\Darmentle\Desktop\avira_antivir_personal_en.exe
[2011/01/09 13:37:06 | 004,151,517 | R--- | M] () -- C:\Users\Darmentle\Desktop\ComboFix.exe
[2011/01/09 14:32:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Darmentle\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/10/04 07:37:09 | 000,000,402 | -HS- | M] () -- C:\Users\Darmentle\Favorites\desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
 
Im pretty sure it worked cause im not seeing the problem anymore i search a bunch of sites on google and it did not redirect me anywhere thank you so much for your help and time.
 
Very good, but we still have couple of steps in front of us.
I just had to know how redirection is.
Hold on there for more instructions...
 
I don't see any AV program running.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html

=======================================================================

Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

======================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\EagleNT.sys -- (EagleNT)
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - Reg Error: Key error. File not found
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([https] in Trusted sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:DFC5A2B2

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

=====================================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • IMPORTANT! UN-check Remove found threats
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
792
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back