Iexplore.exe malware and search redirect

Solved
By Jeckz
Oct 22, 2011
  1. Hello, sadly my gf's laptop has gotten the false iexplore.exe malware and search redirecting on all of her web browsers. I've done some research about it and found this forum to be very helpful to others with the same problem. Here are my logs:

    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 7991

    Windows 6.0.6001 Service Pack 1
    Internet Explorer 8.0.6001.19019

    10/21/2011 11:51:54 PM
    mbam-log-2011-10-21 (23-51-54).txt

    Scan type: Quick scan
    Objects scanned: 185856
    Time elapsed: 5 minute(s), 10 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.6001.19019 BrowserJavaVersion: 1.6.0_29
    Run by Bianca Castro at 1:05:47 on 2011-10-22
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3062.1537 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Citrix\ICA Client\ssonsvr.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\aol\1202607635\ee\aolsoftware.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\tbh\monitor\bin\tbhMonitor.exe
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    c:\Program Files\tbh\base\bin\tbhDaemon.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\tbh\base\bin\tbhSystray.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\sttray.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\AIM\aim.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\AVG\AVG2012\avgcfgex.exe
    C:\Program Files\AVG\AVG2012\avgui.exe
    C:\Program Files\AVG\AVG2012\avgcfgex.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    c:\program files\aol\aim toolbar 5.0\AolTbServer.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://mp3tubetoolbar.com/?tmp=toolbar_Mp3Tube_homepage&prt=pinballtbfour04ie&clid=3a386806a6b54f77adf782a6b9a43898
    uDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    uInternet Settings,ProxyOverride = *.local
    mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    mURLSearchHooks: AOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
    mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
    BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
    BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: AIM Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
    TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [HostManager] c:\program files\common files\aol\1202607635\ee\AOLSoftware.exe
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [tbhSystray] c:\program files\tbh\base\bin\tbhSystray.exe
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SigmatelSysTrayApp] sttray.exe
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &AIM Search - c:\program files\aol\aim toolbar 5.0\resources\en-us\local\search.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aim toolbar 5.0\aoltb.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    LSP: c:\windows\system32\wpclsp.dll
    DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{ADF67151-6190-40DF-9538-0890B562DCC8} : DhcpNameServer = 192.168.1.1
    Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\8.0.1\ViProtocol.dll
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\bianca castro\appdata\roaming\mozilla\firefox\profiles\imqlk0rr.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - about:home
    FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dc5a9b7&v=7.008.031.001&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\program files\avg\avg10\firefox4\components\avgssff4.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
    FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\users\bianca castro\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\bianca castro\appdata\roaming\mozilla\plugins\npoctoshape.dll
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2011-7-11 23120]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-9-13 32592]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 229840]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 40016]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 295248]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2011-8-2 192776]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-10-20 366152]
    R2 tbhMonitor.exe;The Browser Highlighter Monitor;c:\program files\tbh\monitor\bin\tbhMonitor.exe [2010-5-24 70952]
    R2 vToolbarUpdater;vToolbarUpdater;c:\program files\common files\avg secure search\vtoolbarupdater\8.0.1\ToolbarUpdater.exe [2011-10-20 246600]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2011-7-11 134736]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2011-7-11 24272]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2011-7-11 16720]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-10-20 22216]
    R3 MRVW147;Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x);c:\windows\system32\drivers\MRVW147.sys [2009-1-5 534016]
    R3 uwldrpow;uwldrpow;c:\users\bianca~1\appdata\local\temp\uwldrpow.sys [2011-10-21 100864]
    S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\AVGIDSAgent.exe [2011-9-12 5265248]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1ca2841d4b46501;Google Update Service (gupdate1ca2841d4b46501);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-5-7 1025352]
    S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-11-20 30192]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-8-28 133104]
    S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== Created Last 30 ================
    .
    2011-10-21 16:05:14 -------- d-----w- c:\windows\system32\EventProviders
    2011-10-21 15:40:46 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
    2011-10-21 15:39:59 66560 ----a-w- c:\windows\system32\wextract.exe
    2011-10-21 15:01:48 -------- d-----w- c:\program files\MALWAREBYTES ANTI-MALWARE
    2011-10-21 02:16:13 -------- d-----w- c:\program files\common files\AVG Secure Search
    2011-10-21 02:16:11 -------- d-----w- c:\program files\AVG Secure Search
    2011-10-21 02:14:31 -------- d-----w- c:\users\bianca castro\appdata\roaming\AVG2012
    2011-10-21 02:13:33 -------- d-----w- c:\programdata\AVG2012
    2011-10-21 01:50:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-10-21 01:46:26 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-21 01:46:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2011-10-20 23:37:51 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2011-10-20 23:37:51 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2011-10-20 23:36:43 -------- d-----w- c:\users\bianca castro\appdata\roaming\SUPERAntiSpyware.com
    2011-10-20 23:36:19 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-10-20 23:36:19 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-10-20 20:40:43 -------- d-----w- C:\$RECYCLE(2).BIN
    2011-10-20 20:12:10 -------- d-----w- c:\users\bianca castro\appdata\local\temp(1130)
    2011-10-20 19:31:34 -------- d-----w- C:\ComboFix
    2011-10-20 06:09:02 -------- d-----w- c:\users\bianca castro\appdata\roaming\Malwarebytes
    2011-10-20 06:08:51 -------- d-----w- c:\programdata\Malwarebytes
    2011-10-20 04:14:00 -------- d-----w- c:\program files\PC Tools Security
    2011-10-19 22:58:10 -------- d-----w- C:\PC Tools Spyware Doctor Enterprise
    2011-10-18 02:28:32 -------- d-sh--w- c:\users\bianca castro\appdata\local\b03d3e64
    .
    ==================== Find3M ====================
    .
    2011-10-03 09:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2011-09-13 10:30:10 32592 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
    .
    ============= FINISH: 1:12:48.35 ===============
  2. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft® Windows Vista™ Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 11/20/2007 12:00:34 AM
    System Uptime: 10/21/2011 10:38:10 PM (3 hours ago)
    .
    Motherboard: Gateway | |
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 1667/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 171.158 GiB free.
    D: is FIXED (NTFS) - 11 GiB total, 3.843 GiB free.
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP442: 10/21/2011 12:07:49 PM - Windows Vista™ Service Pack 2
    RP443: 10/21/2011 9:40:07 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Activation Assistant for the 2007 Microsoft Office suites
    Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 8.1.2
    Adobe Reader 8.1.2 Security Update 1 (KB403742)
    Adobe Shockwave Player
    Agere Systems HDA Modem
    AIM 7
    AIM Toolbar 5.0
    Aleks 3.14
    AOL Uninstaller (Choose which Products to Remove)
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Auslogics Disk Defrag
    AVG 2012
    BigFix
    BlackBerry Desktop Software 5.0.1
    Bonjour
    Browser Address Error Redirector
    Browser Highlighter - Firefox
    Camera Assistant Software for Gateway
    CCleaner
    Citrix Presentation Server Client
    Click to Call with Skype
    Combined Community Codec Pack 2008-09-21 16:18
    Compatibility Pack for the 2007 Office system
    DivX Plus Web Player
    Download Updater (AOL LLC)
    EA Download Manager
    FrostWire 4.21.1
    Gateway Connect
    Gateway Games
    Gateway Recovery Center Installer
    Google Chrome
    Google Desktop
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 29
    Java(TM) SE Runtime Environment 6 Update 1
    LabelPrint
    LiveUpdate (Symantec Corporation)
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Marvell(R) Wireless Card Software Package
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Works
    Microsoft WSE 2.0 SP3 Runtime
    Microsoft WSE 3.0 Runtime
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB941833)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Octoshape add-in for Adobe Flash Player
    Octoshape Streaming Services
    PerformanceTest v7.0
    Picasa 3
    Power2Go 5.0
    QuickTime
    Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
    Realtek USB 2.0 Card Reader
    Roxio Media Manager
    RTC Client API v1.2
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    SigmaTel Audio
    Skype™ 4.1
    Spare Backup
    SpeedFan (remove only)
    Synaptics Pointing Device Driver
    System Requirements Lab
    The Sims™ 3
    Unity Web Player
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    VC80CRTRedist - 8.0.50727.4053
    Windows Live Messenger
    Windows Media Player Firefox Plugin
    Xvid 1.2.1 final uninstall
    YouTube Downloader 2.7.2
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2011 11:27:36 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {0002DF01-0000-0000-C000-000000000046}. The error: "2" Happened while starting this command: "C:\Program Files\Internet Explorer\iexplore.exe" -Embedding
    10/21/2011 11:20:40 AM, Error: Service Control Manager [7000] - The MBAMSwissArmy service failed to start due to the following error: The system cannot find the file specified.
    10/20/2011 7:56:55 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss SASDIFSV SASKUTIL Smb spldr tdx Wanarpv6 ws2ifsl
    10/20/2011 7:30:13 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
    10/20/2011 4:56:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B68-F52A-11D8-B9A5-505054503030}
    10/20/2011 4:52:22 PM, Error: Service Control Manager [7001] - The Network Connections service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/20/2011 4:17:34 PM, Error: Service Control Manager [7034] - The Bonjour Service service terminated unexpectedly. It has done this 1 time(s).
    10/20/2011 4:15:40 PM, Error: netbt [4321] - The name "ANA-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
    10/20/2011 4:15:40 PM, Error: netbt [4321] - The name "ANA-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.3 did not allow the name to be claimed by this computer.
    10/20/2011 2:59:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.
    10/20/2011 2:17:50 AM, Error: Service Control Manager [7034] - The Mp3Tube Toolbar Updater Service service terminated unexpectedly. It has done this 1 time(s).
    10/20/2011 12:45:30 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume \Device\HarddiskVolume2.
    10/20/2011 12:20:22 AM, Error: PCTCore [280] -
    10/20/2011 10:27:16 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.5.108 for the Network Card with network address 0016448582E3 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
    10/20/2011 1:46:21 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    10/20/2011 1:27:15 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    10/19/2011 7:14:18 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Avgldx86 Avgmfx86 spldr Wanarpv6
    10/19/2011 7:13:34 PM, Error: EventLog [6008] - The previous system shutdown at 7:11:10 PM on 10/19/2011 was unexpected.
    10/19/2011 7:08:19 PM, Error: EventLog [6008] - The previous system shutdown at 7:00:12 PM on 10/19/2011 was unexpected.
    10/19/2011 6:35:36 PM, Error: EventLog [6008] - The previous system shutdown at 6:32:06 PM on 10/19/2011 was unexpected.
    10/19/2011 6:05:43 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: Access is denied.
    10/19/2011 6:03:40 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: spldr
    10/19/2011 6:01:21 PM, Error: Service Control Manager [7023] - The Software Licensing service terminated with the following error: The system cannot find the file specified.
    10/19/2011 6:01:21 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Responder service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    10/19/2011 6:01:21 PM, Error: Service Control Manager [7000] - The Link-Layer Topology Discovery Mapper I/O Driver service failed to start due to the following error: The driver was not loaded because the system is booting into safe mode.
    10/19/2011 5:54:44 PM, Error: EventLog [6008] - The previous system shutdown at 5:52:30 PM on 10/19/2011 was unexpected.
    10/19/2011 5:46:42 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has not been started.
    10/19/2011 5:46:40 PM, Error: Microsoft-Windows-WMPNSS-Service [14333] - Service 'WMPNetworkSvc' did not start correctly due to error '0x8007042c'. Restart your computer, and then try to restart the service.
    10/19/2011 5:44:56 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The operation completed successfully.
    10/19/2011 5:44:54 PM, Error: Service Control Manager [7001] - The WinHTTP Web Proxy Auto-Discovery Service service depends on the DHCP Client service which failed to start because of the following error: The service has not been started.
    10/19/2011 5:44:54 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The operation completed successfully.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7024] - The Network Location Awareness service terminated with service-specific error 3221226008 (0xC0000218).
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7023] - The Diagnostic Policy Service service terminated with the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7023] - The DHCP Client service terminated with the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7023] - The Base Filtering Engine service terminated with the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7001] - The Windows Firewall service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The service has returned a service-specific error code.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7001] - The IPsec Policy Agent service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/19/2011 5:44:15 PM, Error: Service Control Manager [7001] - The IKE and AuthIP IPsec Keying Modules service depends on the Base Filtering Engine service which failed to start because of the following error: Access is denied.
    10/19/2011 5:43:19 PM, Error: Microsoft-Windows-Time-Service [46] - The time service encountered an error and was forced to shut down. The error was: 0x80070005: Access is denied.
    10/19/2011 5:42:48 PM, Error: Microsoft-Windows-ResourcePublication [1002] - Element Provider\Microsoft.Base.Publication/Publication/Computer failed to publish. Ensure that both PKEY_PUBSVCS_METADATA and PKEY_PUBSVCS_TYPE are set properly on the function instance and there were no errors adding the function instance.
    10/19/2011 5:31:41 PM, Error: EventLog [6008] - The previous system shutdown at 5:30:35 PM on 10/19/2011 was unexpected.
    10/19/2011 5:17:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
    10/19/2011 5:16:12 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/19/2011 5:14:49 PM, Error: EventLog [6008] - The previous system shutdown at 5:12:58 PM on 10/19/2011 was unexpected.
    10/19/2011 5:08:37 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: The system cannot find the file specified.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD Avgldx86 Avgmfx86 Avgtdix DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6 ws2ifsl
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/19/2011 3:47:02 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    10/19/2011 3:46:40 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/19/2011 3:46:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/19/2011 3:46:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/19/2011 3:46:06 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}
    10/19/2011 3:46:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/19/2011 3:45:57 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/19/2011 3:37:51 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Modules Installer service to connect.
    10/19/2011 3:37:51 PM, Error: Service Control Manager [7000] - The Windows Modules Installer service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/19/2011 3:37:51 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service TrustedInstaller with arguments "" in order to run the server: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
    10/19/2011 3:35:26 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
    10/19/2011 3:29:54 PM, Error: Service Control Manager [7000] - The AVG WatchDog service failed to start due to the following error: AVG WatchDog is not a valid Win32 application.
    10/18/2011 8:32:25 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NlaSvc service.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The The Browser Highlighter Monitor service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The Mp3Tube Toolbar Updater Service service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The Intel(R) Matrix Storage Event Monitor service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The Bonjour Service service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The AVGIDSAgent service failed to start due to the following error: Access is denied.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The AOL Connectivity Service service failed to start due to the following error: The system cannot find the file specified.
    10/18/2011 1:43:52 PM, Error: Service Control Manager [7000] - The Agere Modem Call Progress Audio service failed to start due to the following error: The system cannot find the file specified.
    10/17/2011 4:56:59 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    10/17/2011 10:29:26 PM, Error: Service Control Manager [7034] - The AVGIDSAgent service terminated unexpectedly. It has done this 1 time(s).
    10/16/2011 5:10:43 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{ADF67151-6190-40DF-9538-0890B562DCC8} because another computer on the network has the same name. The server could not start.
    10/16/2011 5:10:43 PM, Error: netbt [4321] - The name "ANA-PC :20" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
    10/16/2011 5:10:43 PM, Error: netbt [4321] - The name "ANA-PC :0" could not be registered on the interface with IP address 192.168.1.4. The computer with the IP address 192.168.1.6 did not allow the name to be claimed by this computer.
    10/15/2011 8:00:01 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect.
    10/15/2011 8:00:01 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
    .
    ==== End Of File ===========================
  3. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    For some reason i couldn't get the GMER log. Everytime i would run it it would prompt me that my system wasn't infected and it prompted me with an "OK". I would then try to hit save but it would come up wtih an empty log file.

    EDIT: Forgot to mention when i run GMER i would get an error as follow : LoadDriver("C:\Users\BIANCA~1\AppData\Local\Temp\uwldrpow.sys")error0xc000010E: An Instance of the service is already running.
  4. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==================================================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ==================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  5. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Hey Broni thanks for the quick reply. aswMBR.exe doesn't want to run it doesn't even load to the command prompt.
  6. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download Bootkit Remover to your Desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on remover.exe to run the program (Vista/7 users,right click on remover.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.
  7. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
    001), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c569ce00

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 Controlled by rootkit!

    Boot code on some of your physical disks is hidden by a rootkit.
    To disinfect the master boot sector, use the following command:
    remover.exe fix <device_name>
    To inspect the boot code manually, dump the master boot sector:
    remover.exe dump <device_name> [output_file]


    Done;
    Press any key to quit...
  8. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  9. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    tdsskiller wont start either :(. Tried to run as admin as well no luck
  10. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 1 to overwrite the infected MBR Code with the Standard MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run Bootkit Remover again and post its log.
  11. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Followed the steps and on the reboot got blue screen with normal boot, got in through safe mode.
     
  12. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Here is the bootkit remover, had to pass it to a working system through flash drive since the laptop doesn't have internet access on safe mode.

    Bootkit Remover
    (c) 2009 Esage Lab
    www.esagelab.com

    Program version: 1.2.0.1
    OS Version: Microsoft Windows Vista Home Premium Edition Service Pack 1 (build 6
    001), 32-bit

    System volume is \\.\C:
    \\.\C: -> \\.\PhysicalDrive0 at offset 0x00000002`c569ce00
    Boot sector MD5 is: 6def5ffcbcdbdb4082f1015625e597bd

    Size Device Name MBR Status
    --------------------------------------------
    232 GB \\.\PhysicalDrive0 OK (DOS/Win32 Boot code found)


    Done;
    Press any key to quit...
  13. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    MBR seems to be fine now.

    See if you can run aswMBR and TDSSKiller now.
  14. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    17:49:17.0871 1228 TDSS rootkit removing tool 2.6.12.0 Oct 21 2011 11:23:48
    17:49:18.0137 1228 ============================================================
    17:49:18.0137 1228 Current date / time: 2011/10/22 17:49:18.0137
    17:49:18.0137 1228 SystemInfo:
    17:49:18.0137 1228
    17:49:18.0137 1228 OS Version: 6.0.6001 ServicePack: 1.0
    17:49:18.0137 1228 Product type: Workstation
    17:49:18.0137 1228 ComputerName: ANA-PC
    17:49:18.0137 1228 UserName: Bianca Castro
    17:49:18.0137 1228 Windows directory: C:\Windows
    17:49:18.0137 1228 System windows directory: C:\Windows
    17:49:18.0137 1228 Processor architecture: Intel x86
    17:49:18.0137 1228 Number of processors: 2
    17:49:18.0137 1228 Page size: 0x1000
    17:49:18.0137 1228 Boot type: Safe boot with network
    17:49:18.0137 1228 ============================================================
    17:49:18.0355 1228 Initialize success
    17:49:20.0383 0416 ============================================================
    17:49:20.0383 0416 Scan started
    17:49:20.0383 0416 Mode: Manual;
    17:49:20.0383 0416 ============================================================
    17:49:20.0820 0416 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
    17:49:20.0820 0416 ac97intc - ok
    17:49:20.0882 0416 ACPI (fcb8c7210f0135e24c6580f7f649c73c) C:\Windows\system32\drivers\acpi.sys
    17:49:20.0882 0416 ACPI - ok
    17:49:20.0929 0416 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
    17:49:20.0929 0416 adp94xx - ok
    17:49:20.0960 0416 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
    17:49:20.0960 0416 adpahci - ok
    17:49:20.0976 0416 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
    17:49:20.0991 0416 adpu160m - ok
    17:49:21.0038 0416 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
    17:49:21.0038 0416 adpu320 - ok
    17:49:21.0101 0416 AFD (48eb99503533c27ac6135648e5474457) C:\Windows\system32\drivers\afd.sys
    17:49:21.0101 0416 AFD - ok
    17:49:21.0194 0416 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
    17:49:21.0194 0416 AgereSoftModem - ok
    17:49:21.0225 0416 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
    17:49:21.0225 0416 agp440 - ok
    17:49:21.0241 0416 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
    17:49:21.0241 0416 aic78xx - ok
    17:49:21.0272 0416 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
    17:49:21.0272 0416 aliide - ok
    17:49:21.0319 0416 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
    17:49:21.0319 0416 amdagp - ok
    17:49:21.0350 0416 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
    17:49:21.0350 0416 amdide - ok
    17:49:21.0381 0416 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
    17:49:21.0381 0416 AmdK7 - ok
    17:49:21.0428 0416 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
    17:49:21.0428 0416 AmdK8 - ok
    17:49:21.0459 0416 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
    17:49:21.0459 0416 arc - ok
    17:49:21.0506 0416 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
    17:49:21.0506 0416 arcsas - ok
    17:49:21.0553 0416 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
    17:49:21.0553 0416 AsyncMac - ok
    17:49:21.0615 0416 atapi (2d9c903dc76a66813d350a562de40ed9) C:\Windows\system32\drivers\atapi.sys
    17:49:21.0615 0416 atapi - ok
    17:49:21.0693 0416 AVGIDSDriver (4cbb56fbc9c0cbc517e6e3a6889ebddc) C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys
    17:49:21.0693 0416 AVGIDSDriver - ok
    17:49:21.0709 0416 AVGIDSEH (459bce188232e2fe6152423efef65d76) C:\Windows\system32\DRIVERS\AVGIDSEH.Sys
    17:49:21.0709 0416 AVGIDSEH - ok
    17:49:21.0740 0416 AVGIDSFilter (91d9abe7e88eac7c167cba4ed4d983bf) C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys
    17:49:21.0740 0416 AVGIDSFilter - ok
    17:49:21.0787 0416 AVGIDSShim (54d710b7d2e30e1ddc8ce2c6e685576b) C:\Windows\system32\DRIVERS\AVGIDSShim.Sys
    17:49:21.0787 0416 AVGIDSShim - ok
    17:49:21.0849 0416 Avgldx86 (f4dbbc8d3c5338693da23c59a50f8abc) C:\Windows\system32\DRIVERS\avgldx86.sys
    17:49:21.0849 0416 Avgldx86 - ok
    17:49:21.0865 0416 Avgmfx86 (1c77ef67f196466adc9924cb288afe87) C:\Windows\system32\DRIVERS\avgmfx86.sys
    17:49:21.0865 0416 Avgmfx86 - ok
    17:49:21.0881 0416 Avgrkx86 (f2038ed7284b79dcef581468121192a9) C:\Windows\system32\DRIVERS\avgrkx86.sys
    17:49:21.0881 0416 Avgrkx86 - ok
    17:49:21.0912 0416 Avgtdix (a6d562b612216d8d02a35ebeb92366bd) C:\Windows\system32\DRIVERS\avgtdix.sys
    17:49:21.0912 0416 Avgtdix - ok
    17:49:21.0974 0416 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
    17:49:21.0974 0416 bcm4sbxp - ok
    17:49:22.0021 0416 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
    17:49:22.0021 0416 Beep - ok
    17:49:22.0052 0416 blbdrive - ok
    17:49:22.0130 0416 bowser (8153396d5551276227fa146900f734e6) C:\Windows\system32\DRIVERS\bowser.sys
    17:49:22.0130 0416 bowser - ok
    17:49:22.0161 0416 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
    17:49:22.0161 0416 BrFiltLo - ok
    17:49:22.0224 0416 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
    17:49:22.0224 0416 BrFiltUp - ok
    17:49:22.0286 0416 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
    17:49:22.0286 0416 Brserid - ok
    17:49:22.0349 0416 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
    17:49:22.0349 0416 BrSerWdm - ok
    17:49:22.0411 0416 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
    17:49:22.0411 0416 BrUsbMdm - ok
    17:49:22.0427 0416 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
    17:49:22.0427 0416 BrUsbSer - ok
    17:49:22.0458 0416 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
    17:49:22.0458 0416 BTHMODEM - ok
    17:49:22.0520 0416 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
    17:49:22.0520 0416 cdfs - ok
    17:49:22.0551 0416 Cdr4_xp (837eef65af62d4e8a37c41d3879f7274) C:\Windows\system32\drivers\Cdr4_xp.sys
    17:49:22.0551 0416 Cdr4_xp - ok
    17:49:22.0567 0416 Cdralw2k (579da2f9f5401f55dae2cf8779d61dfc) C:\Windows\system32\drivers\Cdralw2k.sys
    17:49:22.0567 0416 Cdralw2k - ok
    17:49:22.0614 0416 cdrom (1ec25cea0de6ac4718bf89f9e1778b57) C:\Windows\system32\DRIVERS\cdrom.sys
    17:49:22.0614 0416 cdrom - ok
    17:49:22.0645 0416 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
    17:49:22.0661 0416 circlass - ok
    17:49:22.0707 0416 CLFS (465745561c832b29f7c48b488aab3842) C:\Windows\system32\CLFS.sys
    17:49:22.0707 0416 CLFS - ok
    17:49:22.0754 0416 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
    17:49:22.0754 0416 CmBatt - ok
    17:49:22.0801 0416 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
    17:49:22.0801 0416 cmdide - ok
    17:49:22.0817 0416 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
    17:49:22.0817 0416 Compbatt - ok
    17:49:22.0832 0416 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
    17:49:22.0832 0416 crcdisk - ok
    17:49:22.0863 0416 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
    17:49:22.0863 0416 Crusoe - ok
    17:49:22.0926 0416 DfsC (a3e9fa213f443ac77c7746119d13feec) C:\Windows\system32\Drivers\dfsc.sys
    17:49:22.0926 0416 DfsC - ok
    17:49:23.0004 0416 disk (64109e623abd6955c8fb110b592e68b7) C:\Windows\system32\drivers\disk.sys
    17:49:23.0004 0416 disk - ok
    17:49:23.0066 0416 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
    17:49:23.0066 0416 drmkaud - ok
    17:49:23.0129 0416 DXGKrnl (85f33880b8cfb554bd3d9ccdb486845a) C:\Windows\System32\drivers\dxgkrnl.sys
    17:49:23.0144 0416 DXGKrnl - ok
    17:49:23.0175 0416 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
    17:49:23.0175 0416 E1G60 - ok
    17:49:23.0238 0416 Ecache (dd2cd259d83d8b72c02c5f2331ff9d68) C:\Windows\system32\drivers\ecache.sys
    17:49:23.0238 0416 Ecache - ok
    17:49:23.0300 0416 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
    17:49:23.0300 0416 elxstor - ok
    17:49:23.0363 0416 exfat (0d858eb20589a34efb25695acaa6aa2d) C:\Windows\system32\drivers\exfat.sys
    17:49:23.0363 0416 exfat - ok
    17:49:23.0425 0416 fastfat (3c489390c2e2064563727752af8eab9e) C:\Windows\system32\drivers\fastfat.sys
    17:49:23.0425 0416 fastfat - ok
    17:49:23.0456 0416 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
    17:49:23.0456 0416 fdc - ok
    17:49:23.0487 0416 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
    17:49:23.0487 0416 FileInfo - ok
    17:49:23.0550 0416 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
    17:49:23.0550 0416 Filetrace - ok
    17:49:23.0565 0416 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
    17:49:23.0565 0416 flpydisk - ok
    17:49:23.0612 0416 FltMgr (05ea53afe985443011e36dab07343b46) C:\Windows\system32\drivers\fltmgr.sys
    17:49:23.0628 0416 FltMgr - ok
    17:49:23.0643 0416 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
    17:49:23.0643 0416 Fs_Rec - ok
    17:49:23.0675 0416 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
    17:49:23.0675 0416 gagp30kx - ok
    17:49:23.0706 0416 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    17:49:23.0706 0416 GEARAspiWDM - ok
    17:49:23.0753 0416 giveio (77ebf3e9386daa51551af429052d88d0) C:\Windows\system32\giveio.sys
    17:49:23.0768 0416 giveio - ok
    17:49:23.0846 0416 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
    17:49:23.0846 0416 HdAudAddService - ok
    17:49:23.0909 0416 HDAudBus (c87b1ee051c0464491c1a7b03fa0bc99) C:\Windows\system32\DRIVERS\HDAudBus.sys
    17:49:23.0909 0416 HDAudBus - ok
    17:49:23.0940 0416 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
    17:49:23.0940 0416 HidBth - ok
    17:49:23.0971 0416 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
    17:49:23.0971 0416 HidIr - ok
    17:49:24.0018 0416 HidUsb (854ca287ab7faf949617a788306d967e) C:\Windows\system32\DRIVERS\hidusb.sys
    17:49:24.0018 0416 HidUsb - ok
    17:49:24.0065 0416 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
    17:49:24.0065 0416 HpCISSs - ok
    17:49:24.0127 0416 HTTP (96e241624c71211a79c84f50a8e71cab) C:\Windows\system32\drivers\HTTP.sys
    17:49:24.0143 0416 HTTP - ok
    17:49:24.0189 0416 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
    17:49:24.0189 0416 i2omp - ok
    17:49:24.0252 0416 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
    17:49:24.0252 0416 i8042prt - ok
    17:49:24.0314 0416 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
    17:49:24.0314 0416 ialm - ok
    17:49:24.0361 0416 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\DRIVERS\iaStor.sys
    17:49:24.0361 0416 iaStor - ok
    17:49:24.0392 0416 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
    17:49:24.0392 0416 iaStorV - ok
    17:49:24.0517 0416 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
    17:49:24.0533 0416 igfx - ok
    17:49:24.0564 0416 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
    17:49:24.0564 0416 iirsp - ok
    17:49:24.0626 0416 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
    17:49:24.0626 0416 intelide - ok
    17:49:24.0720 0416 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
    17:49:24.0720 0416 intelppm - ok
    17:49:24.0782 0416 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    17:49:24.0782 0416 IpFilterDriver - ok
    17:49:24.0798 0416 IpInIp - ok
    17:49:24.0813 0416 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
    17:49:24.0813 0416 IPMIDRV - ok
    17:49:24.0876 0416 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
    17:49:24.0876 0416 IPNAT - ok
    17:49:24.0923 0416 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
    17:49:24.0923 0416 IRENUM - ok
    17:49:24.0954 0416 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
    17:49:24.0954 0416 isapnp - ok
    17:49:25.0001 0416 iScsiPrt (f247eec28317f6c739c16de420097301) C:\Windows\system32\DRIVERS\msiscsi.sys
    17:49:25.0001 0416 iScsiPrt - ok
    17:49:25.0032 0416 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
    17:49:25.0047 0416 iteatapi - ok
    17:49:25.0063 0416 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
    17:49:25.0063 0416 iteraid - ok
    17:49:25.0110 0416 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
    17:49:25.0110 0416 kbdclass - ok
    17:49:25.0172 0416 kbdhid (18247836959ba67e3511b62846b9c2e0) C:\Windows\system32\DRIVERS\kbdhid.sys
    17:49:25.0172 0416 kbdhid - ok
    17:49:25.0235 0416 KSecDD (7a0cf7908b6824d6a2a1d313e5ae3dca) C:\Windows\system32\Drivers\ksecdd.sys
    17:49:25.0235 0416 KSecDD - ok
    17:49:25.0313 0416 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
    17:49:25.0313 0416 lltdio - ok
    17:49:25.0344 0416 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
    17:49:25.0344 0416 LSI_FC - ok
    17:49:25.0375 0416 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
    17:49:25.0375 0416 LSI_SAS - ok
    17:49:25.0406 0416 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
    17:49:25.0406 0416 LSI_SCSI - ok
    17:49:25.0453 0416 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
    17:49:25.0453 0416 luafv - ok
    17:49:25.0484 0416 MBAMProtector (69a6268d7f81e53d568ab4e7e991caf3) C:\Windows\system32\drivers\mbam.sys
    17:49:25.0484 0416 MBAMProtector - ok
    17:49:25.0515 0416 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
    17:49:25.0515 0416 megasas - ok
    17:49:25.0562 0416 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
    17:49:25.0562 0416 Modem - ok
    17:49:25.0593 0416 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
    17:49:25.0609 0416 monitor - ok
    17:49:25.0640 0416 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
    17:49:25.0640 0416 mouclass - ok
    17:49:25.0671 0416 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
    17:49:25.0671 0416 mouhid - ok
    17:49:25.0734 0416 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
    17:49:25.0734 0416 MountMgr - ok
    17:49:25.0765 0416 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
    17:49:25.0765 0416 mpio - ok
    17:49:25.0827 0416 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
    17:49:25.0827 0416 mpsdrv - ok
    17:49:25.0859 0416 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
    17:49:25.0859 0416 Mraid35x - ok
    17:49:25.0921 0416 MRVW147 (ad9a2d2ab294ee7278b1ce48cea966ab) C:\Windows\system32\DRIVERS\MRVW147.sys
    17:49:25.0921 0416 MRVW147 - ok
    17:49:25.0983 0416 MRxDAV (ae3de84536b6799d2267443cec8edbb9) C:\Windows\system32\drivers\mrxdav.sys
    17:49:25.0983 0416 MRxDAV - ok
    17:49:26.0061 0416 mrxsmb (5734a0f2be7e495f7d3ed6efd4b9f5a1) C:\Windows\system32\DRIVERS\mrxsmb.sys
    17:49:26.0061 0416 mrxsmb - ok
    17:49:26.0108 0416 mrxsmb10 (6b5fa5adfacac9dbbe0991f4566d7d55) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    17:49:26.0124 0416 mrxsmb10 - ok
    17:49:26.0139 0416 mrxsmb20 (5c80d8159181c7abf1b14ba703b01e0b) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    17:49:26.0139 0416 mrxsmb20 - ok
    17:49:26.0217 0416 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
    17:49:26.0217 0416 msahci - ok
    17:49:26.0249 0416 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
    17:49:26.0249 0416 msdsm - ok
    17:49:26.0295 0416 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
    17:49:26.0295 0416 Msfs - ok
    17:49:26.0327 0416 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
    17:49:26.0327 0416 msisadrv - ok
    17:49:26.0373 0416 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
    17:49:26.0373 0416 MSKSSRV - ok
    17:49:26.0436 0416 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
    17:49:26.0436 0416 MSPCLOCK - ok
    17:49:26.0498 0416 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
    17:49:26.0498 0416 MSPQM - ok
    17:49:26.0561 0416 MsRPC (b5614aecb05a9340aa0fb55bf561cc63) C:\Windows\system32\drivers\MsRPC.sys
    17:49:26.0561 0416 MsRPC - ok
    17:49:26.0592 0416 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
    17:49:26.0592 0416 mssmbios - ok
    17:49:26.0607 0416 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
    17:49:26.0607 0416 MSTEE - ok
    17:49:26.0670 0416 Mup (6dfd1d322de55b0b7db7d21b90bec49c) C:\Windows\system32\Drivers\mup.sys
    17:49:26.0670 0416 Mup - ok
    17:49:26.0732 0416 NativeWifiP (3c21ce48ff529bb73dadb98770b54025) C:\Windows\system32\DRIVERS\nwifi.sys
    17:49:26.0732 0416 NativeWifiP - ok
    17:49:26.0810 0416 NDIS (9bdc71790fa08f0a0b5f10462b1bd0b1) C:\Windows\system32\drivers\ndis.sys
    17:49:26.0810 0416 NDIS - ok
    17:49:26.0857 0416 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
    17:49:26.0857 0416 NdisTapi - ok
    17:49:26.0904 0416 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
    17:49:26.0904 0416 Ndisuio - ok
    17:49:26.0951 0416 NdisWan (3d14c3b3496f88890d431e8aa022a411) C:\Windows\system32\DRIVERS\ndiswan.sys
    17:49:26.0951 0416 NdisWan - ok
    17:49:27.0013 0416 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
    17:49:27.0013 0416 NDProxy - ok
    17:49:27.0075 0416 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
    17:49:27.0075 0416 NetBIOS - ok
    17:49:27.0122 0416 netbt (7c5fee5b1c5728507cd96fb4a13e7a02) C:\Windows\system32\DRIVERS\netbt.sys
    17:49:27.0122 0416 netbt - ok
    17:49:27.0278 0416 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
    17:49:27.0294 0416 NETw2v32 - ok
    17:49:27.0325 0416 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
    17:49:27.0325 0416 nfrd960 - ok
    17:49:27.0356 0416 Npfs (ecb5003f484f9ed6c608d6d6c7886cbb) C:\Windows\system32\drivers\Npfs.sys
    17:49:27.0356 0416 Npfs - ok
    17:49:27.0403 0416 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
    17:49:27.0403 0416 nsiproxy - ok
    17:49:27.0497 0416 Ntfs (b4effe29eb4f15538fd8a9681108492d) C:\Windows\system32\drivers\Ntfs.sys
    17:49:27.0497 0416 Ntfs - ok
    17:49:27.0528 0416 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
    17:49:27.0528 0416 ntrigdigi - ok
    17:49:27.0575 0416 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
    17:49:27.0575 0416 Null - ok
    17:49:27.0606 0416 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
    17:49:27.0606 0416 nvraid - ok
    17:49:27.0637 0416 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
    17:49:27.0637 0416 nvstor - ok
    17:49:27.0668 0416 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
    17:49:27.0668 0416 nv_agp - ok
    17:49:27.0684 0416 NwlnkFlt - ok
    17:49:27.0699 0416 NwlnkFwd - ok
    17:49:27.0746 0416 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
    17:49:27.0746 0416 ohci1394 - ok
    17:49:27.0777 0416 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
    17:49:27.0777 0416 Parport - ok
    17:49:27.0840 0416 partmgr (3b38467e7c3daed009dfe359e17f139f) C:\Windows\system32\drivers\partmgr.sys
    17:49:27.0840 0416 partmgr - ok
    17:49:27.0871 0416 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
    17:49:27.0871 0416 Parvdm - ok
    17:49:27.0933 0416 pci (01b94418deb235dff777cc80076354b4) C:\Windows\system32\drivers\pci.sys
    17:49:27.0933 0416 pci - ok
    17:49:27.0965 0416 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
    17:49:27.0965 0416 pciide - ok
    17:49:27.0996 0416 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
    17:49:27.0996 0416 pcmcia - ok
    17:49:28.0043 0416 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
    17:49:28.0043 0416 PEAUTH - ok
    17:49:28.0136 0416 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
    17:49:28.0136 0416 PptpMiniport - ok
    17:49:28.0152 0416 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
    17:49:28.0152 0416 Processor - ok
    17:49:28.0214 0416 PSched (bfef604508a0ed1eae2a73e872555ffb) C:\Windows\system32\DRIVERS\pacer.sys
    17:49:28.0214 0416 PSched - ok
    17:49:28.0261 0416 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\Windows\system32\Drivers\PxHelp20.sys
    17:49:28.0261 0416 PxHelp20 - ok
    17:49:28.0308 0416 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
    17:49:28.0323 0416 ql2300 - ok
    17:49:28.0355 0416 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
    17:49:28.0355 0416 ql40xx - ok
    17:49:28.0417 0416 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
    17:49:28.0417 0416 QWAVEdrv - ok
    17:49:28.0448 0416 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
    17:49:28.0448 0416 RasAcd - ok
    17:49:28.0511 0416 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
    17:49:28.0511 0416 Rasl2tp - ok
    17:49:28.0526 0416 RasPppoe (3e9d9b048107b40d87b97df2e48e0744) C:\Windows\system32\DRIVERS\raspppoe.sys
    17:49:28.0526 0416 RasPppoe - ok
    17:49:28.0589 0416 RasSstp (a7d141684e9500ac928a772ed8e6b671) C:\Windows\system32\DRIVERS\rassstp.sys
    17:49:28.0589 0416 RasSstp - ok
    17:49:28.0635 0416 rdbss (6e1c5d0457622f9ee35f683110e93d14) C:\Windows\system32\DRIVERS\rdbss.sys
    17:49:28.0635 0416 rdbss - ok
    17:49:28.0698 0416 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
    17:49:28.0698 0416 RDPCDD - ok
    17:49:28.0745 0416 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
    17:49:28.0745 0416 rdpdr - ok
    17:49:28.0791 0416 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
    17:49:28.0791 0416 RDPENCDD - ok
    17:49:28.0838 0416 RDPWD (e1c18f4097a5abcec941dc4b2f99db7e) C:\Windows\system32\drivers\RDPWD.sys
    17:49:28.0838 0416 RDPWD - ok
    17:49:28.0901 0416 RimUsb (f17713d108aca124a139fde877eef68a) C:\Windows\system32\Drivers\RimUsb.sys
    17:49:28.0901 0416 RimUsb - ok
    17:49:28.0963 0416 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
    17:49:28.0963 0416 RimVSerPort - ok
    17:49:29.0010 0416 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
    17:49:29.0010 0416 ROOTMODEM - ok
    17:49:29.0103 0416 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
    17:49:29.0103 0416 rspndr - ok
    17:49:29.0166 0416 RTL8169 (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
    17:49:29.0166 0416 RTL8169 - ok
    17:49:29.0213 0416 RTSTOR (6e7f2054faedbe766034aa8a185213ec) C:\Windows\system32\drivers\RTSTOR.SYS
    17:49:29.0213 0416 RTSTOR - ok
    17:49:29.0275 0416 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
    17:49:29.0275 0416 sbp2port - ok
    17:49:29.0337 0416 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
    17:49:29.0337 0416 sdbus - ok
    17:49:29.0369 0416 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
    17:49:29.0369 0416 secdrv - ok
    17:49:29.0400 0416 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
    17:49:29.0400 0416 Serenum - ok
    17:49:29.0415 0416 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
    17:49:29.0415 0416 Serial - ok
    17:49:29.0478 0416 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
    17:49:29.0478 0416 sermouse - ok
    17:49:29.0509 0416 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
    17:49:29.0509 0416 sffdisk - ok
    17:49:29.0540 0416 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
    17:49:29.0540 0416 sffp_mmc - ok
    17:49:29.0556 0416 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
    17:49:29.0556 0416 sffp_sd - ok
    17:49:29.0587 0416 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
    17:49:29.0587 0416 sfloppy - ok
    17:49:29.0618 0416 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
    17:49:29.0618 0416 sisagp - ok
    17:49:29.0649 0416 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
    17:49:29.0649 0416 SiSRaid2 - ok
    17:49:29.0681 0416 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
    17:49:29.0681 0416 SiSRaid4 - ok
    17:49:29.0759 0416 Smb (031e6bcd53c9b2b9ace111eafec347b6) C:\Windows\system32\DRIVERS\smb.sys
    17:49:29.0759 0416 Smb - ok
    17:49:29.0805 0416 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\Windows\system32\speedfan.sys
    17:49:29.0805 0416 speedfan - ok
    17:49:29.0868 0416 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
    17:49:29.0868 0416 spldr - ok
    17:49:29.0915 0416 srv (2252aef839b1093d16761189f45af885) C:\Windows\system32\DRIVERS\srv.sys
    17:49:29.0915 0416 srv - ok
    17:49:29.0977 0416 srv2 (b7ff59408034119476b00a81bb53d5d1) C:\Windows\system32\DRIVERS\srv2.sys
    17:49:29.0977 0416 srv2 - ok
    17:49:30.0039 0416 srvnet (2accc9b12af02030f531e6cca6f8b76e) C:\Windows\system32\DRIVERS\srvnet.sys
    17:49:30.0039 0416 srvnet - ok
    17:49:30.0102 0416 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
    17:49:30.0102 0416 STHDA - ok
    17:49:30.0164 0416 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
    17:49:30.0164 0416 swenum - ok
    17:49:30.0242 0416 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
    17:49:30.0242 0416 Symc8xx - ok
    17:49:30.0258 0416 SymIMMP - ok
    17:49:30.0289 0416 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
    17:49:30.0289 0416 Sym_hi - ok
    17:49:30.0305 0416 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
    17:49:30.0305 0416 Sym_u3 - ok
    17:49:30.0351 0416 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
    17:49:30.0351 0416 SynTP - ok
    17:49:30.0445 0416 Tcpip (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\drivers\tcpip.sys
    17:49:30.0461 0416 Tcpip - ok
    17:49:30.0507 0416 Tcpip6 (782568ab6a43160a159b6215b70bcce9) C:\Windows\system32\DRIVERS\tcpip.sys
    17:49:30.0507 0416 Tcpip6 - ok
    17:49:30.0554 0416 tcpipreg (d4a2e4a4b011f3a883af77315a5ae76b) C:\Windows\system32\drivers\tcpipreg.sys
    17:49:30.0554 0416 tcpipreg - ok
    17:49:30.0632 0416 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
    17:49:30.0632 0416 TDPIPE - ok
    17:49:30.0648 0416 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
    17:49:30.0648 0416 TDTCP - ok
    17:49:30.0710 0416 tdx (d09276b1fab033ce1d40dcbdf303d10f) C:\Windows\system32\DRIVERS\tdx.sys
    17:49:30.0710 0416 tdx - ok
    17:49:30.0757 0416 TermDD (a048056f5e1a96a9bf3071b91741a5aa) C:\Windows\system32\DRIVERS\termdd.sys
    17:49:30.0757 0416 TermDD - ok
    17:49:30.0804 0416 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
    17:49:30.0804 0416 tssecsrv - ok
    17:49:30.0835 0416 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
    17:49:30.0835 0416 tunmp - ok
    17:49:30.0866 0416 tunnel (6042505ff6fa9ac1ef7684d0e03b6940) C:\Windows\system32\DRIVERS\tunnel.sys
    17:49:30.0882 0416 tunnel - ok
    17:49:30.0897 0416 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
    17:49:30.0897 0416 uagp35 - ok
    17:49:30.0960 0416 udfs (8b5088058fa1d1cd897a2113ccff6c58) C:\Windows\system32\DRIVERS\udfs.sys
    17:49:30.0960 0416 udfs - ok
    17:49:31.0007 0416 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
    17:49:31.0007 0416 uliagpkx - ok
    17:49:31.0022 0416 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
    17:49:31.0022 0416 uliahci - ok
    17:49:31.0053 0416 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
    17:49:31.0053 0416 UlSata - ok
    17:49:31.0085 0416 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
    17:49:31.0085 0416 ulsata2 - ok
    17:49:31.0131 0416 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
    17:49:31.0131 0416 umbus - ok
    17:49:31.0178 0416 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\Windows\system32\Drivers\usbaapl.sys
    17:49:31.0178 0416 USBAAPL - ok
    17:49:31.0225 0416 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
    17:49:31.0225 0416 usbccgp - ok
    17:49:31.0241 0416 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
    17:49:31.0241 0416 usbcir - ok
    17:49:31.0303 0416 usbehci (cebe90821810e76320155beba722fcf9) C:\Windows\system32\DRIVERS\usbehci.sys
    17:49:31.0303 0416 usbehci - ok
    17:49:31.0334 0416 usbhub (cc6b28e4ce39951357963119ce47b143) C:\Windows\system32\DRIVERS\usbhub.sys
    17:49:31.0334 0416 usbhub - ok
    17:49:31.0381 0416 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
    17:49:31.0381 0416 usbohci - ok
    17:49:31.0412 0416 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
    17:49:31.0412 0416 usbprint - ok
    17:49:31.0459 0416 USBSTOR (87ba6b83c5d19b69160968d07d6e2982) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    17:49:31.0459 0416 USBSTOR - ok
    17:49:31.0521 0416 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
    17:49:31.0521 0416 usbuhci - ok
    17:49:31.0584 0416 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
    17:49:31.0584 0416 usbvideo - ok
    17:49:31.0615 0416 UVCFTR (7b8424bbaafbc127c8f55ad6007d6d6b) C:\Windows\system32\Drivers\UVCFTR_S.SYS
    17:49:31.0615 0416 UVCFTR - ok
    17:49:31.0646 0416 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
    17:49:31.0646 0416 vga - ok
    17:49:31.0709 0416 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
    17:49:31.0709 0416 VgaSave - ok
    17:49:31.0740 0416 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
    17:49:31.0740 0416 viaagp - ok
    17:49:31.0755 0416 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
    17:49:31.0755 0416 ViaC7 - ok
    17:49:31.0771 0416 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
    17:49:31.0787 0416 viaide - ok
    17:49:31.0849 0416 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
    17:49:31.0849 0416 volmgr - ok
    17:49:31.0896 0416 volmgrx (98f5ffe6316bd74e9e2c97206c190196) C:\Windows\system32\drivers\volmgrx.sys
    17:49:31.0911 0416 volmgrx - ok
    17:49:31.0958 0416 volsnap (d8b4a53dd2769f226b3eb374374987c9) C:\Windows\system32\drivers\volsnap.sys
    17:49:31.0958 0416 volsnap - ok
    17:49:31.0989 0416 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
    17:49:32.0005 0416 vsmraid - ok
    17:49:32.0036 0416 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
    17:49:32.0036 0416 WacomPen - ok
    17:49:32.0099 0416 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:49:32.0099 0416 Wanarp - ok
    17:49:32.0099 0416 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
    17:49:32.0114 0416 Wanarpv6 - ok
    17:49:32.0145 0416 wanatw (0a716c08cb13c3a8f4f51e882dbf7416) C:\Windows\system32\DRIVERS\wanatw4.sys
    17:49:32.0145 0416 wanatw - ok
    17:49:32.0177 0416 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
    17:49:32.0177 0416 Wd - ok
    17:49:32.0255 0416 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
    17:49:32.0270 0416 Wdf01000 - ok
    17:49:32.0364 0416 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
    17:49:32.0364 0416 WmiAcpi - ok
    17:49:32.0442 0416 WpdUsb (0cec23084b51b8288099eb710224e955) C:\Windows\system32\DRIVERS\wpdusb.sys
    17:49:32.0442 0416 WpdUsb - ok
    17:49:32.0504 0416 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
    17:49:32.0504 0416 ws2ifsl - ok
    17:49:32.0567 0416 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
    17:49:32.0567 0416 WUDFRd - ok
    17:49:32.0613 0416 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    17:49:32.0847 0416 \Device\Harddisk0\DR0 - ok
    17:49:32.0847 0416 Boot (0x1200) (034dc566075f964dc73202f23aeb1eb2) \Device\Harddisk0\DR0\Partition0
    17:49:32.0847 0416 \Device\Harddisk0\DR0\Partition0 - ok
    17:49:32.0863 0416 Boot (0x1200) (6cd54b645026f2b5b54e6bf5a07c6e3c) \Device\Harddisk0\DR0\Partition1
    17:49:32.0863 0416 \Device\Harddisk0\DR0\Partition1 - ok
    17:49:32.0863 0416 ============================================================
    17:49:32.0863 0416 Scan finished
    17:49:32.0863 0416 ============================================================
    17:49:32.0879 1720 Detected object count: 0
    17:49:32.0879 1720 Actual detected object count: 0
  15. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-22 17:07:14
    -----------------------------
    17:07:14.804 OS Version: Windows 6.0.6001 Service Pack 1
    17:07:14.804 Number of processors: 2 586 0xF0D
    17:07:14.804 ComputerName: ANA-PC UserName:
    17:07:15.787 Initialize success
    17:07:47.096 AVAST engine defs: 11102201
    17:08:31.322 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
    17:08:31.322 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    17:08:31.338 Disk 0 MBR read successfully
    17:08:31.354 Disk 0 MBR scan
    17:08:31.400 Disk 0 Windows XP default MBR code
    17:08:31.400 Disk 0 scanning sectors +488392065
    17:08:31.494 Disk 0 scanning C:\Windows\system32\drivers
    17:08:45.472 Service scanning
    17:08:47.671 Modules scanning
    17:08:53.256 Disk 0 trace - called modules:
    17:08:53.272 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
    17:08:53.287 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85f57978]
    17:08:53.287 3 CLASSPNP.SYS[8a7a1745] -> nt!IofCallDriver -> [0x84b66b18]
    17:08:53.287 5 acpi.sys[82ca06a0] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84b77030]
    17:08:54.551 AVAST engine scan C:\Windows
    17:08:57.874 AVAST engine scan C:\Windows\system32
    17:11:25.621 AVAST engine scan C:\Windows\system32\drivers
    17:11:38.148 AVAST engine scan C:\Users\Bianca Castro
    17:18:04.763 AVAST engine scan C:\ProgramData
    17:22:12.943 Scan finished successfully
    17:32:03.902 Disk 0 MBR has been saved successfully to "C:\Users\Bianca Castro\Desktop\MBR.dat"
    17:32:03.918 The log file has been saved successfully to "C:\Users\Bianca Castro\Desktop\aswMBR.txt"

    Ran both of them in safe mode and still am.
  16. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Very good job!

    See, if you can restart in normal mode now.
    If not continue in safe mode.

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  17. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    ComboFix rebooted my computer but it didn't create a log from what i can see. Also saw errors in the ComboFix cmd prompt that it didn't have Administrator access even though i ran it as administrator, it ran all the way to 50 then rebooted but i couldn't see the reason for it. All i got from this was 2 rkill logs when trying to run combofix. Here is the first:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 10/22/2011 at 19:47:32.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\Users\Bianca Castro\Desktop\rkill.com
    C:\Windows\system32\consent.exe


    Rkill completed on 10/22/2011 at 19:47:35.

    And the second:

    This log file is located at C:\rkill.log.
    Please post this only if requested to by the person helping you.
    Otherwise you can close this log when you wish.

    Rkill was run on 10/22/2011 at 20:01:22.
    Operating System: Windows Vista (TM) Home Premium


    Processes terminated by Rkill or while it was running:

    C:\32788R22FWJFW\cmd.3XE
    C:\32788R22FWJFW\NirCmd.3XE
    C:\Users\Bianca Castro\Desktop\rkill.com


    Rkill completed on 10/22/2011 at 20:01:24.
  18. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Re-run Combofix one more time.

    Can you access normal mode now?
  19. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    ComboFix still rebooted without leaving a log. still had a few instances during it that said Access Denied, due to not having Administrator privileges. Also noticed that ComboFix kept prompting me about AVG 2012 even though i uninstallled it.
  20. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    You're still not saying if you're able to access normal mode now.

    Try to run Combofix from safe mode.

    If it still doesn't work.....
    MAKE SURE YOU HAVE COMBOFIX FILE LOCATED ON YOUR DESKTOP.
    Click on Start and in "Start search" paste this:
    "%userprofile%\desktop\ComboFix.exe" /KillAll
    If the above doesn't work try this command:
    "%userprofile%\desktop\ComboFix.exe" /nombr

    Try normal and safe mode.
  21. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Hey sorry about that, forgot to mention that normal mode isn't working. keep getting blue screened as i hit the user log-in on windows. I'm trying your combofix commands now. Will let you know what happens asap.
  22. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    Still no luck with ComboFix :( . Normal mode boots still not working.
  23. Broni

    Broni Malware Annihilator Posts: 46,329   +252

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  24. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    OTL logfile created on: 10/22/2011 10:29:44 PM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Bianca Castro\Desktop
    Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.6001.19019)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.99 Gb Total Physical Memory | 2.50 Gb Available Physical Memory | 83.70% Memory free
    3.13 Gb Paging File | 2.85 Gb Available in Paging File | 91.05% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 221.80 Gb Total Space | 174.04 Gb Free Space | 78.47% Space Free | Partition Type: NTFS
    Drive D: | 11.08 Gb Total Space | 3.84 Gb Free Space | 34.67% Space Free | Partition Type: NTFS

    Computer Name: ANA-PC | User Name: Bianca Castro | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
    PRC - [2011/09/29 02:53:40 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
    PRC - [2008/10/29 02:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
    PRC - [2007/02/08 12:55:22 | 000,032,144 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files\Citrix\ICA Client\ssonsvr.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/09/29 02:53:40 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- -- (vToolbarUpdater)
    SRV - File not found [Auto | Stopped] -- -- (avgwd)
    SRV - File not found [Auto | Stopped] -- -- (AVGIDSAgent)
    SRV - [2011/09/01 09:17:00 | 001,025,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
    SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2010/07/28 17:36:52 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\Gateway Games\Gateway Game Console\GameConsoleService.exe -- (GameConsoleService)
    SRV - [2010/05/24 20:37:00 | 000,070,952 | ---- | M] () [Auto | Stopped] -- C:\Program Files\tbh\monitor\bin\tbhMonitor.exe -- (tbhMonitor.exe)
    SRV - [2008/01/19 03:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2007/08/31 12:49:50 | 000,243,064 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe -- (Automatic LiveUpdate Scheduler)
    SRV - [2007/08/23 00:35:22 | 003,192,184 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE -- (LiveUpdate)
    SRV - [2007/07/12 20:36:12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
    SRV - [2006/10/23 08:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
    SRV - [2006/10/05 01:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)


    ========== Driver Services (SafeList) ==========

    DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2010/06/23 09:21:32 | 000,259,176 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
    DRV - [2009/01/05 19:04:16 | 000,534,016 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\MRVW147.sys -- (MRVW147) Marvell TOPDOG (TM) 802.11bgn Driver for Vista Native WIFI (CB8x/EC8x)
    DRV - [2007/05/23 21:37:40 | 000,011,776 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
    DRV - [2007/02/02 04:00:00 | 000,009,464 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdralw2k.sys -- (Cdralw2k)
    DRV - [2007/02/02 04:00:00 | 000,009,336 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\Windows\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
    DRV - [2007/01/30 01:37:46 | 000,650,240 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
    DRV - [2006/11/29 18:24:57 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
    DRV - [2006/11/08 05:29:44 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
    DRV - [2006/11/02 03:30:56 | 002,589,184 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw2v32.sys -- (NETw2v32) Intel(R)
    DRV - [2006/11/02 03:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
    DRV - [2006/09/24 09:28:46 | 000,005,248 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Boot | Running] -- C:\Windows\system32\speedfan.sys -- (speedfan)
    DRV - [1996/04/03 15:33:26 | 000,005,248 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\system32\giveio.sys -- (giveio)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKLM\..\URLSearchHook: {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)


    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found
    IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.com/g/startpage.html?Ch=Retail&SubCH=BB&Br=GTW&Loc=ENG_US&Sys=PTB&M=M-6750
    IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\InprocServer32 File not found
    IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



    IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
    IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mp3tubetoolbar.com/?tmp=tool...our04ie&clid=3a386806a6b54f77adf782a6b9a43898
    IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
    IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.defaultengine: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search.defaultenginename: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search.order.1: "Yahoo-Mp3Tube"
    FF - prefs.js..browser.search.selectedEngine: "Google"
    FF - prefs.js..browser.search.selectedEngineURL: "http://mp3tubetoolbarsearch.com/?prt=pinballtbfour01ff&clid=3a386806a6b54f77adf782a6b9a43898&subid=&Keywords={searchTerms}"
    FF - prefs.js..browser.startup.homepage: "about:home"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
    FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
    FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Bianca Castro\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
    FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bianca Castro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/20 21:50:24 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/20 22:20:51 | 000,000,000 | ---D | M]

    [2010/08/19 00:43:31 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Extensions
    [2011/10/20 21:51:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions
    [2011/10/20 21:18:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    [2011/10/20 21:18:28 | 000,000,000 | ---D | M] (The Browser Highlighter) -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\extensions\browserhighlighter@ebay.com
    [2011/10/20 22:16:11 | 000,003,674 | ---- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Mozilla\Firefox\Profiles\imqlk0rr.default\searchplugins\avg-secure-search.xml
    [2011/10/20 22:09:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2011/10/20 21:16:51 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    [2010/10/10 01:59:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    [2010/10/25 16:04:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2011/02/05 01:42:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/03/12 00:35:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
    [2011/10/20 21:16:48 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
    [2011/10/20 22:09:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    () (No name found) -- C:\USERS\BIANCA CASTRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\IMQLK0RR.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI
    [2011/09/29 02:53:40 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/10/03 05:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
    [2011/09/28 20:26:50 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
    CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
    CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
    CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\14.0.835.202\pdf.dll
    CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\npSkypeChromePlugin.dll
    CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
    CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: downloadUpdater (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    CHR - plugin: downloadUpdater2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Bianca Castro\AppData\Roaming\Mozilla\plugins\npoctoshape.dll
    CHR - plugin: Octoshape Streaming Services (Enabled) = C:\Users\Bianca Castro\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll
    CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
    CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
    CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll
    CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
    CHR - plugin: Unity Player (Enabled) = C:\Users\Bianca Castro\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: AVG Safe Search = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\
    CHR - Extension: Click to call with Skype = C:\Users\Bianca Castro\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.5.0.8013_0\

    O1 HOSTS File: ([2011/10/22 19:55:42 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll File not found
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
    O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
    O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
    O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Windows\System32\BAE.dll (Gateway Inc.)
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
    O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
    O3 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..\Toolbar\WebBrowser: (AIM Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
    O4 - HKLM..\Run: [] File not found
    O4 - HKLM..\Run: [AVG_TRAY] "C:\Program Files\AVG\AVG2012\avgtray.exe" File not found
    O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\aol\1202607635\ee\aolsoftware.exe (America Online, Inc.)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
    O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\Windows\sttray.exe (SigmaTel, Inc.)
    O4 - HKLM..\Run: [tbhSystray] C:\Program Files\tbh\base\bin\tbhSystray.exe (eBay)
    O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
    O4 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
    O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
    O7 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
    O8 - Extra context menu item: &AIM Search - c:\Program Files\AOL\AIM Toolbar 5.0\resources\en-us\local\search.html ()
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
    O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll (Google Inc.)
    O9 - Extra Button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll (AOL LLC)
    O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation)
    O13 - gopher Prefix: missing
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Domains: localhost ([]http in Local intranet)
    O15 - HKU\S-1-5-21-1014990509-3480776375-117215019-1001\..Trusted Ranges: GD ([http] in Local intranet)
    O16 - DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab (SysInfo Class)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADF67151-6190-40DF-9538-0890B562DCC8}: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG10\Toolbar\IEToolbar.dll File not found
    O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll File not found
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1\ViProtocol.dll File not found
    O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
    O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O24 - Desktop BackupWallPaper: C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = comfile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: FastUserSwitchingCompatibility - File not found
    NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
    NetSvcs: Nla - File not found
    NetSvcs: Ntmssvc - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: SRService - File not found
    NetSvcs: WmdmPmSp - File not found
    NetSvcs: LogonHours - File not found
    NetSvcs: PCAudit - File not found
    NetSvcs: helpsvc - File not found
    NetSvcs: uploadmgr - File not found

    Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
    Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
    Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
    Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll ()

    CREATERESTOREPOINT
    Error creating restore point.

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/10/22 22:28:12 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
    [2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/10/22 22:17:05 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp
    [2011/10/22 22:08:54 | 000,000,000 | --SD | C] -- C:\ComboFix
    [2011/10/22 21:02:23 | 004,269,227 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
    [2011/10/22 20:00:36 | 000,000,000 | --SD | C] -- C:\yourname29696y
    [2011/10/22 19:46:42 | 000,000,000 | --SD | C] -- C:\yourname
    [2011/10/22 19:37:09 | 000,000,000 | --SD | C] -- C:\yourname.exe27063y
    [2011/10/22 19:32:15 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/22 19:32:14 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/22 19:32:14 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/22 19:32:03 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/22 13:44:54 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\NTBR_CD
    [2011/10/22 13:29:52 | 001,561,392 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
    [2011/10/22 13:19:57 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\Desktop\bootkit_remover
    [2011/10/22 12:37:58 | 008,922,408 | ---- | C] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
    [2011/10/22 12:37:09 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
    [2011/10/21 22:57:02 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
    [2011/10/21 12:05:14 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders
    [2011/10/21 11:01:48 | 000,000,000 | ---D | C] -- C:\Program Files\MALWAREBYTES ANTI-MALWARE
    [2011/10/20 22:18:19 | 000,000,000 | -HSD | C] -- C:\Config.Msi
    [2011/10/20 22:14:31 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
    [2011/10/20 22:13:33 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2012
    [2011/10/20 21:46:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2011/10/20 21:46:26 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2011/10/20 21:46:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
    [2011/10/20 19:37:51 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
    [2011/10/20 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\SUPERAntiSpyware.com
    [2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
    [2011/10/20 19:36:19 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
    [2011/10/20 16:40:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE(2).BIN
    [2011/10/20 16:12:10 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Local\temp(1130)
    [2011/10/20 13:02:51 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/20 02:09:02 | 000,000,000 | ---D | C] -- C:\Users\Bianca Castro\AppData\Roaming\Malwarebytes
    [2011/10/20 02:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2011/10/20 00:14:00 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
    [2011/10/20 00:13:59 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
    [2011/10/19 18:58:10 | 000,000,000 | ---D | C] -- C:\PC Tools Spyware Doctor Enterprise
    [2011/10/17 22:28:32 | 000,000,000 | -HSD | C] -- C:\Users\Bianca Castro\AppData\Local\b03d3e64
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
    [2011/10/22 22:22:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/10/22 22:22:00 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
    [2011/10/22 21:02:25 | 004,269,227 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
    [2011/10/22 19:55:42 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2011/10/22 19:27:18 | 001,008,092 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\rkill.com
    [2011/10/22 17:32:03 | 000,000,512 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
    [2011/10/22 14:13:27 | 000,603,516 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2011/10/22 14:13:27 | 000,103,586 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/10/22 13:53:53 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/10/22 13:43:52 | 002,565,464 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
    [2011/10/22 13:29:53 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe
    [2011/10/22 13:19:48 | 000,044,607 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
    [2011/10/22 12:53:25 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
    [2011/10/22 12:38:01 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
    [2011/10/22 12:37:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
    [2011/10/22 12:25:01 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
    [2011/10/22 00:04:53 | 000,302,592 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
    [2011/10/21 22:57:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\dds.scr
    [2011/10/21 11:57:45 | 000,000,943 | ---- | M] () -- C:\Users\Bianca Castro\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/21 11:25:30 | 000,001,971 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
    [2011/10/20 22:40:20 | 000,000,804 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
    [2011/10/20 21:50:32 | 000,000,870 | ---- | M] () -- C:\Users\Bianca Castro\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
    [2011/10/20 21:50:32 | 000,000,846 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
    [2011/10/20 21:46:30 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/10/18 15:26:47 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/18 15:26:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/18 15:26:44 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/17 22:56:32 | 000,014,198 | -H-- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
    [2011/10/17 22:56:15 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
    [2011/10/15 21:41:19 | 000,006,144 | ---- | M] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
    [2011/09/27 14:39:20 | 000,009,728 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps
    [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2011/10/22 19:32:15 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/22 19:32:14 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/22 19:32:14 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/22 19:32:14 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/22 19:32:14 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/22 19:27:18 | 001,008,092 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\rkill.com
    [2011/10/22 17:32:03 | 000,000,512 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\MBR.dat
    [2011/10/22 13:59:06 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
    [2011/10/22 13:43:51 | 002,565,464 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
    [2011/10/22 13:19:47 | 000,044,607 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\bootkit_remover.zip
    [2011/10/22 00:04:51 | 000,302,592 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
    [2011/10/21 11:57:45 | 000,000,949 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/10/21 11:41:07 | 000,057,667 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
    [2011/10/20 21:46:30 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
    [2011/10/18 15:26:47 | 000,000,280 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/18 15:26:47 | 000,000,192 | -H-- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/18 15:26:44 | 000,000,336 | -H-- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/15 22:18:05 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\legalization of marijuana.wps
    [2011/10/15 21:41:19 | 000,006,144 | ---- | C] () -- C:\Users\Bianca Castro\Documents\legalization of marijuana.wps
    [2011/09/25 22:51:14 | 000,009,728 | ---- | C] () -- C:\Users\Bianca Castro\Desktop\Case brief.wps
    [2011/02/06 04:13:16 | 000,106,605 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
    [2011/02/06 04:13:16 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
    [2011/01/23 00:09:50 | 000,815,104 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/01/23 00:09:50 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2010/02/10 13:07:14 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
    [2009/12/03 09:27:30 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2009/11/29 20:15:17 | 000,014,198 | -H-- | C] () -- C:\Users\Bianca Castro\AppData\Roaming\wklnhst.dat
    [2008/02/11 19:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
    [2008/02/11 19:34:48 | 002,215,364 | ---- | C] () -- C:\Windows\System32\igklg400.bin
    [2008/02/11 19:34:48 | 001,971,732 | ---- | C] () -- C:\Windows\System32\igklg450.bin
    [2008/02/11 19:34:48 | 000,029,932 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.bin
    [2008/02/09 22:16:19 | 000,031,744 | ---- | C] () -- C:\Users\Bianca Castro\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2008/02/09 21:58:13 | 000,000,335 | ---- | C] () -- C:\Windows\nsreg.dat
    [2008/01/02 17:57:36 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1409.dll
    [2008/01/02 17:47:22 | 001,953,696 | ---- | C] () -- C:\Windows\System32\igklg400.dll
    [2008/01/02 17:47:22 | 001,533,360 | ---- | C] () -- C:\Windows\System32\igklg450.dll
    [2008/01/02 17:47:22 | 000,104,636 | ---- | C] () -- C:\Windows\System32\igmedcompkrn.dll
    [2007/11/20 01:38:50 | 000,910,464 | ---- | C] () -- C:\Windows\System32\igmedkrn.dll
    [2007/11/20 01:38:50 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1283.dll
    [2007/11/20 01:37:59 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
    [2006/11/02 08:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2006/11/02 08:47:37 | 000,343,408 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
    [2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
    [2006/11/02 06:33:01 | 000,603,516 | ---- | C] () -- C:\Windows\System32\perfh009.dat
    [2006/11/02 06:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
    [2006/11/02 06:33:01 | 000,103,586 | ---- | C] () -- C:\Windows\System32\perfc009.dat
    [2006/11/02 06:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
    [2006/11/02 06:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
    [2006/11/02 04:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2006/11/02 04:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
    [2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
    [2006/11/02 03:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
    [2006/06/11 20:01:15 | 000,352,256 | ---- | C] () -- C:\Windows\System32\HotlineClient.exe
    [1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\Windows\System32\giveio.sys

    ========== LOP Check ==========

    [2008/04/05 21:14:17 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\acccore
    [2010/10/29 21:44:58 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\FrostWire
    [2011/10/20 21:18:20 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\ICAClient
    [2008/02/09 20:37:25 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\SampleView
    [2011/10/20 21:18:21 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\Spare Backup
    [2008/02/09 20:55:42 | 000,000,000 | ---D | M] -- C:\Users\ana\AppData\Roaming\WildTangent
    [2008/04/05 21:20:44 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\acccore
    [2010/07/06 12:50:53 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Auslogics
    [2011/10/20 22:14:31 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\AVG2012
    [2010/10/31 19:48:19 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\FrostWire
    [2009/08/28 20:17:43 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Octoshape
    [2010/09/25 22:47:15 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\PlayFirst
    [2010/04/28 19:07:54 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Research In Motion
    [2008/02/09 23:14:41 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\SampleView
    [2011/10/20 22:44:15 | 000,000,000 | ---D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Spare Backup
    [2011/02/28 15:59:38 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Template
    [2011/09/09 20:41:56 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\Unity
    [2008/02/09 21:30:05 | 000,000,000 | -H-D | M] -- C:\Users\Bianca Castro\AppData\Roaming\WildTangent
    [2011/10/22 13:53:50 | 000,032,598 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
    [2008/01/19 03:45:45 | 000,333,203 | RHS- | M] () -- C:\bootmgr
    [2006/06/11 20:36:06 | 000,008,192 | R-S- | M] () -- C:\BOOTSECT.BAK
    [2006/09/18 17:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2011/02/13 21:37:58 | 000,001,055 | -H-- | M] () -- C:\IPH.PH
    [2007/11/20 01:23:47 | 000,000,165 | ---- | M] () -- C:\labelPrint.log
    [2011/10/20 21:42:07 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2011/10/22 12:52:31 | 3524,980,736 | -HS- | M] () -- C:\pagefile.sys
    [2007/11/20 01:27:00 | 000,000,163 | ---- | M] () -- C:\power2go.log
    [2011/10/22 20:03:04 | 000,000,467 | ---- | M] () -- C:\rkill.log
    [2008/02/09 21:58:14 | 000,000,455 | -H-- | M] () -- C:\T4Metrics.log
    [2011/10/22 17:49:00 | 000,146,010 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_22.10.2011_17.43.27_log.txt
    [2011/10/22 17:51:15 | 000,073,930 | ---- | M] () -- C:\TDSSKiller.2.6.12.0_22.10.2011_17.49.17_log.txt

    < %systemroot%\Fonts\*.com >
    [2006/11/02 08:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2006/11/02 08:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2006/11/02 08:37:12 | 000,030,808 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2006/09/18 17:37:34 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2006/11/02 08:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\jnwppr.dll
    [2006/10/26 23:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\spool\prtprocs\w32x86\msonpppr.dll

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2011/02/04 23:59:10 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
    [2006/11/02 06:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
    [2006/11/02 06:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
    [2006/11/02 06:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
    [2006/11/02 06:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/10/21 11:57:45 | 000,000,286 | -HS- | M] () -- C:\Users\Bianca Castro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini
  25. Jeckz

    Jeckz Newcomer, in training Topic Starter Posts: 45

    OTL(cont.)

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/22 00:04:53 | 000,302,592 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\28n0w7vt.exe
    [2011/10/22 12:38:01 | 008,922,408 | ---- | M] (OPSWAT, Inc.) -- C:\Users\Bianca Castro\Desktop\AppRemover.exe
    [2011/10/22 12:37:20 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\Bianca Castro\Desktop\aswMBR.exe
    [2011/10/22 21:02:25 | 004,269,227 | R--- | M] (Swearware) -- C:\Users\Bianca Castro\Desktop\ComboFix.exe
    [2011/03/31 13:16:09 | 000,359,936 | ---- | M] (iH8sn0w Dev team) -- C:\Users\Bianca Castro\Desktop\f0recast.exe
    [2011/10/22 13:43:52 | 002,565,464 | ---- | M] () -- C:\Users\Bianca Castro\Desktop\NTBR_CD.exe
    [2011/10/22 22:28:13 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Bianca Castro\Desktop\OTL.exe
    [2011/10/22 13:29:53 | 001,561,392 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bianca Castro\Desktop\tdsskiller.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2008/02/09 21:01:24 | 000,000,402 | -HS- | M] () -- C:\Users\Bianca Castro\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/18 15:26:44 | 000,000,336 | -H-- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/18 15:26:47 | 000,000,280 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/18 15:26:47 | 000,000,192 | -H-- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
    @Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

    < End of report >


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.