TechSpot

Ie redirect and occassional blue screen

By jonnyd1013
Jan 13, 2011
  1. I have completed steps 1-8, and the following logs are attached
     

    Attached Files:

  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

  3. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    sorry, pasted logs mbam and gmer

    Malwarebytes' Anti-Malware 1.50.1.1100
    www.malwarebytes.org

    Database version: 5509

    Windows 6.1.7600
    Internet Explorer 9.0.7930.16406

    1/13/2011 1:15:39 AM
    mbam-log-2011-01-13 (01-15-39).txt

    Scan type: Quick scan
    Objects scanned: 137651
    Time elapsed: 6 minute(s), 50 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit quick scan 2011-01-13 01:57:20
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdePort0 IC25N060ATMR04-0 rev.MO3OAD4A
    Running: b3u3knj1.exe; Driver: C:\Users\Jonathan\AppData\Local\Temp\fwlyrkow.sys


    ---- Disk sectors - GMER 1.0.15 ----

    Disk \Device\Harddisk0\DR0 sector 00 (MBR): rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 62: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sector 63: rootkit-like behavior;
    Disk \Device\Harddisk0\DR0 sectors 117209984 (+255): rootkit-like behavior;

    ---- Devices - GMER 1.0.15 ----

    Device \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskIC25N060ATMR04-0________________________MO3OAD4A#5&15026cd6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

    ---- EOF - GMER 1.0.15 ----
     
  4. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    pasted DDS

    DDS (Ver_10-12-12.02) - NTFSx86
    Run by Jonathan at 14:22:24.32 on Thu 01/13/2011
    Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.420 [GMT -5:00]

    AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Jonathan\Desktop\dds (1).scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Bar = Preserve
    mDefault_Page_URL = hxxp://www.yahoo.com
    mStart Page = hxxp://www.yahoo.com
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office14\GROOVEEX.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: {00F2C0C6-2194-484E-9064-44E57787867B} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
    TB: {00000000-0000-0000-0000-000000000000} - No File
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\users\jonathan\appdata\local\google\update\GoogleUpdate.exe" /c
    mRun: [BCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
    mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
    mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
    mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
    mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office14\GROOVEEX.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\jonathan\appdata\roaming\mozilla\firefox\profiles\sp3jt2d3.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\programdata\google\toolbar for firefox\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\users\jonathan\appdata\roaming\mozilla\firefox\profiles\sp3jt2d3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
    FF - plugin: c:\users\jonathan\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\users\jonathan\appdata\local\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll

    ============= SERVICES / DRIVERS ===============

    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-1-13 135336]
    R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-1-13 267944]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-1-13 61960]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-12 136176]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]
    S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-12-3 1343400]

    =============== Created Last 30 ================

    2011-01-13 09:10:53 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\backup\mpengine.dll
    2011-01-13 09:10:49 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1caabc97-26b0-4246-a273-33bc8a253ef8}\mpengine.dll
    2011-01-13 06:18:55 -------- d-----w- c:\users\jonathan\appdata\roaming\Avira
    2011-01-13 06:08:24 -------- d-----w- c:\users\jonathan\appdata\roaming\Malwarebytes
    2011-01-13 06:08:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-13 06:08:03 -------- d-----w- c:\progra~2\Malwarebytes
    2011-01-13 06:07:59 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-13 06:07:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-13 05:16:43 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-13 05:16:41 -------- d-----w- c:\program files\Avira
    2011-01-13 05:16:41 -------- d-----w- c:\progra~2\Avira
    2011-01-13 04:22:59 289792 ----a-w- c:\program files\internet explorer\networkinspection.dll
    2011-01-13 04:21:58 3181568 ----a-w- c:\windows\system32\mf.dll
    2011-01-13 04:21:58 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-13 04:21:57 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-01-13 04:21:12 804864 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-13 04:21:12 737280 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-13 04:21:12 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-13 04:21:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-13 04:21:12 1076224 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-13 04:20:31 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-13 04:20:31 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-13 04:19:45 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-01-13 04:19:01 -------- d-----w- c:\program files\Feedback Tool
    2011-01-09 22:17:41 -------- d-----w- c:\program files\Symantec
    2011-01-09 22:17:41 -------- d-----w- c:\program files\common files\Symantec Shared
    2011-01-09 22:15:26 -------- d-----w- c:\program files\Norton 360
    2011-01-09 22:15:25 -------- d-----w- c:\progra~2\Norton
    2011-01-09 22:15:09 -------- d-----w- c:\program files\NortonInstaller
    2011-01-09 22:15:09 -------- d-----w- c:\progra~2\NortonInstaller
    2011-01-07 15:13:53 -------- d-----w- c:\progra~2\BDLogging
    2011-01-07 07:40:52 -------- d-----w- C:\294a13f0dec86ff325e1
    2011-01-07 05:24:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2011-01-07 04:47:48 -------- d-----w- c:\program files\MSSOAP
    2011-01-07 04:47:48 -------- d-----w- c:\program files\common files\MSSoap
    2011-01-07 04:32:42 -------- d-----w- c:\users\jonathan\appdata\roaming\QuickScan
    2011-01-07 04:31:55 -------- d-----w- c:\program files\common files\BitDefender
    2011-01-07 04:31:28 581108 ----a-w- c:\progra~2\bdinstall.bin
    2011-01-06 19:30:41 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-06 19:30:41 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
    2010-12-31 20:59:19 -------- d-----w- c:\progra~2\regid.1986-12.com.adobe
    2010-12-31 06:28:19 -------- d-----w- c:\program files\uTorrent
    2010-12-31 06:27:40 -------- d-----w- c:\users\jonathan\appdata\roaming\uTorrent
    2010-12-27 04:03:30 -------- d-----w- c:\windows\system32\appmgmt
    2010-12-26 04:10:08 -------- d-----w- c:\users\jonathan\appdata\roaming\Hulabee
    2010-12-26 04:01:06 -------- d-----w- c:\users\jonathan\appdata\local\RadonLabs
    2010-12-26 03:58:24 -------- d-----w- c:\program files\OXXOGames
    2010-12-26 03:08:59 70088 ----a-w- c:\windows\system32\Project2-1.ocx
    2010-12-26 03:08:59 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
    2010-12-26 03:06:27 -------- d-----w- c:\program files\eGames
    2010-12-25 22:31:03 -------- d-----w- c:\users\jonathan\appdata\roaming\Ascaron Entertainment
    2010-12-25 22:22:00 -------- d-----w- c:\program files\Cinemaware Marquee
    2010-12-21 18:48:29 -------- d-----w- c:\program files\MSECache
    2010-12-16 02:11:33 -------- d-----w- c:\windows\rescache
    2010-12-14 20:12:40 737072 ----a-w- c:\progra~2\microsoft\ehome\packages\sportsv2\sportstemplatecore-6\Microsoft.MediaCenter.Sports.UI.dll

    ==================== Find3M ====================

    2010-11-12 23:53:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-11-02 04:41:12 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
    2010-11-02 04:40:36 496128 ----a-w- c:\windows\system32\taskschd.dll
    2010-11-02 04:40:36 305152 ----a-w- c:\windows\system32\taskcomp.dll
    2010-11-02 04:39:32 749056 ----a-w- c:\windows\system32\schedsvc.dll
    2010-11-02 04:34:44 192000 ----a-w- c:\windows\system32\taskeng.exe
    2010-11-02 04:34:33 179712 ----a-w- c:\windows\system32\schtasks.exe
    2010-10-27 04:32:36 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-10-20 04:54:18 34304 ----a-w- c:\windows\system32\atmlib.dll
    2010-10-20 03:00:24 2327552 ----a-w- c:\windows\system32\win32k.sys
    2010-10-20 02:58:41 294400 ----a-w- c:\windows\system32\atmfd.dll
    2010-10-19 20:51:33 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    2010-10-16 04:41:02 101760 ----a-w- c:\windows\system32\consent.exe
    2010-10-16 04:36:10 314368 ----a-w- c:\windows\system32\webio.dll

    =================== ROOTKIT ====================

    Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
    Windows 6.1.7600 Disk: IC25N060ATMR04-0 rev.MO3OAD4A -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-0

    device: opened successfully
    user: MBR read successfully

    Disk trace:
    called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll >>UNKNOWN [0x8540F555]<<
    _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x854157b0]; MOV EAX, [0x8541582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
    1 nt!IofCallDriver[0x82848EE0] -> \Device\Harddisk0\DR0[0x853E7A18]
    3 CLASSPNP[0x87E5759E] -> nt!IofCallDriver[0x82848EE0] -> [0x84F7C898]
    5 ACPI[0x8323A3B2] -> nt!IofCallDriver[0x82848EE0] -> \IdeDeviceP0T0L0-0[0x84F76030]
    \Driver\atapi[0x853F6318] -> IRP_MJ_CREATE -> 0x8540F555
    kernel: MBR read successfully
    _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x132; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; }
    detected disk devices:
    \Device\Ide\IdeDeviceP0T0L0-0 -> \??\IDE#DiskIC25N060ATMR04-0________________________MO3OAD4A#5&15026cd6&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
    detected hooks:
    user != kernel MBR !!!
    sectors 117210238 (+255): user != kernel
    Warning: possible TDL4 rootkit infection !
    TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

    ============= FINISH: 14:23:33.00 ===============
     
  5. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    attached

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-12-12.02)

    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/1/2010 4:37:44 AM
    System Uptime: 1/13/2011 11:05:26 AM (3 hours ago)

    Motherboard: TOSHIBA | | EAL20
    Processor: Intel(R) Celeron(R) M processor 1.30GHz | BAN | 1298/mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 56 GiB total, 36.684 GiB free.
    D: is CDROM ()

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: ACPI\CMP0101\2&DABA3FF&1
    Manufacturer:
    Name:
    PNP Device ID: ACPI\CMP0101\2&DABA3FF&1
    Service:

    Class GUID:
    Description: Video Controller
    Device ID: PCI\VEN_8086&DEV_3582&SUBSYS_FF001179&REV_02\3&18D45AA6&0&11
    Manufacturer:
    Name: Video Controller
    PNP Device ID: PCI\VEN_8086&DEV_3582&SUBSYS_FF001179&REV_02\3&18D45AA6&0&11
    Service:

    ==== System Restore Points ===================

    RP65: 1/12/2011 9:53:10 PM - Scheduled Checkpoint
    RP66: 1/12/2011 11:18:54 PM - Windows Update
    RP67: 1/12/2011 11:20:10 PM - Windows Update
    RP68: 1/12/2011 11:20:51 PM - Windows Update
    RP69: 1/12/2011 11:21:36 PM - Windows Update
    RP70: 1/12/2011 11:22:27 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Community Help
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Media Player
    Adobe Photoshop CS5
    Adobe Reader X
    Avira AntiVir Personal - Free Antivirus
    Blingo
    Definition update for Microsoft Office 2010 (KB982726)
    EVEREST Ultimate Edition v5.50
    Extreme Animal Puzzles
    Extreme Bugs Puzzles
    Extreme Orchid Puzzles
    Feedback Tool
    Geo Jump
    Google Chrome
    Google Toolbar for Firefox
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hangman Wild West II
    Java Auto Updater
    Java(TM) 6 Update 23
    Mahjongg Jr.
    Malwarebytes' Anti-Malware
    Mega Match
    Memory Machine
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SOAP Toolkit 3.0
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft_VC80_ATL_x86
    Microsoft_VC80_CRT_x86
    Microsoft_VC80_MFC_x86
    Microsoft_VC80_MFCLOC_x86
    Microsoft_VC90_ATL_x86
    Microsoft_VC90_CRT_x86
    Microsoft_VC90_MFC_x86
    Mozilla Firefox (3.6.13)
    PDF Settings CS5
    Peggle Deluxe
    Puzzle Master 3 SE
    Roxio Creator Audio
    Roxio Creator Copy
    Roxio Creator Data
    Roxio Creator DE 10.3
    Roxio Creator Tools
    Roxio Express Labeler 3
    Roxio Update Manager
    Security Update for Microsoft Office 2010 (KB2289078)
    Security Update for Microsoft Office 2010 (KB2289161)
    Security Update for Microsoft Publisher 2010 (KB2409055)
    Security Update for Microsoft Word 2010 (KB2345000)
    Snakes and Ladders
    TV Guide Crosswords
    Update for Microsoft Office 2010 (KB2202188)
    Update for Microsoft Office 2010 (KB2413186)
    Update for Microsoft OneNote 2010 (KB2433299)
    Update for Microsoft Outlook Social Connector (KB2289116)
    Winamp
    Winamp Detector Plug-in
    Yahoo! Software Update

    ==== Event Viewer Messages From Past Week ========

    1/9/2011 9:48:09 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer JUDITH-LAPTOP that believes that it is the master browser for the domain on transport NetBT_Tcpip_{56669001-DA52-4181-B6F0-6AB0. The master browser is stopping or an election is being forced.
    1/9/2011 6:52:49 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SENS service.
    1/9/2011 6:51:19 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the iphlpsvc service.
    1/9/2011 6:50:43 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Schedule service.
    1/9/2011 6:50:16 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
    1/7/2011 9:21:12 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 45 time(s).
    1/7/2011 9:21:06 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 44 time(s).
    1/7/2011 9:20:58 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 43 time(s).
    1/7/2011 9:20:53 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 42 time(s).
    1/7/2011 9:20:22 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 41 time(s).
    1/7/2011 9:20:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 40 time(s).
    1/7/2011 9:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 39 time(s).
    1/7/2011 9:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 38 time(s).
    1/7/2011 8:21:35 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 37 time(s).
    1/7/2011 8:21:00 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 36 time(s).
    1/7/2011 8:20:22 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 35 time(s).
    1/7/2011 8:20:16 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 34 time(s).
    1/7/2011 8:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 33 time(s).
    1/7/2011 8:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 32 time(s).
    1/7/2011 7:23:31 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 31 time(s).
    1/7/2011 7:23:18 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 30 time(s).
    1/7/2011 7:22:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 29 time(s).
    1/7/2011 7:22:13 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 28 time(s).
    1/7/2011 7:22:00 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 27 time(s).
    1/7/2011 7:21:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 26 time(s).
    1/7/2011 7:20:54 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 25 time(s).
    1/7/2011 7:20:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 24 time(s).
    1/7/2011 7:20:03 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 23 time(s).
    1/7/2011 7:19:56 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 22 time(s).
    1/7/2011 6:52:05 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 21 time(s).
    1/7/2011 6:51:59 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 20 time(s).
    1/7/2011 6:21:47 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 19 time(s).
    1/7/2011 6:21:42 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 18 time(s).
    1/7/2011 6:21:37 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 17 time(s).
    1/7/2011 6:21:31 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 16 time(s).
    1/7/2011 6:20:38 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 15 time(s).
    1/7/2011 6:20:33 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 14 time(s).
    1/7/2011 6:19:44 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 13 time(s).
    1/7/2011 6:07:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 12 time(s).
    1/7/2011 6:07:51 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 4 time(s).
    1/7/2011 6:07:19 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/7/2011 6:06:19 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 11 time(s).
    1/7/2011 6:06:01 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 10 time(s).
    1/7/2011 6:03:23 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 9 time(s).
    1/7/2011 6:02:46 PM, Error: Service Control Manager [7034] - The Shell Hardware Detection service terminated unexpectedly. It has done this 3 time(s).
    1/7/2011 6:02:46 PM, Error: Service Control Manager [7034] - The Application Experience service terminated unexpectedly. It has done this 3 time(s).
    1/7/2011 6:02:46 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/7/2011 6:02:45 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The operation completed successfully.
    1/7/2011 6:01:45 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/7/2011 5:47:10 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    1/7/2011 5:44:21 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    1/7/2011 5:44:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    1/7/2011 5:44:13 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    1/7/2011 5:44:07 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Bdfndisf bdfsfltr bdfwfpf Bdvedisk CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 5:43:46 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    1/7/2011 5:43:46 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x9b00fa00, 0x00000002, 0x00000000, 0x83392fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010711-24453-01.
    1/7/2011 3:43:02 PM, Error: Service Control Manager [7000] - The User Profile Service service failed to start due to the following error: The pipe has been ended.
    1/7/2011 3:43:02 PM, Error: Service Control Manager [7000] - The System Event Notification Service service failed to start due to the following error: The pipe has been ended.
    1/7/2011 3:38:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Windows Management Instrumentation service which failed to start because of the following error: The pipe has been ended.
    1/7/2011 3:36:01 PM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The pipe has been ended.
    1/7/2011 2:28:20 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VSSERV service.
    1/7/2011 2:16:50 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 7 time(s).
    1/7/2011 2:16:50 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 7 time(s).
    1/7/2011 2:16:44 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 6 time(s).
    1/7/2011 2:16:44 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 6 time(s).
    1/7/2011 2:14:55 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 5 time(s).
    1/7/2011 2:11:49 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 4 time(s).
    1/7/2011 2:09:07 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Server service to connect.
    1/7/2011 2:09:07 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2011 2:09:07 AM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2011 12:18:44 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The pipe has been ended.
    1/7/2011 12:18:44 PM, Error: Service Control Manager [7000] - The Server service failed to start due to the following error: The pipe has been ended.
    1/7/2011 12:06:40 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SBSD Security Center Service service to connect.
    1/7/2011 12:06:40 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/7/2011 12:05:43 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x000000d1 (0x972de830, 0x00000002, 0x00000000, 0x833a1fb6). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 010711-37984-01.
    1/7/2011 12:02:30 AM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/7/2011 11:07:17 PM, Error: Service Control Manager [7034] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 5 time(s).
    1/7/2011 10:45:31 PM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 9 time(s).
    1/7/2011 10:45:31 PM, Error: Service Control Manager [7034] - The Computer Browser service terminated unexpectedly. It has done this 3 time(s).
    1/7/2011 10:40:30 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/7/2011 10:38:29 PM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 5 time(s).
    1/7/2011 10:21:10 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 53 time(s).
    1/7/2011 10:21:04 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 52 time(s).
    1/7/2011 10:20:56 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 51 time(s).
    1/7/2011 10:20:51 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 50 time(s).
    1/7/2011 10:20:20 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 49 time(s).
    1/7/2011 10:20:15 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 48 time(s).
    1/7/2011 10:19:49 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 47 time(s).
    1/7/2011 10:19:43 PM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 46 time(s).
    1/6/2011 9:40:47 PM, Error: Microsoft Antimalware [2001] -
    1/6/2011 9:31:32 AM, Error: Service Control Manager [7034] - The Application Management service terminated unexpectedly. It has done this 1 time(s).
    1/6/2011 9:27:17 AM, Error: Service Control Manager [7000] - The Diagnostic System Host service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    1/6/2011 9:15:53 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/6/2011 9:15:53 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    1/6/2011 9:15:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    1/6/2011 8:44:24 AM, Error: Service Control Manager [7000] - The WinHTTP Web Proxy Auto-Discovery Service service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    1/6/2011 8:44:13 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The client of a component requested an operation which is not valid given the state of the component instance.
    1/6/2011 7:47:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Browser service.
    1/6/2011 7:47:56 PM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/6/2011 7:45:06 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wbengine service.
    1/6/2011 3:09:50 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 3 time(s).
    1/6/2011 11:58:25 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
    1/6/2011 11:57:43 PM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The pipe has been ended.
    1/6/2011 11:05:52 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Multimedia Class Scheduler service, but this action failed with the following error: An instance of the service is already running.
    1/6/2011 11:00:51 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 2 time(s).
    1/13/2011 3:03:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
    1/13/2011 3:03:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 3:01:40 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:12:15 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/13/2011 2:10:15 AM, Error: Service Control Manager [7000] - The Computer Browser service failed to start due to the following error: The pipe has been ended.
    1/13/2011 1:53:10 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MMCSS service.
    1/13/2011 1:53:10 AM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/13/2011 1:16:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the IKE and AuthIP IPsec Keying Modules service, but this action failed with the following error: An instance of the service is already running.
    1/13/2011 1:16:40 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Computer Browser service, but this action failed with the following error: An instance of the service is already running.
    1/13/2011 1:14:40 AM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    1/12/2011 9:23:28 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 8 time(s).
    1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 8 time(s).
    1/12/2011 6:08:19 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 8 time(s).
    1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 7 time(s).
    1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 7 time(s).
    1/12/2011 5:25:01 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 7 time(s).
    1/12/2011 4:38:17 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0x00000004, 0x00000002, 0x00000000, 0x8288f123). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 011211-30609-01.
    1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 6 time(s).
    1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 6 time(s).
    1/12/2011 3:55:35 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 6 time(s).
    1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 5 time(s).
    1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 5 time(s).
    1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 5 time(s).
    1/12/2011 2:37:37 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 4 time(s).
    1/12/2011 2:37:37 AM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The User Profile Service service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Themes service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Task Scheduler service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The System Event Notification Service service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The IP Helper service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Group Policy Client service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:24:04 AM, Error: Service Control Manager [7034] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 3 time(s).
    1/12/2011 12:10:34 PM, Error: Service Control Manager [7038] - The MMCSS service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    1/12/2011 12:10:34 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The service did not start due to a logon failure.
    1/12/2011 12:10:34 PM, Error: Service Control Manager [7000] - The Multimedia Class Scheduler service failed to start due to the following error: The pipe has been ended.
    1/12/2011 11:56:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the wuauserv service.
    1/12/2011 11:56:42 AM, Error: Service Control Manager [7000] - The Windows Update service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2011 11:54:42 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AeLookupSvc service.
    1/12/2011 11:54:42 AM, Error: Service Control Manager [7000] - The Application Experience service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2011 11:21:18 AM, Error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
    1/12/2011 11:00:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.
    1/12/2011 11:00:24 AM, Error: Service Control Manager [7000] - The Background Intelligent Transfer Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2011 11:00:24 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service BITS with arguments "" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}
    1/12/2011 10:57:54 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    1/12/2011 10:37:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IKEEXT service.
    1/12/2011 10:37:24 AM, Error: Service Control Manager [7000] - The IKE and AuthIP IPsec Keying Modules service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    1/12/2011 1:53:15 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 4 time(s).
    1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 4 time(s).
    1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The Server service terminated unexpectedly. It has done this 4 time(s).
    1/12/2011 1:28:23 AM, Error: Service Control Manager [7034] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 4 time(s).

    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Download TDSSKiller and save it to your desktop.
    • Extract (unzip) its contents to your desktop.
    • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
     
  7. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    cured 1 issue

    here is the log

    I have not yet had any more redirects. Thank you sooooo much if it keeps working. Quick question. Why didn't any anti virus or other of the steps come up with anything malware?

    2011/01/13 17:02:23.0241 TDSS rootkit removing tool 2.4.13.0 Jan 12 2011 09:51:11
    2011/01/13 17:02:23.0241 ================================================================================
    2011/01/13 17:02:23.0256 SystemInfo:
    2011/01/13 17:02:23.0256
    2011/01/13 17:02:23.0256 OS Version: 6.1.7600 ServicePack: 0.0
    2011/01/13 17:02:23.0256 Product type: Workstation
    2011/01/13 17:02:23.0256 ComputerName: JONATHAN-PC
    2011/01/13 17:02:23.0256 UserName: Jonathan
    2011/01/13 17:02:23.0256 Windows directory: C:\Windows
    2011/01/13 17:02:23.0256 System windows directory: C:\Windows
    2011/01/13 17:02:23.0256 Processor architecture: Intel x86
    2011/01/13 17:02:23.0256 Number of processors: 1
    2011/01/13 17:02:23.0256 Page size: 0x1000
    2011/01/13 17:02:23.0256 Boot type: Normal boot
    2011/01/13 17:02:23.0256 ================================================================================
    2011/01/13 17:02:24.0538 Initialize success
    2011/01/13 17:02:27.0475 ================================================================================
    2011/01/13 17:02:27.0475 Scan started
    2011/01/13 17:02:27.0475 Mode: Manual;
    2011/01/13 17:02:27.0475 ================================================================================
    2011/01/13 17:02:29.0772 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/01/13 17:02:29.0866 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/01/13 17:02:29.0975 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/01/13 17:02:30.0084 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/01/13 17:02:30.0194 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/01/13 17:02:30.0366 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/01/13 17:02:30.0475 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys
    2011/01/13 17:02:30.0678 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
    2011/01/13 17:02:30.0772 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
    2011/01/13 17:02:30.0866 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
    2011/01/13 17:02:31.0069 ALCXWDM (292ce6f164008e825d71c07fd0265943) C:\Windows\system32\drivers\ALCXWDM.SYS
    2011/01/13 17:02:31.0334 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
    2011/01/13 17:02:31.0413 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
    2011/01/13 17:02:31.0475 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
    2011/01/13 17:02:31.0569 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/01/13 17:02:31.0631 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/01/13 17:02:31.0725 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/01/13 17:02:31.0834 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/01/13 17:02:31.0913 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/01/13 17:02:32.0272 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
    2011/01/13 17:02:32.0397 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
    2011/01/13 17:02:32.0491 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/01/13 17:02:32.0584 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/01/13 17:02:32.0663 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
    2011/01/13 17:02:32.0819 athr (ac4adac154563ab41cc79b0257bc685a) C:\Windows\system32\DRIVERS\athr.sys
    2011/01/13 17:02:33.0084 avgntflt (47b879406246ffdced59e18d331a0e7d) C:\Windows\system32\DRIVERS\avgntflt.sys
    2011/01/13 17:02:33.0178 avipbb (da39805e2bad99d37fce9477dd94e7f2) C:\Windows\system32\DRIVERS\avipbb.sys
    2011/01/13 17:02:33.0334 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
    2011/01/13 17:02:33.0444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
    2011/01/13 17:02:33.0569 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
    2011/01/13 17:02:33.0819 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/01/13 17:02:33.0913 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys
    2011/01/13 17:02:33.0975 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/01/13 17:02:34.0053 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/01/13 17:02:34.0163 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
    2011/01/13 17:02:34.0241 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/01/13 17:02:34.0319 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/01/13 17:02:34.0397 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/01/13 17:02:34.0475 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/01/13 17:02:34.0616 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/01/13 17:02:34.0928 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/01/13 17:02:35.0038 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
    2011/01/13 17:02:35.0116 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
    2011/01/13 17:02:35.0209 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/01/13 17:02:35.0272 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/01/13 17:02:35.0366 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys
    2011/01/13 17:02:35.0444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/01/13 17:02:35.0725 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/01/13 17:02:35.0819 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/01/13 17:02:35.0959 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
    2011/01/13 17:02:36.0100 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys
    2011/01/13 17:02:36.0194 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
    2011/01/13 17:02:36.0319 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
    2011/01/13 17:02:36.0475 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
    2011/01/13 17:02:36.0756 DXGKrnl (8b6c3464d7fac176500061dbfff42ad4) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/01/13 17:02:37.0006 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
    2011/01/13 17:02:37.0334 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/01/13 17:02:37.0444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
    2011/01/13 17:02:37.0584 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
    2011/01/13 17:02:37.0678 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
    2011/01/13 17:02:37.0803 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
    2011/01/13 17:02:37.0913 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
    2011/01/13 17:02:37.0991 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
    2011/01/13 17:02:38.0194 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/01/13 17:02:38.0256 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
    2011/01/13 17:02:38.0397 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
    2011/01/13 17:02:38.0506 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/01/13 17:02:38.0584 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/01/13 17:02:38.0694 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/01/13 17:02:38.0866 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
    2011/01/13 17:02:38.0944 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/01/13 17:02:39.0022 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/01/13 17:02:39.0084 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/01/13 17:02:39.0288 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
    2011/01/13 17:02:39.0459 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/01/13 17:02:39.0584 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/01/13 17:02:39.0678 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
    2011/01/13 17:02:39.0788 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
    2011/01/13 17:02:39.0897 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/01/13 17:02:40.0100 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/01/13 17:02:40.0225 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/01/13 17:02:40.0350 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
    2011/01/13 17:02:40.0444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/01/13 17:02:40.0538 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/01/13 17:02:40.0663 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/01/13 17:02:40.0756 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
    2011/01/13 17:02:40.0850 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
    2011/01/13 17:02:40.0928 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/01/13 17:02:41.0100 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/01/13 17:02:41.0334 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/01/13 17:02:41.0428 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/01/13 17:02:41.0522 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys
    2011/01/13 17:02:41.0631 KSecPkg (365c6154bbbc5377173f1ca7bfb6cc59) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/01/13 17:02:41.0913 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/01/13 17:02:42.0100 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/01/13 17:02:42.0397 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/01/13 17:02:42.0522 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/01/13 17:02:42.0616 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/01/13 17:02:42.0850 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
    2011/01/13 17:02:42.0944 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
    2011/01/13 17:02:43.0022 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/01/13 17:02:43.0241 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
    2011/01/13 17:02:43.0319 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
    2011/01/13 17:02:43.0381 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/01/13 17:02:43.0428 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/01/13 17:02:43.0522 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
    2011/01/13 17:02:43.0631 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
    2011/01/13 17:02:43.0678 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
    2011/01/13 17:02:44.0053 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
    2011/01/13 17:02:45.0194 mrxsmb (f1b6aa08497ea86ca6ef6f7a08b0bfb8) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/01/13 17:02:45.0288 mrxsmb10 (5613358b4050f46f5a9832da8050d6e4) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/01/13 17:02:45.0381 mrxsmb20 (25c9792778d80feb4c8201e62281bfdf) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/01/13 17:02:46.0553 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
    2011/01/13 17:02:46.0756 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/01/13 17:02:47.0038 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
    2011/01/13 17:02:47.0194 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/01/13 17:02:47.0272 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/01/13 17:02:47.0491 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/01/13 17:02:47.0678 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/01/13 17:02:47.0803 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
    2011/01/13 17:02:47.0881 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
    2011/01/13 17:02:47.0991 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/01/13 17:02:48.0053 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
    2011/01/13 17:02:48.0163 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/01/13 17:02:48.0241 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
    2011/01/13 17:02:48.0397 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/01/13 17:02:48.0678 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
    2011/01/13 17:02:48.0756 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/01/13 17:02:48.0850 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/01/13 17:02:48.0944 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/01/13 17:02:49.0006 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/01/13 17:02:49.0100 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
    2011/01/13 17:02:49.0178 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
    2011/01/13 17:02:49.0225 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
    2011/01/13 17:02:49.0459 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/01/13 17:02:49.0553 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
    2011/01/13 17:02:49.0647 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
    2011/01/13 17:02:49.0788 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
    2011/01/13 17:02:49.0928 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
    2011/01/13 17:02:50.0038 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/01/13 17:02:50.0194 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/01/13 17:02:50.0256 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/01/13 17:02:50.0303 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/01/13 17:02:50.0428 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
    2011/01/13 17:02:50.0491 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
    2011/01/13 17:02:50.0553 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
    2011/01/13 17:02:50.0616 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
    2011/01/13 17:02:50.0694 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
    2011/01/13 17:02:50.0772 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/01/13 17:02:50.0881 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
    2011/01/13 17:02:50.0991 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
    2011/01/13 17:02:51.0444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/01/13 17:02:51.0522 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
    2011/01/13 17:02:51.0663 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
    2011/01/13 17:02:51.0788 PxHelp20 (03e0fe281823ba64b3782f5b38950e73) C:\Windows\system32\Drivers\PxHelp20.sys
    2011/01/13 17:02:52.0022 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/01/13 17:02:52.0256 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/01/13 17:02:52.0334 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
    2011/01/13 17:02:52.0413 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/01/13 17:02:52.0491 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/01/13 17:02:52.0584 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/01/13 17:02:52.0694 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/01/13 17:02:52.0756 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/01/13 17:02:52.0819 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/01/13 17:02:52.0897 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/01/13 17:02:52.0975 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/01/13 17:02:53.0053 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
    2011/01/13 17:02:53.0319 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
    2011/01/13 17:02:53.0397 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
    2011/01/13 17:02:53.0616 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
    2011/01/13 17:02:53.0709 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
    2011/01/13 17:02:53.0928 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/01/13 17:02:54.0053 RTL8023xp (4e20765744bfbc16f6d6e5bd5598786b) C:\Windows\system32\DRIVERS\Rtnicxp.sys
    2011/01/13 17:02:54.0256 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
    2011/01/13 17:02:54.0366 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/01/13 17:02:54.0475 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/01/13 17:02:54.0631 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    2011/01/13 17:02:54.0788 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
    2011/01/13 17:02:54.0881 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
    2011/01/13 17:02:54.0944 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/01/13 17:02:55.0038 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/01/13 17:02:55.0084 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/01/13 17:02:55.0147 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/01/13 17:02:55.0209 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/01/13 17:02:55.0303 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
    2011/01/13 17:02:55.0381 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/01/13 17:02:55.0491 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/01/13 17:02:55.0694 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
    2011/01/13 17:02:55.0788 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
    2011/01/13 17:02:55.0928 srv (2dbedfb1853f06110ec2aa7f3213c89f) C:\Windows\system32\DRIVERS\srv.sys
    2011/01/13 17:02:56.0053 srv2 (db37131d1027c50ea7ee21c8bb4536aa) C:\Windows\system32\DRIVERS\srv2.sys
    2011/01/13 17:02:56.0147 srvnet (f5980b74124db9233b33f86fc5ebbb4f) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/01/13 17:02:56.0288 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
    2011/01/13 17:02:56.0553 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/01/13 17:02:56.0709 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
    2011/01/13 17:02:56.0819 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
    2011/01/13 17:02:56.0881 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
    2011/01/13 17:02:57.0116 Tcpip (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\drivers\tcpip.sys
    2011/01/13 17:02:57.0350 TCPIP6 (bb7f39c31c4a4417fd318e7cd184e225) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/01/13 17:02:57.0459 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
    2011/01/13 17:02:57.0569 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
    2011/01/13 17:02:57.0616 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
    2011/01/13 17:02:57.0694 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
    2011/01/13 17:02:57.0772 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
    2011/01/13 17:02:58.0178 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/01/13 17:02:58.0303 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/01/13 17:02:58.0397 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/01/13 17:02:58.0663 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
    2011/01/13 17:02:58.0897 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/01/13 17:02:58.0991 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
    2011/01/13 17:02:59.0053 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
    2011/01/13 17:02:59.0147 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/01/13 17:02:59.0209 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/01/13 17:02:59.0303 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/01/13 17:02:59.0491 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/01/13 17:02:59.0631 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/01/13 17:02:59.0725 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/01/13 17:02:59.0834 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/01/13 17:03:00.0006 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/01/13 17:03:00.0475 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/01/13 17:03:00.0756 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/01/13 17:03:00.0975 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
    2011/01/13 17:03:01.0053 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/01/13 17:03:01.0147 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
    2011/01/13 17:03:01.0584 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
    2011/01/13 17:03:01.0709 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
    2011/01/13 17:03:01.0788 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
    2011/01/13 17:03:02.0038 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
    2011/01/13 17:03:02.0569 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/01/13 17:03:02.0913 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
    2011/01/13 17:03:03.0131 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/01/13 17:03:03.0272 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/01/13 17:03:03.0350 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/01/13 17:03:03.0444 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/01/13 17:03:03.0538 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/01/13 17:03:03.0600 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/13 17:03:03.0616 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/01/13 17:03:03.0772 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
    2011/01/13 17:03:04.0788 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
    2011/01/13 17:03:05.0631 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/01/13 17:03:05.0725 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
    2011/01/13 17:03:05.0897 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/01/13 17:03:06.0147 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/01/13 17:03:06.0381 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
    2011/01/13 17:03:06.0803 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/01/13 17:03:07.0131 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0)
    2011/01/13 17:03:07.0147 ================================================================================
    2011/01/13 17:03:07.0147 Scan finished
    2011/01/13 17:03:07.0147 ================================================================================
    2011/01/13 17:03:07.0178 Detected object count: 1
    2011/01/13 17:03:16.0116 \HardDisk0 - will be cured after reboot
    2011/01/13 17:03:16.0225 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure
    2011/01/13 17:03:21.0194 Deinitialize success
     
  8. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Good news :)
    We're not done yet, though...
    You have to keep in mind, that there is no perfect security program.
    A lot depends on your computer habits.

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.

    =======================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode.

    2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
     
  9. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    combo and other

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Ultimate Edition
    Windows Information: (build 7600), 32-bit
    Logical Drives Mask: 0x0000000c

    Kernel Drivers (total 184):
    0x82800000 \SystemRoot\system32\ntoskrnl.exe
    0x82C00000 \SystemRoot\system32\halmacpi.dll
    0x80BCE000 \SystemRoot\system32\kdcom.dll
    0x87426000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x8749E000 \SystemRoot\system32\PSHED.dll
    0x874AF000 \SystemRoot\system32\BOOTVID.dll
    0x874B7000 \SystemRoot\system32\CLFS.SYS
    0x874F9000 \SystemRoot\system32\CI.dll
    0x875A4000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x87615000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x87623000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x8766B000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
    0x87674000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x8767C000 \SystemRoot\system32\DRIVERS\pci.sys
    0x876A6000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x876B1000 \SystemRoot\System32\drivers\partmgr.sys
    0x876C2000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x876CA000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x876D5000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x876E5000 \SystemRoot\System32\drivers\volmgrx.sys
    0x87730000 \SystemRoot\system32\DRIVERS\intelide.sys
    0x87737000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x87745000 \SystemRoot\system32\DRIVERS\pcmcia.sys
    0x87773000 \SystemRoot\System32\drivers\mountmgr.sys
    0x87789000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x87792000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x877B5000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x877BE000 \SystemRoot\system32\drivers\fltmgr.sys
    0x87400000 \SystemRoot\system32\drivers\fileinfo.sys
    0x87411000 \SystemRoot\System32\Drivers\PxHelp20.sys
    0x87818000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x87947000 \SystemRoot\System32\Drivers\msrpc.sys
    0x87972000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x87985000 \SystemRoot\System32\Drivers\cng.sys
    0x879E2000 \SystemRoot\System32\drivers\pcw.sys
    0x879F0000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x879F9000 \SystemRoot\system32\drivers\ndis.sys
    0x87AB0000 \SystemRoot\system32\drivers\NETIO.SYS
    0x87AEE000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x87C22000 \SystemRoot\System32\drivers\tcpip.sys
    0x87D6B000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x87D9C000 \SystemRoot\system32\DRIVERS\vmstorfl.sys
    0x87DA5000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x87DE4000 \SystemRoot\System32\Drivers\spldr.sys
    0x87DEC000 \SystemRoot\System32\drivers\rdyboost.sys
    0x87E19000 \SystemRoot\System32\Drivers\mup.sys
    0x87E29000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x87E31000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x87E63000 \SystemRoot\system32\DRIVERS\disk.sys
    0x87E74000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x87ECB000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x87EEA000 \SystemRoot\System32\Drivers\Null.SYS
    0x87EF1000 \SystemRoot\System32\Drivers\Beep.SYS
    0x87EF8000 \SystemRoot\System32\drivers\vga.sys
    0x87F04000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x87F25000 \SystemRoot\System32\drivers\watchdog.sys
    0x87F32000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x87F3A000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x87F42000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x87F4A000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x87F55000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x87F63000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x87F7A000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x87F85000 \SystemRoot\system32\drivers\afd.sys
    0x87B13000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x87FDF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x87C00000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x87FE6000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x87B45000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x87B53000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x87B66000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x87FF7000 \SystemRoot\system32\DRIVERS\ssmdrv.sys
    0x87B76000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x87BB7000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x87BC1000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x87BCB000 \SystemRoot\System32\drivers\discache.sys
    0x8E433000 \SystemRoot\system32\drivers\csc.sys
    0x8E497000 \SystemRoot\System32\Drivers\dfsc.sys
    0x8E4AF000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x8E4BD000 \SystemRoot\system32\DRIVERS\avipbb.sys
    0x8E4E3000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x8E504000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x8E516000 \SystemRoot\system32\DRIVERS\vgapnp.sys
    0x8E523000 \SystemRoot\system32\DRIVERS\usbuhci.sys
    0x8E52E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x8E579000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x8E588000 \SystemRoot\system32\DRIVERS\1394ohci.sys
    0x8E5B4000 \SystemRoot\system32\DRIVERS\Rtnicxp.sys
    0x8E5C3000 \SystemRoot\system32\DRIVERS\athr.sys
    0x8E6F0000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x8E6FA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x8E6FE000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x8E716000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x8E723000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x8E81E000 \SystemRoot\system32\drivers\ALCXWDM.SYS
    0x8EA4B000 \SystemRoot\system32\drivers\portcls.sys
    0x8EA7A000 \SystemRoot\system32\drivers\drmk.sys
    0x8EA93000 \SystemRoot\system32\drivers\ks.sys
    0x8EAC7000 \SystemRoot\system32\DRIVERS\AGRSM.sys
    0x8EBCD000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x8EBCF000 \SystemRoot\system32\drivers\modem.sys
    0x8EBDC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x8EBE9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x8E800000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x8E730000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x8E73B000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x8E75D000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x8E775000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x8E78C000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x8E7A3000 \SystemRoot\system32\DRIVERS\rdpbus.sys
    0x8E818000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x8E7AD000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x8E7BB000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x8E400000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x8E411000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x8E41E000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x8E429000 \SystemRoot\System32\Drivers\dump_atapi.sys
    0x87E99000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x91480000 \SystemRoot\System32\win32k.sys
    0x87EAA000 \SystemRoot\System32\drivers\Dxapi.sys
    0x916D0000 \SystemRoot\System32\drivers\dxg.sys
    0x87EB4000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x91700000 \SystemRoot\System32\TSDDD.dll
    0x91780000 \SystemRoot\System32\framebuf.dll
    0x91790000 \SystemRoot\System32\ATMFD.DLL
    0x87BD7000 \SystemRoot\system32\drivers\luafv.sys
    0x87800000 \SystemRoot\system32\DRIVERS\avgntflt.sys
    0x8D006000 \SystemRoot\system32\drivers\WudfPf.sys
    0x8D020000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x8D030000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x8D076000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x8D086000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x8D099000 \SystemRoot\system32\drivers\HTTP.sys
    0x8D11E000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x8D137000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x8D149000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x8D16C000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x8D1A7000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x8D1DA000 \SystemRoot\system32\drivers\peauth.sys
    0x8D271000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x8D27B000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x8D29C000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x8D2A9000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x8D2F8000 \SystemRoot\System32\DRIVERS\srv.sys
    0x77A50000 \Windows\System32\ntdll.dll
    0x47A60000 \Windows\System32\smss.exe
    0x77C90000 \Windows\System32\apisetschema.dll
    0x00280000 \Windows\System32\autochk.exe
    0x77BE0000 \Windows\System32\usp10.dll
    0x77940000 \Windows\System32\urlmon.dll
    0x777E0000 \Windows\System32\ole32.dll
    0x77730000 \Windows\System32\msvcrt.dll
    0x776D0000 \Windows\System32\difxapi.dll
    0x76A80000 \Windows\System32\shell32.dll
    0x77BD0000 \Windows\System32\lpk.dll
    0x77BC0000 \Windows\System32\nsi.dll
    0x769B0000 \Windows\System32\user32.dll
    0x768D0000 \Windows\System32\kernel32.dll
    0x76820000 \Windows\System32\rpcrt4.dll
    0x767D0000 \Windows\System32\gdi32.dll
    0x76700000 \Windows\System32\msctf.dll
    0x77BB0000 \Windows\System32\normaliz.dll
    0x76680000 \Windows\System32\comdlg32.dll
    0x76480000 \Windows\System32\iertutil.dll
    0x76440000 \Windows\System32\ws2_32.dll
    0x762A0000 \Windows\System32\setupapi.dll
    0x76270000 \Windows\System32\imagehlp.dll
    0x761D0000 \Windows\System32\advapi32.dll
    0x77B90000 \Windows\System32\sechost.dll
    0x76140000 \Windows\System32\oleaut32.dll
    0x760F0000 \Windows\System32\Wldap32.dll
    0x75FD0000 \Windows\System32\wininet.dll
    0x75FB0000 \Windows\System32\imm32.dll
    0x75FA0000 \Windows\System32\psapi.dll
    0x75F40000 \Windows\System32\shlwapi.dll
    0x75EB0000 \Windows\System32\clbcatq.dll
    0x75E80000 \Windows\System32\xmllite.dll
    0x75E30000 \Windows\System32\KernelBase.dll
    0x75E00000 \Windows\System32\wintrust.dll
    0x75DD0000 \Windows\System32\cfgmgr32.dll
    0x75D40000 \Windows\System32\comctl32.dll
    0x75D20000 \Windows\System32\devobj.dll
    0x75C00000 \Windows\System32\crypt32.dll
    0x75BF0000 \Windows\System32\msasn1.dll

    Processes (total 41):
    0 System Idle Process
    4 System
    264 C:\Windows\System32\smss.exe
    356 csrss.exe
    404 C:\Windows\System32\wininit.exe
    412 csrss.exe
    452 C:\Windows\System32\winlogon.exe
    488 C:\Windows\System32\services.exe
    496 C:\Windows\System32\lsass.exe
    504 C:\Windows\System32\lsm.exe
    620 C:\Windows\System32\svchost.exe
    696 C:\Windows\System32\svchost.exe
    840 C:\Windows\System32\svchost.exe
    880 C:\Windows\System32\svchost.exe
    908 C:\Windows\System32\svchost.exe
    1056 C:\Windows\System32\svchost.exe
    1176 C:\Windows\System32\svchost.exe
    1328 C:\Windows\System32\spoolsv.exe
    1376 C:\Program Files\Avira\AntiVir Desktop\sched.exe
    1392 C:\Windows\System32\taskhost.exe
    1424 C:\Windows\System32\svchost.exe
    1508 C:\Windows\System32\dwm.exe
    1524 C:\Windows\explorer.exe
    1884 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    1908 C:\Program Files\Winamp\winampa.exe
    1940 C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    1948 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    2016 C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    364 C:\Windows\System32\svchost.exe
    1152 C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    1544 C:\Windows\System32\conhost.exe
    2440 C:\Windows\System32\SearchIndexer.exe
    2948 C:\Program Files\Windows Media Player\wmpnetwk.exe
    2152 C:\Windows\System32\svchost.exe
    968 C:\Windows\System32\audiodg.exe
    2816 C:\Windows\System32\taskhost.exe
    916 C:\Windows\System32\SearchProtocolHost.exe
    2272 C:\Windows\System32\SearchFilterHost.exe
    4080 C:\Users\Jonathan\Desktop\MBRCheck.exe
    3440 C:\Windows\System32\conhost.exe
    3148 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: IC25N060ATMR04-0, Rev: MO3OAD4A

    Size Device Name MBR Status
    --------------------------------------------
    55 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
    SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


    Done!

    ComboFix 11-01-12.04 - Jonathan 01/13/2011 17:53:55.1.1 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.1014.598 [GMT -5:00]
    Running from: c:\users\Jonathan\Desktop\ComboFix.exe
    AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
    SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
    .

    2011-01-13 23:07 . 2011-01-13 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-01-13 22:25 . 2011-01-13 22:25 -------- d-----w- c:\program files\Mozilla Firefox 4.0 Beta 8
    2011-01-13 09:10 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1CAABC97-26B0-4246-A273-33BC8A253EF8}\mpengine.dll
    2011-01-13 06:18 . 2011-01-13 06:18 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Avira
    2011-01-13 06:08 . 2011-01-13 06:08 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Malwarebytes
    2011-01-13 06:08 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-01-13 06:08 . 2011-01-13 06:08 -------- d-----w- c:\programdata\Malwarebytes
    2011-01-13 06:07 . 2011-01-13 06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-01-13 06:07 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-01-13 05:16 . 2010-12-13 13:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2011-01-13 05:16 . 2010-12-13 13:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2011-01-13 05:16 . 2011-01-13 05:16 -------- d-----w- c:\programdata\Avira
    2011-01-13 05:16 . 2011-01-13 05:16 -------- d-----w- c:\program files\Avira
    2011-01-13 04:21 . 2010-05-23 10:11 196608 ----a-w- c:\windows\system32\mfreadwrite.dll
    2011-01-13 04:21 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\system32\mf.dll
    2011-01-13 04:21 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-01-13 04:21 . 2010-08-16 06:15 804864 ----a-w- c:\windows\system32\FntCache.dll
    2011-01-13 04:21 . 2010-08-16 06:14 1076224 ----a-w- c:\windows\system32\DWrite.dll
    2011-01-13 04:21 . 2010-08-16 06:14 737280 ----a-w- c:\windows\system32\d2d1.dll
    2011-01-13 04:21 . 2010-08-16 06:14 218624 ----a-w- c:\windows\system32\d3d10_1core.dll
    2011-01-13 04:21 . 2010-08-16 06:14 1172480 ----a-w- c:\windows\system32\d3d10warp.dll
    2011-01-13 04:20 . 2010-05-09 09:15 279552 ----a-w- c:\windows\system32\XpsGdiConverter.dll
    2011-01-13 04:20 . 2010-05-09 09:15 135168 ----a-w- c:\windows\system32\XpsRasterService.dll
    2011-01-13 04:19 . 2010-06-26 05:14 1495040 ----a-w- c:\windows\system32\ExplorerFrame.dll
    2011-01-13 04:19 . 2011-01-13 04:19 -------- d-----w- c:\program files\Feedback Tool
    2011-01-09 22:17 . 2011-01-09 22:17 -------- dc----w- c:\windows\system32\DRVSTORE
    2011-01-09 22:17 . 2011-01-10 06:00 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2011-01-09 22:17 . 2011-01-10 06:00 -------- d-----w- c:\program files\Symantec
    2011-01-09 22:15 . 2011-01-10 06:00 -------- d-----w- c:\program files\Norton 360
    2011-01-09 22:15 . 2011-01-10 06:00 -------- d-----w- c:\programdata\Norton
    2011-01-09 22:15 . 2011-01-09 22:15 -------- d-----w- c:\program files\NortonInstaller
    2011-01-07 15:13 . 2011-01-07 22:46 -------- d-----w- c:\programdata\BDLogging
    2011-01-07 07:40 . 2011-01-10 06:00 -------- d-----w- C:\294a13f0dec86ff325e1
    2011-01-07 05:24 . 2010-11-12 23:53 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-01-07 04:47 . 2011-01-07 04:47 -------- d-----w- c:\program files\MSSOAP
    2011-01-07 04:32 . 2011-01-07 04:32 -------- d-----w- c:\users\Jonathan\AppData\Roaming\QuickScan
    2011-01-07 04:31 . 2011-01-10 06:00 -------- d-----w- c:\program files\Common Files\BitDefender
    2011-01-07 04:31 . 2011-01-13 06:21 581108 ----a-w- c:\programdata\bdinstall.bin
    2011-01-06 19:30 . 2011-01-07 05:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-01-06 19:30 . 2011-01-07 05:10 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-01-06 19:17 . 2011-01-06 19:17 -------- d-----w- c:\windows\Sun
    2011-01-06 13:50 . 2011-01-07 02:22 -------- d-----w- c:\program files\7-Zip
    2010-12-31 20:59 . 2010-12-31 20:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
    2010-12-31 19:36 . 2010-12-31 19:36 -------- d-----w- c:\program files\Adobe Media Player
    2010-12-31 06:28 . 2010-12-31 06:28 -------- d-----w- c:\program files\uTorrent
    2010-12-31 06:27 . 2011-01-07 02:23 -------- d-----w- c:\users\Jonathan\AppData\Roaming\uTorrent
    2010-12-26 04:10 . 2010-12-26 04:10 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Hulabee
    2010-12-26 04:01 . 2010-12-26 04:01 -------- d-----w- c:\users\Jonathan\AppData\Local\RadonLabs
    2010-12-26 03:58 . 2010-12-26 03:58 -------- d-----w- c:\program files\OXXOGames
    2010-12-26 03:08 . 2000-07-17 19:41 70088 ----a-w- c:\windows\system32\Project2-1.ocx
    2010-12-26 03:08 . 1999-03-26 05:00 101888 ----a-w- c:\windows\system32\Vb6stkit.dll
    2010-12-26 03:06 . 2011-01-07 02:23 -------- d-----w- c:\program files\eGames
    2010-12-25 22:31 . 2010-12-25 22:31 -------- d-----w- c:\users\Jonathan\AppData\Roaming\Ascaron Entertainment
    2010-12-25 22:22 . 2010-12-25 22:34 -------- d-----w- c:\program files\Cinemaware Marquee
    2010-12-21 18:48 . 2010-12-21 18:48 -------- d-----w- c:\program files\MSECache
    2010-12-16 02:11 . 2011-01-13 17:12 -------- d-----w- c:\windows\rescache

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-01-13 20:11 . 2010-12-04 20:45 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-01-13 20:00 . 2010-12-04 20:42 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-01-13 07:23 . 2010-12-12 01:12 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-01-13 07:23 . 2010-12-12 01:12 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2010-12-14 20:12 . 2010-12-14 20:12 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-6\Microsoft.MediaCenter.Sports.UI.dll
    2010-12-12 01:13 . 2010-12-12 01:13 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2010-12-10 07:54 . 2010-12-10 07:54 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2010-12-04 20:47 . 2010-12-04 20:47 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2010-12-04 20:42 . 2010-12-04 20:42 588096 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2010-11-12 23:53 . 2010-12-04 17:43 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-19 20:51 . 2010-12-01 11:16 222080 ----a-w- c:\windows\system32\MpSigStub.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-12-12 39408]
    "Google Update"="c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-12-12 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
    "MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-12-09 74752]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)

    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 136176]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-03 1343400]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]


    --- Other Services/Drivers In Memory ---

    *Deregistered* - klmd25
    .
    Contents of the 'Scheduled Tasks' folder

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000Core.job
    - c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

    2011-01-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000UA.job
    - c:\users\Jonathan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-12 21:42]

    2011-01-13 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]

    2010-12-27 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.yahoo.com
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\rronn2c0.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
    FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{00F2C0C6-2194-484E-9064-44E57787867B} - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-01-13 18:12:04
    ComboFix-quarantined-files.txt 2011-01-13 23:12

    Pre-Run: 39,254,740,992 bytes free
    Post-Run: 38,949,752,832 bytes free

    - - End Of File - - 129840A52BE096F557EE1BF7E27BA919
     
  10. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Those look fine :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    OTL and extra

    this is the otl txt run 3, extras only happened on run 1. forgot to check all users twice, thats why there was more than one run

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop

    OTL Extras logfile created on: 1/13/2011 7:45:30 PM - Run 1
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 572.00 Mb Available Physical Memory | 56.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 68.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 55.79 Gb Total Space | 36.33 Gb Free Space | 65.12% Space Free | Partition Type: NTFS

    Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
    .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

    [HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
    htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
    Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
    Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = Reg Error: Unknown registry data type -- File not found
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
    "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
    "{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
    "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
    "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
    "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
    "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 23
    "{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
    "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
    "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
    "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{90024193-9F13-4877-89D5-A1CDF0CBBF28}" = Feedback Tool
    "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
    "{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
    "{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
    "{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
    "{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
    "{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
    "{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
    "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
    "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
    "{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
    "{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
    "{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
    "{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
    "{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
    "{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
    "{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
    "{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95140000-007A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
    "{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
    "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
    "{BCB4C18A-ACA6-4383-8688-E19933A705DD}" = Microsoft SOAP Toolkit 3.0
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
    "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
    "{EF98A02A-1748-4762-9B7D-5ED1600520D5}" = Microsoft Security Essentials
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
    "EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Microsoft Security Essentials" = Microsoft Security Essentials
    "Mozilla Firefox 4.0b8 (x86 en-US)" = Mozilla Firefox 4.0b8 (x86 en-US)
    "Office14.PROPLUS" = Microsoft Office Professional Plus 2010
    "Peggle Deluxe" = Peggle Deluxe
    "TV Guide Crosswords" = TV Guide Crosswords
    "uTorrent" = µTorrent
    "Winamp" = Winamp

    ========== HKEY_USERS Uninstall List ==========

    [HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Blingo" = Blingo
    "Extreme Animal Puzzles" = Extreme Animal Puzzles
    "Extreme Bugs Puzzles" = Extreme Bugs Puzzles
    "Extreme Orchid Puzzles" = Extreme Orchid Puzzles
    "Geo Jump" = Geo Jump
    "Google Chrome" = Google Chrome
    "Hangman Wild West II" = Hangman Wild West II
    "Mahjongg Jr." = Mahjongg Jr.
    "Mega Match" = Mega Match
    "Memory Machine" = Memory Machine
    "Puzzle Master 3 SE" = Puzzle Master 3 SE
    "Snakes and Ladders" = Snakes and Ladders
    "Winamp Detect" = Winamp Detector Plug-in

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 1/13/2011 1:05:02 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 48c Start
    Time: 01cbb2df600b2137 Termination Time: 16 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/13/2011 2:14:34 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x414 Faulting application start time: 0x01cbb2e79e5c21fe Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 6392ae52-1edc-11e0-8108-000fb058a757

    Error - 1/13/2011 3:10:12 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0x378 Faulting application start time: 0x01cbb2eeb61825ac Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 295da33c-1ee4-11e0-8a3f-000fb058a757

    Error - 1/13/2011 4:01:39 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
    stamp: 0x4a5bc100 Faulting module name: ntdll.dll, version: 6.1.7600.16385, time
    stamp: 0x4a5bdadb Exception code: 0xc0000005 Fault offset: 0x0006aee7 Faulting process
    id: 0xfc0 Faulting application start time: 0x01cbb2f0edb5447f Faulting application
    path: C:\Windows\system32\svchost.exe Faulting module path: C:\Windows\SYSTEM32\ntdll.dll
    Report
    Id: 592a170f-1eeb-11e0-8a3f-000fb058a757

    Error - 1/13/2011 4:16:22 AM | Computer Name = Jonathan-PC | Source = Application Error | ID = 1000
    Description = Faulting application name: iexplore.exe, version: 9.0.7930.16406,
    time stamp: 0x4c7e0414 Faulting module name: swg.dll_unloaded, version: 0.0.0.0,
    time stamp: 0x4cabdb21 Exception code: 0xc0000005 Fault offset: 0x1000a58e Faulting
    process id: 0xb54 Faulting application start time: 0x01cbb2fa0b473a32 Faulting application
    path: C:\Program Files\Internet Explorer\iexplore.exe Faulting module path: swg.dll
    Report
    Id: 67c2a904-1eed-11e0-8a3f-000fb058a757

    Error - 1/13/2011 4:23:59 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: be4 Start
    Time: 01cbb2f44463ef4c Termination Time: 16 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/13/2011 4:24:38 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: cf4 Start
    Time: 01cbb2fb3a0856ca Termination Time: 32 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/13/2011 4:24:57 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: 468 Start
    Time: 01cbb2fb5168a536 Termination Time: 16 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/13/2011 4:25:21 AM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program iexplore.exe version 9.0.7930.16406 stopped interacting
    with Windows and was closed. To see if more information about the problem is available,
    check the problem history in the Action Center control panel. Process ID: d74 Start
    Time: 01cbb2fb5c95ab16 Termination Time: 47 Application Path: C:\Program Files\Internet
    Explorer\iexplore.exe Report Id:

    Error - 1/13/2011 6:26:50 PM | Computer Name = Jonathan-PC | Source = Application Hang | ID = 1002
    Description = The program setup.exe version 1.0.0.0 stopped interacting with Windows
    and was closed. To see if more information about the problem is available, check
    the problem history in the Action Center control panel. Process ID: 9e8 Start Time:
    01cbb370ce9e3558 Termination Time: 28 Application Path: C:\Users\Jonathan\AppData\Local\Temp\7zSF4D8.tmp\setup.exe

    Report
    Id: 33b8f346-1f64-11e0-b7bf-000fb058a757

    [ Media Center Events ]
    Error - 12/11/2010 6:09:58 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 5:09:58 AM - Error connecting to the internet. 5:09:58 AM - Unable
    to contact server..

    Error - 12/11/2010 6:10:47 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 5:10:45 AM - Error connecting to the internet. 5:10:45 AM - Unable
    to contact server..

    Error - 1/7/2011 3:18:35 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 2:18:35 AM - Error connecting to the internet. 2:18:35 AM - Unable
    to contact server..

    Error - 1/7/2011 3:23:09 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 2:19:23 AM - Error connecting to the internet. 2:19:23 AM - Unable
    to contact server..

    Error - 1/7/2011 4:26:04 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 3:26:04 AM - Error connecting to the internet. 3:26:04 AM - Unable
    to contact server..

    Error - 1/7/2011 4:28:56 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 3:26:52 AM - Error connecting to the internet. 3:26:52 AM - Unable
    to contact server..

    Error - 1/7/2011 5:33:39 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 4:33:39 AM - Error connecting to the internet. 4:33:39 AM - Unable
    to contact server..

    Error - 1/7/2011 5:36:23 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 4:34:26 AM - Error connecting to the internet. 4:34:26 AM - Unable
    to contact server..

    Error - 1/7/2011 6:41:06 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 5:41:06 AM - Error connecting to the internet. 5:41:06 AM - Unable
    to contact server..

    Error - 1/7/2011 6:43:49 AM | Computer Name = Jonathan-PC | Source = MCUpdate | ID = 0
    Description = 5:41:54 AM - Error connecting to the internet. 5:41:54 AM - Unable
    to contact server..

    [ System Events ]
    Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7031
    Description = The Themes service terminated unexpectedly. It has done this 2 time(s).
    The following corrective action will be taken in 60000 milliseconds: Restart the
    service.

    Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7031
    Description = The Windows Management Instrumentation service terminated unexpectedly.
    It has done this 2 time(s). The following corrective action will be taken in
    300000 milliseconds: Restart the service.

    Error - 1/13/2011 4:01:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7034
    Description = The Windows Update service terminated unexpectedly. It has done this
    2 time(s).

    Error - 1/13/2011 4:03:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Server service, but this action
    failed with the following error: %%1056

    Error - 1/13/2011 4:03:40 AM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7032
    Description = The Service Control Manager tried to take a corrective action (Restart
    the service) after the unexpected termination of the Background Intelligent Transfer
    Service service, but this action failed with the following error: %%1056

    Error - 1/13/2011 1:10:38 PM | Computer Name = Jonathan-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/13/2011 1:18:51 PM | Computer Name = Jonathan-PC | Source = DCOM | ID = 10010
    Description =

    Error - 1/13/2011 6:50:53 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/13/2011 6:53:30 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 1/13/2011 7:07:33 PM | Computer Name = Jonathan-PC | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
     
  12. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You just copied my script. I need OTL.txt log.
     
  13. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    otl

    OTL logfile created on: 1/13/2011 8:01:20 PM - Run 3
    OTL by OldTimer - Version 3.2.20.2 Folder = C:\Users\Jonathan\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.7930.16406)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    1,014.00 Mb Total Physical Memory | 412.00 Mb Available Physical Memory | 41.00% Memory free
    2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 55.79 Gb Total Space | 36.33 Gb Free Space | 65.11% Space Free | Partition Type: NTFS

    Computer Name: JONATHAN-PC | User Name: Jonathan | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
    PRC - [2010/12/16 15:45:38 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugin-container.exe
    PRC - [2010/12/16 15:45:26 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox 4.0 Beta 8\firefox.exe
    PRC - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
    PRC - [2010/12/13 08:39:54 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    PRC - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    PRC - [2010/12/12 16:42:59 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    PRC - [2010/01/14 21:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
    PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
    PRC - [2009/07/13 20:14:15 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe


    ========== Modules (SafeList) ==========

    MOD - [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
    MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll
    MOD - [2009/07/13 20:16:15 | 000,099,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sspicli.dll
    MOD - [2009/07/13 20:16:13 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sechost.dll
    MOD - [2009/07/13 20:16:13 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\samcli.dll
    MOD - [2009/07/13 20:16:12 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\profapi.dll
    MOD - [2009/07/13 20:16:03 | 000,022,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\netutils.dll
    MOD - [2009/07/13 20:15:35 | 000,288,256 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\KernelBase.dll
    MOD - [2009/07/13 20:15:13 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dwmapi.dll
    MOD - [2009/07/13 20:15:11 | 000,064,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\devobj.dll
    MOD - [2009/07/13 20:15:07 | 000,036,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cryptbase.dll
    MOD - [2009/07/13 20:15:02 | 000,145,920 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cfgmgr32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - [2010/12/13 08:40:07 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
    SRV - [2010/12/13 08:39:54 | 000,267,944 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
    SRV - [2010/12/03 17:31:51 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
    SRV - [2010/08/16 01:15:05 | 000,804,864 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\FntCache.dll -- (FontCache)
    SRV - [2010/03/25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
    SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/07/13 20:16:21 | 000,185,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wwansvc.dll -- (WwanSvc)
    SRV - [2009/07/13 20:16:17 | 000,151,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\wbiosrvc.dll -- (WbioSrvc)
    SRV - [2009/07/13 20:16:17 | 000,119,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\umpo.dll -- (Power)
    SRV - [2009/07/13 20:16:16 | 000,037,376 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\themeservice.dll -- (Themes)
    SRV - [2009/07/13 20:16:15 | 000,053,760 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sppuinotify.dll -- (sppuinotify)
    SRV - [2009/07/13 20:16:13 | 000,043,520 | ---- | M] (Microsoft Corporation) [Unknown | Running] -- C:\Windows\System32\RpcEpMap.dll -- (RpcEptMapper)
    SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (PNRPsvc)
    SRV - [2009/07/13 20:16:12 | 000,269,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpsvc.dll -- (p2pimsvc)
    SRV - [2009/07/13 20:16:12 | 000,165,376 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\provsvc.dll -- (HomeGroupProvider)
    SRV - [2009/07/13 20:16:12 | 000,020,480 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\pnrpauto.dll -- (PNRPAutoReg)
    SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/07/13 20:15:36 | 000,194,560 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\ListSvc.dll -- (HomeGroupListener)
    SRV - [2009/07/13 20:15:11 | 000,253,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\dhcpcore.dll -- (Dhcp)
    SRV - [2009/07/13 20:15:10 | 000,218,624 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\defragsvc.dll -- (defragsvc)
    SRV - [2009/07/13 20:14:59 | 000,076,800 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\bdesvc.dll -- (BDESVC)
    SRV - [2009/07/13 20:14:58 | 000,088,064 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\AxInstSv.dll -- (AxInstSV) ActiveX Installer (AxInstSV)
    SRV - [2009/07/13 20:14:53 | 000,027,648 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\appidsvc.dll -- (AppIDSvc)
    SRV - [2009/07/13 20:14:29 | 003,179,520 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\System32\sppsvc.exe -- (sppsvc)


    ========== Driver Services (SafeList) ==========

    DRV - [2010/12/13 08:40:21 | 000,135,096 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
    DRV - [2010/12/13 08:40:21 | 000,061,960 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
    DRV - [2010/06/17 14:27:22 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
    DRV - [2009/12/11 02:44:02 | 000,133,720 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\ksecpkg.sys -- (KSecPkg)
    DRV - [2009/09/21 17:58:28 | 001,218,048 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2009/07/13 20:26:21 | 000,015,952 | ---- | M] (CMD Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\cmdide.sys -- (cmdide)
    DRV - [2009/07/13 20:26:17 | 000,297,552 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpahci.sys -- (adpahci)
    DRV - [2009/07/13 20:26:15 | 000,422,976 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adp94xx.sys -- (adp94xx)
    DRV - [2009/07/13 20:26:15 | 000,159,312 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsbs.sys -- (amdsbs)
    DRV - [2009/07/13 20:26:15 | 000,146,512 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\adpu320.sys -- (adpu320)
    DRV - [2009/07/13 20:26:15 | 000,086,608 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arcsas.sys -- (arcsas)
    DRV - [2009/07/13 20:26:15 | 000,079,952 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdsata.sys -- (amdsata)
    DRV - [2009/07/13 20:26:15 | 000,076,368 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\arc.sys -- (arc)
    DRV - [2009/07/13 20:26:15 | 000,023,616 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\amdxata.sys -- (amdxata)
    DRV - [2009/07/13 20:26:15 | 000,014,400 | ---- | M] (Acer Laboratories Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\aliide.sys -- (aliide)
    DRV - [2009/07/13 20:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvstor.sys -- (nvstor)
    DRV - [2009/07/13 20:20:44 | 000,117,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nvraid.sys -- (nvraid)
    DRV - [2009/07/13 20:20:44 | 000,044,624 | ---- | M] (IBM Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\nfrd960.sys -- (nfrd960)
    DRV - [2009/07/13 20:20:37 | 000,089,168 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas.sys -- (LSI_SAS)
    DRV - [2009/07/13 20:20:36 | 000,332,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iaStorV.sys -- (iaStorV)
    DRV - [2009/07/13 20:20:36 | 000,235,584 | ---- | M] (LSI Corporation, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MegaSR.sys -- (MegaSR)
    DRV - [2009/07/13 20:20:36 | 000,096,848 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_scsi.sys -- (LSI_SCSI)
    DRV - [2009/07/13 20:20:36 | 000,095,824 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_fc.sys -- (LSI_FC)
    DRV - [2009/07/13 20:20:36 | 000,054,864 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\lsi_sas2.sys -- (LSI_SAS2)
    DRV - [2009/07/13 20:20:36 | 000,041,040 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\iirsp.sys -- (iirsp)
    DRV - [2009/07/13 20:20:36 | 000,030,800 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\megasas.sys -- (megasas)
    DRV - [2009/07/13 20:20:36 | 000,013,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hwpolicy.sys -- (hwpolicy)
    DRV - [2009/07/13 20:20:28 | 000,453,712 | ---- | M] (Emulex) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\elxstor.sys -- (elxstor)
    DRV - [2009/07/13 20:20:28 | 000,070,720 | ---- | M] (Adaptec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\djsvs.sys -- (aic78xx)
    DRV - [2009/07/13 20:20:28 | 000,067,152 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\HpSAMD.sys -- (HpSAMD)
    DRV - [2009/07/13 20:20:28 | 000,046,160 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\fsdepends.sys -- (FsDepends)
    DRV - [2009/07/13 20:19:11 | 000,141,904 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vsmraid.sys -- (vsmraid)
    DRV - [2009/07/13 20:19:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vmbus.sys -- (vmbus)
    DRV - [2009/07/13 20:19:10 | 000,159,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vhdmp.sys -- (vhdmp)
    DRV - [2009/07/13 20:19:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vmstorfl.sys -- (storflt)
    DRV - [2009/07/13 20:19:10 | 000,032,832 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\vdrvroot.sys -- (vdrvroot)
    DRV - [2009/07/13 20:19:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\storvsc.sys -- (storvsc)
    DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\wimmount.sys -- (WIMMount)
    DRV - [2009/07/13 20:19:10 | 000,016,976 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\viaide.sys -- (viaide)
    DRV - [2009/07/13 20:19:04 | 001,383,488 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql2300.sys -- (ql2300)
    DRV - [2009/07/13 20:19:04 | 000,173,648 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\rdyboost.sys -- (rdyboost)
    DRV - [2009/07/13 20:19:04 | 000,106,064 | ---- | M] (QLogic Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\ql40xx.sys -- (ql40xx)
    DRV - [2009/07/13 20:19:04 | 000,077,888 | ---- | M] (Silicon Integrated Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\sisraid4.sys -- (SiSRaid4)
    DRV - [2009/07/13 20:19:04 | 000,043,088 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\pcw.sys -- (pcw)
    DRV - [2009/07/13 20:19:04 | 000,040,016 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\SiSRaid2.sys -- (SiSRaid2)
    DRV - [2009/07/13 20:19:04 | 000,021,072 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\stexstor.sys -- (stexstor)
    DRV - [2009/07/13 20:17:54 | 000,369,568 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\cng.sys -- (CNG)
    DRV - [2009/07/13 19:57:25 | 000,272,128 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\Brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
    DRV - [2009/07/13 19:02:41 | 000,018,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rdpbus.sys -- (rdpbus)
    DRV - [2009/07/13 19:01:41 | 000,007,168 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\RDPREFMP.sys -- (RDPREFMP)
    DRV - [2009/07/13 18:55:00 | 000,049,152 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\agilevpn.sys -- (RasAgileVpn) WAN Miniport (IKEv2)
    DRV - [2009/07/13 18:53:51 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\wfplwf.sys -- (WfpLwf)
    DRV - [2009/07/13 18:52:44 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ndiscap.sys -- (NdisCap)
    DRV - [2009/07/13 18:52:04 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vwififlt.sys -- (vwififlt)
    DRV - [2009/07/13 18:52:02 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifibus.sys -- (vwifibus)
    DRV - [2009/07/13 18:52:00 | 000,163,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\1394ohci.sys -- (1394ohci)
    DRV - [2009/07/13 18:51:35 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\umpass.sys -- (UmPass)
    DRV - [2009/07/13 18:51:08 | 000,004,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mshidkmdf.sys -- (mshidkmdf)
    DRV - [2009/07/13 18:46:55 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\MTConfig.sys -- (MTConfig)
    DRV - [2009/07/13 18:45:26 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CompositeBus.sys -- (CompositeBus)
    DRV - [2009/07/13 18:36:52 | 000,050,176 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\appid.sys -- (AppID)
    DRV - [2009/07/13 18:33:50 | 000,026,624 | ---- | M] (Microsoft Corporation) [Kernel | Unknown | Stopped] -- C:\Windows\System32\drivers\scfilter.sys -- (scfilter)
    DRV - [2009/07/13 18:28:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\vms3cap.sys -- (s3cap)
    DRV - [2009/07/13 18:28:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/13 18:24:05 | 000,032,256 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\discache.sys -- (discache)
    DRV - [2009/07/13 18:16:36 | 000,009,728 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\acpipmi.sys -- (AcpiPmi)
    DRV - [2009/07/13 18:11:04 | 000,052,736 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\amdppm.sys -- (AmdPPM)
    DRV - [2009/07/13 17:54:14 | 000,026,624 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\hcw85cir.sys -- (hcw85cir)
    DRV - [2009/07/13 17:53:33 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbMdm.sys -- (BrUsbMdm)
    DRV - [2009/07/13 17:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrUsbSer.sys -- (BrUsbSer)
    DRV - [2009/07/13 17:53:32 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\Drivers\BrSerWdm.sys -- (BrSerWdm)
    DRV - [2009/07/13 17:53:28 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltLo.sys -- (BrFiltLo)
    DRV - [2009/07/13 17:53:28 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\BrFiltUp.sys -- (BrFiltUp)
    DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
    DRV - [2009/07/13 17:02:49 | 000,229,888 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\b57nd60x.sys -- (b57nd60x)
    DRV - [2009/07/13 17:02:48 | 003,100,160 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\evbdx.sys -- (ebdrv)
    DRV - [2009/07/13 17:02:48 | 000,430,080 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\DRIVERS\bxvbdx.sys -- (b06bdrv)
    DRV - [2008/08/05 00:56:27 | 002,278,784 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com


    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
    IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultenginename: "Google"
    FF - prefs.js..browser.startup.homepage: "http://www.msn.com/"
    FF - prefs.js..keyword.URL: "http://www.google.com/search?sourceid=navclient&hl=en&q="
    FF - prefs.js..network.proxy.type: 0

    FF - HKLM\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/12/12 16:42:47 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 8\components [2011/01/13 17:25:55 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 4.0b8\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 8\plugins

    [2011/01/13 17:36:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Extensions
    [2011/01/13 17:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\sp3jt2d3.default\extensions
    [2011/01/13 17:35:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jonathan\AppData\Roaming\Mozilla\Firefox\Profiles\sp3jt2d3.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    [2011/01/13 17:35:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/01/07 00:24:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    File not found (No name found) --
    [2011/01/13 17:25:52 | 000,000,000 | ---D | M] (Feedback) -- C:\PROGRAM FILES\MOZILLA FIREFOX 4.0 BETA 8\EXTENSIONS\TESTPILOT@LABS.MOZILLA.COM
    [2010/12/12 16:42:47 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\PROGRAMDATA\GOOGLE\TOOLBAR FOR FIREFOX\{3112CA9C-DE6D-4884-A869-9855DE68056C}
    [2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/12/09 05:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

    O1 HOSTS File: ([2011/01/09 22:03:46 | 000,001,093 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 www.8minutedating.com
    O1 - Hosts: 127.0.0.1 whysohardx.com
    O1 - Hosts: 127.0.0.1 protectyourpc-11.com
    O1 - Hosts: 127.0.0.1 checkserverstatux.com
    O1 - Hosts: 127.0.0.1 xinmin.cn
    O1 - Hosts: 127.0.0.1 xy95.cn
    O1 - Hosts: 127.0.0.1 koralda.com
    O1 - Hosts: 127.0.0.1 weirden.com
    O1 - Hosts: 127.0.0.1 nanocloudcontroller.com
    O1 - Hosts: 127.0.0.1 coo0lnet.net
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll (Google Inc.)
    O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
    O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
    O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
    O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [MSSE] c:\Program Files\Microsoft Security Essentials\msseces.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
    O4 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
    O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
    O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
    O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
     
  14. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    otl part2

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found
    NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation)
    NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation)

    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)


    ========== Files/Folders - Created Within 30 Days ==========

    [2011/01/13 19:36:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
    [2011/01/13 18:12:07 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/01/13 18:10:04 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2011/01/13 17:51:37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/01/13 17:51:37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/01/13 17:51:37 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/01/13 17:51:27 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/01/13 17:50:55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/01/13 17:50:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
    [2011/01/13 17:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox 4.0 Beta 8
    [2011/01/13 17:25:49 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox 4.0 Beta 8
    [2011/01/13 17:02:07 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Desktop\tdsskiller
    [2011/01/13 01:18:55 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Avira
    [2011/01/13 01:08:24 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Malwarebytes
    [2011/01/13 01:08:05 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2011/01/13 01:08:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/01/13 01:08:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/01/13 01:07:59 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/01/13 01:07:59 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/01/13 01:06:25 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/13 00:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    [2011/01/13 00:16:44 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
    [2011/01/13 00:16:43 | 000,135,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
    [2011/01/13 00:16:43 | 000,061,960 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
    [2011/01/13 00:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
    [2011/01/13 00:16:41 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
    [2011/01/12 23:19:01 | 000,000,000 | ---D | C] -- C:\Program Files\Feedback Tool
    [2011/01/09 17:17:50 | 000,000,000 | ---D | C] -- C:\Windows\System32\DRVSTORE
    [2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
    [2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
    [2011/01/09 17:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
    [2011/01/09 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
    [2011/01/09 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
    [2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
    [2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
    [2011/01/09 16:52:23 | 000,000,000 | ---D | C] -- C:\Config.Msi
    [2011/01/07 10:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\BDLogging
    [2011/01/07 02:40:52 | 000,000,000 | ---D | C] -- C:\294a13f0dec86ff325e1
    [2011/01/07 00:05:30 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
    [2011/01/06 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
    [2011/01/06 23:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
    [2011/01/06 23:32:42 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\QuickScan
    [2011/01/06 23:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BitDefender
    [2011/01/06 14:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/01/06 14:30:41 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/01/06 14:17:47 | 000,000,000 | ---D | C] -- C:\Windows\Sun
    [2011/01/06 08:50:20 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
    [2010/12/31 15:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe
    [2010/12/31 15:58:27 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Adobe Scripts
    [2010/12/31 14:36:25 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Media Player
    [2010/12/31 14:36:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
    [2010/12/31 01:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\uTorrent
    [2010/12/31 01:27:40 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
    [2010/12/26 23:03:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
    [2010/12/25 23:10:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Hulabee
    [2010/12/25 23:01:06 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Local\RadonLabs
    [2010/12/25 22:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
    [2010/12/25 22:14:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eGames
    [2010/12/25 22:08:59 | 000,070,088 | ---- | C] (xx) -- C:\Windows\System32\Project2-1.ocx
    [2010/12/25 22:06:27 | 000,000,000 | ---D | C] -- C:\Program Files\eGames
    [2010/12/25 17:32:23 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
    [2010/12/25 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Ascaron Entertainment
    [2010/12/25 17:31:03 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\AppData\Roaming\Ascaron Entertainment
    [2010/12/25 17:25:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinemaware Marquee
    [2010/12/25 17:22:08 | 000,000,000 | ---D | C] -- C:\Users\Jonathan\Documents\Cinemaware Marquee
    [2010/12/25 17:22:00 | 000,000,000 | ---D | C] -- C:\Program Files\Cinemaware Marquee
    [2010/12/21 13:52:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
    [2010/12/21 13:48:29 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache
    [2010/12/15 21:11:33 | 000,000,000 | ---D | C] -- C:\Windows\rescache

    ========== Files - Modified Within 30 Days ==========

    [2011/01/13 19:47:12 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe
    [2011/01/13 19:09:00 | 000,000,920 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000UA.job
    [2011/01/13 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job
    [2011/01/13 17:47:11 | 004,154,145 | R--- | M] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
    [2011/01/13 17:43:44 | 000,080,384 | ---- | M] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
    [2011/01/13 17:25:57 | 000,002,061 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/01/13 17:25:57 | 000,002,037 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/01/13 17:10:56 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/01/13 17:10:56 | 000,016,384 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/01/13 17:09:01 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2741316650-2310179391-170530555-1000Core.job
    [2011/01/13 17:05:33 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/01/13 17:05:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/01/13 17:05:03 | 797,827,072 | -HS- | M] () -- C:\hiberfil.sys
    [2011/01/13 17:01:14 | 001,231,390 | ---- | M] () -- C:\Users\Jonathan\Desktop\tdsskiller.zip
    [2011/01/13 01:21:59 | 000,581,108 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2011/01/13 01:17:44 | 000,296,448 | ---- | M] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
    [2011/01/13 01:08:05 | 000,001,027 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/13 01:07:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/13 00:17:03 | 000,001,972 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/12 23:28:28 | 000,001,367 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/01/12 16:37:59 | 180,021,366 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/01/09 22:03:46 | 000,001,093 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/01/07 18:03:23 | 000,000,140 | ---- | M] () -- C:\ProgramData\search_result.xml
    [2011/01/07 15:04:37 | 003,013,203 | ---- | M] () -- C:\Users\Jonathan\Desktop\BDSP_JONATHAN-PC_2011_01_07_15_04.zip
    [2011/01/06 23:56:27 | 000,000,415 | ---- | M] () -- C:\Windows\System32\user_gensett.xml
    [2011/01/06 21:09:16 | 000,066,285 | ---- | M] () -- C:\Users\Jonathan\Documents\virepot.docx
    [2011/01/01 11:21:49 | 003,762,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
    [2010/12/31 01:40:52 | 000,012,743 | ---- | M] () -- C:\Users\Jonathan\Desktop\key code photo.docx
    [2010/12/31 01:28:27 | 000,000,897 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/12/31 01:28:27 | 000,000,873 | ---- | M] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/12/27 00:06:12 | 000,000,424 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Update Version3.job
    [2010/12/25 23:20:32 | 000,000,049 | ---- | M] () -- C:\Windows\extreme.ini
    [2010/12/25 23:20:28 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Orchid Puzzles.lnk
    [2010/12/25 23:19:19 | 000,001,056 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Bugs Puzzles.lnk
    [2010/12/25 23:18:07 | 000,001,103 | ---- | M] () -- C:\Users\Public\Desktop\Puzzle Master 3 SE.lnk
    [2010/12/25 23:15:30 | 000,000,023 | ---- | M] () -- C:\Windows\Memory.INI
    [2010/12/25 23:15:29 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Memory Machine.lnk
    [2010/12/25 23:14:55 | 000,001,059 | ---- | M] () -- C:\Users\Public\Desktop\Mega Match.lnk
    [2010/12/25 23:10:06 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\Mahjongg Jr..lnk
    [2010/12/25 23:06:31 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\Geo Jump.lnk
    [2010/12/25 22:58:26 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Viva Game Center.lnk
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/12/25 22:43:36 | 000,001,077 | ---- | M] () -- C:\Users\Public\Desktop\Extreme Animal Puzzles.lnk
    [2010/12/25 22:32:34 | 000,001,012 | ---- | M] () -- C:\Users\Public\Desktop\Blingo.lnk
    [2010/12/25 22:29:42 | 000,001,135 | ---- | M] () -- C:\Users\Public\Desktop\Snakes and Ladders.lnk
    [2010/12/25 22:14:09 | 000,001,054 | ---- | M] () -- C:\Users\Public\Desktop\Hangman Wild West II.lnk
    [2010/12/21 13:52:27 | 000,001,061 | ---- | M] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
    [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2010/12/19 11:31:20 | 000,103,424 | ---- | M] () -- C:\Users\Jonathan\Documents\b card gary.pub
    [2010/12/15 17:42:36 | 000,002,661 | ---- | M] () -- C:\Users\Jonathan\Desktop\Microsoft Word 2010.lnk

    ========== Files Created - No Company Name ==========

    [2011/01/13 17:51:37 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/01/13 17:51:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/01/13 17:51:37 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/01/13 17:51:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/01/13 17:51:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/01/13 17:46:54 | 004,154,145 | R--- | C] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
    [2011/01/13 17:43:42 | 000,080,384 | ---- | C] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
    [2011/01/13 17:25:57 | 000,002,061 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/01/13 17:25:57 | 000,002,037 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox 4.0 Beta 8.lnk
    [2011/01/13 17:01:13 | 001,231,390 | ---- | C] () -- C:\Users\Jonathan\Desktop\tdsskiller.zip
    [2011/01/13 01:17:44 | 000,296,448 | ---- | C] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
    [2011/01/13 01:08:05 | 000,001,027 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/01/13 00:17:03 | 000,001,972 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
    [2011/01/12 23:22:57 | 000,072,533 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011/01/07 18:01:13 | 000,000,140 | ---- | C] () -- C:\ProgramData\search_result.xml
    [2011/01/07 15:04:29 | 003,013,203 | ---- | C] () -- C:\Users\Jonathan\Desktop\BDSP_JONATHAN-PC_2011_01_07_15_04.zip
    [2011/01/07 00:05:12 | 180,021,366 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/01/06 23:56:27 | 000,000,415 | ---- | C] () -- C:\Windows\System32\user_gensett.xml
    [2011/01/06 23:31:28 | 000,581,108 | ---- | C] () -- C:\ProgramData\bdinstall.bin
    [2011/01/06 21:09:14 | 000,066,285 | ---- | C] () -- C:\Users\Jonathan\Documents\virepot.docx
    [2010/12/31 01:40:51 | 000,012,743 | ---- | C] () -- C:\Users\Jonathan\Desktop\key code photo.docx
    [2010/12/31 01:28:27 | 000,000,897 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
    [2010/12/31 01:28:27 | 000,000,873 | ---- | C] () -- C:\Users\Public\Desktop\µTorrent.lnk
    [2010/12/25 23:20:32 | 000,000,049 | ---- | C] () -- C:\Windows\extreme.ini
    [2010/12/25 23:20:28 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Orchid Puzzles.lnk
    [2010/12/25 23:19:19 | 000,001,056 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Bugs Puzzles.lnk
    [2010/12/25 23:18:07 | 000,001,103 | ---- | C] () -- C:\Users\Public\Desktop\Puzzle Master 3 SE.lnk
    [2010/12/25 23:15:30 | 000,000,023 | ---- | C] () -- C:\Windows\Memory.INI
    [2010/12/25 23:15:29 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Memory Machine.lnk
    [2010/12/25 23:14:55 | 000,001,059 | ---- | C] () -- C:\Users\Public\Desktop\Mega Match.lnk
    [2010/12/25 23:10:06 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\Mahjongg Jr..lnk
    [2010/12/25 23:06:31 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\Geo Jump.lnk
    [2010/12/25 22:58:26 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Viva Game Center.lnk
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2010/12/25 22:43:35 | 000,001,077 | ---- | C] () -- C:\Users\Public\Desktop\Extreme Animal Puzzles.lnk
    [2010/12/25 22:32:34 | 000,001,012 | ---- | C] () -- C:\Users\Public\Desktop\Blingo.lnk
    [2010/12/25 22:29:42 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\Snakes and Ladders.lnk
    [2010/12/25 22:14:09 | 000,001,054 | ---- | C] () -- C:\Users\Public\Desktop\Hangman Wild West II.lnk
    [2010/12/21 13:52:27 | 000,001,061 | ---- | C] () -- C:\Users\Jonathan\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk
    [2010/12/19 11:24:49 | 000,103,424 | ---- | C] () -- C:\Users\Jonathan\Documents\b card gary.pub
    [2010/12/01 05:30:46 | 000,156,672 | ---- | C] () -- C:\Windows\System32\RTLCPAPI.dll
    [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
    [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
    [2007/01/31 13:50:32 | 000,913,408 | ---- | C] () -- C:\Windows\System32\xreglib.dll

    ========== LOP Check ==========

    [2010/12/25 17:31:03 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Ascaron Entertainment
    [2010/12/03 18:23:44 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\DriverCure
    [2010/12/25 23:10:08 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Hulabee
    [2010/12/12 13:07:31 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\Oberon Media
    [2011/01/06 23:32:42 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\QuickScan
    [2011/01/06 21:23:20 | 000,000,000 | ---D | M] -- C:\Users\Jonathan\AppData\Roaming\uTorrent
    [2011/01/13 18:00:00 | 000,000,450 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Registration3.job
    [2010/12/27 00:06:12 | 000,000,424 | ---- | M] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job
    [2011/01/13 03:01:39 | 000,032,600 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2011/01/13 01:20:18 | 000,014,024 | ---- | M] () -- C:\bdlog.txt
    [2011/01/13 18:12:05 | 000,013,319 | ---- | M] () -- C:\ComboFix.txt
    [2009/06/10 16:42:20 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/01/13 17:05:03 | 797,827,072 | -HS- | M] () -- C:\hiberfil.sys
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2010/12/25 22:43:47 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/01/13 17:05:04 | 1073,741,824 | -HS- | M] () -- C:\pagefile.sys
    [2011/01/13 17:03:21 | 000,060,650 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_13.01.2011_17.02.23_log.txt
    [2011/01/13 17:18:27 | 000,001,980 | ---- | M] () -- C:\TDSSKiller.2.4.13.0_13.01.2011_17.18.21_log.txt

    < %systemroot%\Fonts\*.com >
    [2009/07/13 23:52:25 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 23:52:25 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 23:52:25 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 16:31:19 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2009/07/13 20:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
    [2009/07/13 20:16:19 | 000,029,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 23:41:57 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/01/12 23:28:28 | 000,000,221 | -HS- | M] () -- C:\Users\Jonathan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/01/13 01:17:44 | 000,296,448 | ---- | M] () -- C:\Users\Jonathan\Desktop\b3u3knj1.exe
    [2011/01/13 17:47:11 | 004,154,145 | R--- | M] () -- C:\Users\Jonathan\Desktop\ComboFix.exe
    [2011/01/13 01:07:12 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Jonathan\Desktop\mbam-setup-1.50.1.1100.exe
    [2011/01/13 17:43:44 | 000,080,384 | ---- | M] () -- C:\Users\Jonathan\Desktop\MBRCheck.exe
    [2011/01/13 19:36:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Jonathan\Desktop\OTL.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 16:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\addins\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/12/09 15:31:48 | 000,000,402 | -HS- | M] () -- C:\Users\Jonathan\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/01/13 01:21:59 | 000,581,108 | ---- | M] () -- C:\ProgramData\bdinstall.bin
    [2011/01/07 18:03:23 | 000,000,140 | ---- | M] () -- C:\ProgramData\search_result.xml

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Files - Unicode (All) ==========
    [2011/01/13 01:22:00 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
    [2011/01/13 01:20:22 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8BCBFAE0

    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You're running two AV programs, Microsoft Security Essentials and Avira.
    One of them has to go. Your choice.

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
      O3 - HKU\S-1-5-21-2741316650-2310179391-170530555-1000\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
      [2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
      [2011/01/09 17:17:41 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
      [2011/01/09 17:15:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
      [2011/01/09 17:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Norton 360
      [2011/01/09 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
      [2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
      [2011/01/09 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
      @Alternate Data Stream - 199 bytes -> C:\ProgramData\TEMP:8BCBFAE0
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    =======================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • IMPORTANT! UN-check Remove found threats
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, push List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
     
  16. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    logs

    Here are the last 2 logs OTL & checkup. No threats were found by the online scan.

    I was also wondering. during the online scan I saw several files being scanned for bit defender and other programs that I thought i had uninstalled and gotten rid of, how can i make sure that files and folders related to uninstalled programs are deleted.

    Again thank you so much for all of your help. the computer has been working great.


    All processes killed
    ========== OTL ==========
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_USERS\S-1-5-21-2741316650-2310179391-170530555-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972}\ not found.
    C:\Program Files\Common Files\Symantec Shared\EENGINE folder moved successfully.
    C:\Program Files\Common Files\Symantec Shared folder moved successfully.
    C:\Program Files\Symantec folder moved successfully.
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.33\16\02 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.33\16 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.33 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\1f\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\1f folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\1d\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\1d folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\19\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\19 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\16\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\16 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\15\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\15 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\14\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\14 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\13\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\13 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\12\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\12 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\11\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\11 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\10\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\10 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0e\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0e folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0c\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0c folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0b\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0b folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0a\03 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\0a folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\09\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\09 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\07\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\07 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\06\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\06 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\05\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\05 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\04\02 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\04\01 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32\04 folder moved successfully.
    C:\Program Files\Norton 360\MUI\4.1.0.32 folder moved successfully.
    C:\Program Files\Norton 360\MUI folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\x86\x86 folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\x86 folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\spmanifests folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\microsoft.vc90.crt folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\jobs folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\images folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\ccglog folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\ccgevt\global folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\ccgevt folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\cache\tificocs.symantec.com folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12\cache folder moved successfully.
    C:\Program Files\Norton 360\Engine\4.2.0.12 folder moved successfully.
    C:\Program Files\Norton 360\Engine folder moved successfully.
    C:\Program Files\Norton 360\Branding\zh-CN folder moved successfully.
    C:\Program Files\Norton 360\Branding\nl-NL folder moved successfully.
    C:\Program Files\Norton 360\Branding\fr-FR folder moved successfully.
    C:\Program Files\Norton 360\Branding\en-US folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\1F\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\1F folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\1D\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\1D folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\19\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\19 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\16\02 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\16\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\16 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\15\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\15 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\14\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\14 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\13\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\13 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\12\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\12 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\11\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\11 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\10\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\10 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0E\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0E folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0C\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0C folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0B\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0B folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0A\03 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\0A folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\09\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\09 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\07\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\07 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\06\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\06 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\05\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\05 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\04\02 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\04\01 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127\04 folder moved successfully.
    C:\Program Files\Norton 360\Branding\4.0.0.127 folder moved successfully.
    C:\Program Files\Norton 360\Branding folder moved successfully.
    C:\Program Files\Norton 360 folder moved successfully.
    Folder move failed. C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp scheduled to be moved on reboot.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\Quarantine folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\symnetdrv folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SymDS\Temp folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SymDS folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SRTSP folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\SPManifests folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QuickStart folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QBackup\{8796FA8A-8E61-44BB-9755-B9E8BEE9C1D8} folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\QBackup folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Product folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1f\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1f folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1d\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\1d folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\19\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\19 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16\02 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\16 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\15\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\15 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\14\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\14 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\13\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\13 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\12\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\12 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\11\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\11 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\10\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\10 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0e\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0e folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0c\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0c folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0b\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0b folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0a\03 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\0a folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\09\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\09 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\07\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\07 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\06\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\06 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\05\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\05 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04\02 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04\01 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS\04 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\OCS folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NUM folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NPC folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NCW folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\NCO folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\LuReg folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\LUFallback folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Logs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue\Downloads folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Lue folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Logs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IRON folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome\skin folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn\chrome folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPSFFPlgn folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\IPS folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\Tasks folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\SCD folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement\Queue folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\ErrorManagement folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\DuLuCbkPkg folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\diStRptr folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs\20110110.001 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\WebProtectionDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\TextHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\tagfiles folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110109.003 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs\20110107.009 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronWhitelistDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs\20100908.040 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronSettingsDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs\20110107.032 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IronRevocationDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110107.002 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20101123.003 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\newdefs-trigger folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\BinHub folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs\20110109.022 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\AntispamDefs folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Connections folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\content folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\components folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome\skin folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn\chrome folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\coFFPlgn folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\_lck folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ErrorInstances folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccSubSDK folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccSetMgr folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccJobMgr folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGLog folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGEvt\Global folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt\ccGEvt folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CmnClnt folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\BASH folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Backup folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\AntiSpam folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127 folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\LocalDumps folder moved successfully.
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7} folder moved successfully.
    C:\ProgramData\Norton\00000082\0000010f\000004b6 folder moved successfully.
    C:\ProgramData\Norton\00000082\0000010f folder moved successfully.
    C:\ProgramData\Norton\00000082 folder moved successfully.
    C:\ProgramData\Norton folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-21h20m54s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-20h08m17s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m32s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m27s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m23s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m17s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m12s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m08s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h28m04s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m59s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m54s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m50s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m45s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m41s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m36s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m31s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m25s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m20s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m15s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m10s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h27m04s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m59s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m58s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h26m52s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h15m19s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs\2011-01-09-17h15m09s folder moved successfully.
    C:\ProgramData\NortonInstaller\Logs folder moved successfully.
    C:\ProgramData\NortonInstaller folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\_lck folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1f\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1f folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1d\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\1d folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\19\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\19 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16\02 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\16 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\15\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\15 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\14\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\14 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\13\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\13 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\12\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\12 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\11\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\11 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\10\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\10 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0e\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0e folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0c\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0c folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0b\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0b folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0a\03 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\0a folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\09\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\09 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\07\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\07 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\06\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\06 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\05\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\05 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04\02 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04\01 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12\04 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02\4.2.0.12 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360\A5E82D02 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360 folder moved successfully.
    C:\Program Files\NortonInstaller\{0C55C096-0F1D-4F28-AAA2-85EF591126E7} folder moved successfully.
    C:\Program Files\NortonInstaller folder moved successfully.
    ADS C:\ProgramData\TEMP:8BCBFAE0 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jonathan
    ->Temp folder emptied: 806772 bytes
    ->Temporary Internet Files folder emptied: 50390535 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 70727776 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 48090 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 395966 bytes

    Total Files Cleaned = 117.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jonathan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.20.2 log created on 01132011_210129

    Files\Folders moved on Reboot...
    File\Folder C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\SRTSP\SrtETmp not found!

    Registry entries deleted on Reboot...

    Results of screen317's Security Check version 0.99.7
    Windows 7 (UAC is enabled)
    Internet Explorer 8
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    Avira AntiVir Personal - Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    Avira successfully updated!
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 23
    Out of date Java installed!
    Adobe Flash Player 10.1.102.64
    Adobe Reader X
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    Avira Antivir avgnt.exe
    Avira Antivir avguard.exe
    ``````````End of Log````````````
     
  17. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Those files are not active, just taking space. If you want to get rid of them, there is no other way, but just through a search.

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. Run defrag at your convenience.

    11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    12. Please, let me know, how your computer is doing.
     
  18. jonnyd1013

    jonnyd1013 TS Rookie Topic Starter

    running great thanks will update if anything changes

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Jonathan
    ->Temp folder emptied: 1197 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 51580959 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 566 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 49.00 mb


    [EMPTYFLASH]

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Jonathan
    ->Flash cache emptied: 0 bytes

    User: Public

    Total Flash Files Cleaned = 0.00 mb



    OTL by OldTimer - Version 3.2.20.2 log created on 01132011_233349

    Files\Folders moved on Reboot...

    Registry entries deleted on Reboot...
     
  19. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Way to go!! [​IMG]
    Good luck and stay safe :)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...