TechSpot

Iexplore.exe running w/o IE open + Google redirect

Solved
By Shydoe
Oct 29, 2011
  1. Removed a fake Anti-Virus but iexplorer.exe*32 and google redirects are still happening and nothing I run/scan seems to find it.


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8039

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    10/29/2011 8:03:22 AM
    mbam-log-2011-10-29 (08-03-22).txt

    Scan type: Quick scan
    Objects scanned: 195192
    Time elapsed: 1 minute(s), 45 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-29 07:51:17
    Windows 6.1.7601 Service Pack 1
    Running: 8igsdzwt.exe


    ---- Files - GMER 1.0.15 ----

    File C:\Users\$ean-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNQZQPUW\down[2] 0 bytes
    File C:\Users\$ean-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNQZQPUW\errorPageStrings[1] 0 bytes
    File C:\Users\$ean-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNQZQPUW\set[1].gif 0 bytes
    File C:\Users\$ean-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HNQZQPUW\4232512637[1].htm 0 bytes
    File C:\Users\$ean-\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PNTWH74G\get[1].js 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\I32FVP0V.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\IGDVS5SM.txt 91 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\J6CU9I75.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\0O80KOAJ.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\1GEGF8LB.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\22D7Y2W8.txt 716 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\BV3UP8L3.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\DE4LC8FM.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\G06JAH48.txt 242 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\N15T3UFE.txt 248 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\ODNJD4JH.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\S8FAYCJW.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\U8RPEBU5.txt 0 bytes
    File C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Cookies\W251FXSE.txt 0 bytes

    ---- EOF - GMER 1.0.15 ----

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by $ean- at 7:51:29 on 2011-10-29
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.6621 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\LSI SoftModem\agr64svc.exe
    C:\Windows\SysWOW64\svchost.exe -k Akamai
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Core Temp\Core Temp.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager64.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\$ean-\Desktop\TaskAssign.exe
    C:\Program Files (x86)\Steam\Steam.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\taskhost.exe
    C:\Users\$ean-\Desktop\Dungeon Defenders - Auto Fire.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.free-tv-video-online.me/internet/the_big_bang_theory/index.html
    mWinlogon: Shell=explorer.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{43925531-C801-4D0D-81C4-EFF1E6227543} : DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    TCP: Interfaces\{43925531-C801-4D0D-81C4-EFF1E6227543}\425616E6D2 : DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    TCP: Interfaces\{46C0B5B8-D6E1-41DA-B196-FFCB61822923} : DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    TCP: Interfaces\{8B3367B7-F7B6-424D-9A05-643E0AD7EC39} : DhcpNameServer = 192.168.1.1
    Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
    mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRunOnce-x64: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath -
    .
    ============= SERVICES / DRIVERS ===============
    .
    R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-4-29 2255464]
    R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-8-3 379496]
    R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y60x64.sys --> C:\Windows\system32\DRIVERS\e1y60x64.sys [?]
    R3 gwfilt64;gwfilt64;C:\Windows\system32\drivers\gwfilt64.sys --> C:\Windows\system32\drivers\gwfilt64.sys [?]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-29 14:51:24 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-10-29 05:49:20 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-10-29 05:21:12 -------- d-----w- C:\Users\$ean-\AppData\Local\G DATA
    2011-10-29 02:57:47 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589F25AC-2FE5-48C0-B06B-78012C39A2BF}\offreg.dll
    2011-10-29 02:57:46 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{589F25AC-2FE5-48C0-B06B-78012C39A2BF}\mpengine.dll
    2011-10-27 04:57:47 -------- d-----w- C:\Program Files\CCleaner
    2011-10-27 04:44:38 -------- d-----w- C:\_OTL
    2011-10-27 04:33:31 -------- d-----w- C:\Program Files (x86)\SecurityXploded
    2011-10-27 03:06:03 -------- d-----w- C:\$WINDOWS.~LS
    2011-10-16 18:35:51 -------- d-----w- C:\$RECYCLE.BIN
    2011-10-16 17:51:06 -------- d-----w- C:\ComboFix
    2011-10-16 17:16:11 98816 ----a-w- C:\Windows\sed.exe
    2011-10-16 17:16:11 518144 ----a-w- C:\Windows\SWREG.exe
    2011-10-16 17:16:11 256000 ----a-w- C:\Windows\PEV.exe
    2011-10-16 17:16:11 208896 ----a-w- C:\Windows\MBR.exe
    2011-10-15 17:34:38 39870 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Updater.exe
    2011-10-15 17:34:38 36864 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Enigma Item Changer.exe
    2011-10-15 14:54:31 3138048 ----a-w- C:\Windows\System32\win32k.sys
    2011-10-15 14:53:46 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
    2011-10-15 14:53:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
    2011-10-15 14:53:46 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
    2011-10-15 14:53:45 108032 ----a-w- C:\Windows\System32\psisrndr.ax
    2011-10-15 14:52:54 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-10-15 14:52:54 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-10-15 14:52:54 331776 ----a-w- C:\Windows\System32\oleacc.dll
    2011-10-15 14:52:54 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
    2011-10-04 05:14:07 -------- d-----w- C:\Users\$ean-\.frostwire5
    .
    ==================== Find3M ====================
    .
    2011-10-18 14:07:03 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 12:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-09-28 02:39:18 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
    2011-09-28 02:39:18 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
    2011-08-03 10:31:54 311912 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
    .
    ============= FINISH: 7:58:22.67 ===============

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 7/16/2010 7:59:39 AM
    System Uptime: 10/28/2011 7:25:16 PM (12 hours ago)
    .
    Motherboard: Gateway | | TBGM01
    Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz | CPU 1 | 3068/133mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 917 GiB total, 634.705 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e96f-e325-11ce-bfc1-08002be10318}
    Description: Microsoft PS/2 Mouse
    Device ID: ACPI\PNP0F03\4&6730480&0
    Manufacturer: Microsoft
    Name: Microsoft PS/2 Mouse
    PNP Device ID: ACPI\PNP0F03\4&6730480&0
    Service: i8042prt
    .
    ==== System Restore Points ===================
    .
    RP220: 10/22/2011 8:05:44 AM - Windows Update
    RP221: 10/26/2011 7:54:54 AM - Windows Update
    RP222: 10/26/2011 8:11:38 AM - Windows Update
    RP223: 10/26/2011 8:30:23 PM - Restore Operation
    RP224: 10/26/2011 9:08:16 PM - Windows Modules Installer
    RP225: 10/26/2011 9:24:14 PM - Windows Update
    RP226: 10/26/2011 10:15:03 PM - Removed Bonjour
    RP227: 10/26/2011 10:22:52 PM - Windows Update
    RP228: 10/28/2011 7:39:48 AM - Installed Java(TM) 6 Update 29
    RP229: 10/28/2011 8:06:50 PM - Installed DirectX
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.4.6
    Akamai NetSession Interface
    Apple Application Support
    Apple Software Update
    Bandisoft MPEG-1 Decoder
    Curse Client
    Dragon Saga
    DragonNest
    Dual-Core Optimizer
    Dungeon Defenders
    EverQuest II
    EverQuest: Escape to Norrath
    Free Easy Burner V 4.1
    Global Agenda
    Guild Wars
    Heroes of Newerth
    Java Auto Updater
    Java(TM) 6 Update 29
    jZip
    League of Legends
    Left 4 Dead 2
    Magicka - Demo
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Corporation
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Games for Windows Marketplace
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft XNA Framework Redistributable 3.1
    Mozilla Firefox (3.6.23)
    Neverwinter Nights 2: Platinum
    Nexon Game Manager
    NVIDIA 3D Vision Controller Driver
    NVIDIA Performance
    NVIDIA PhysX
    NVIDIA Stereoscopic 3D Driver
    NVIDIA System Monitor
    NVIDIA System Update
    Pando Media Booster
    Pure Networks Platform
    QuickTime
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Spotify
    Steam
    System Requirements Lab
    Torchlight
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Extended (KB2468871)
    Update for Microsoft .NET Framework 4 Extended (KB2533523)
    Upgrade Kit
    VideoLAN VLC media player 0.8.6f
    Warhammer® 40,000™: Dawn of War® II
    Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
    World of Warcraft
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/26/2011 9:47:25 PM, Error: Microsoft Antimalware [3002] -
    10/26/2011 9:44:39 PM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
    10/26/2011 9:03:02 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.
    10/26/2011 9:03:02 PM, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
  2. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ====================================================================

    I don't see any AV program running.
    Install one of these:
    - Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
    - Avira free antivirus: http://www.free-av.com/en/download/1/avira_antivir_personal__free_antivirus.html (make sure to opt out from installing Ask Toolbar - it comes pre-checked)
    Update, run full scan, report on any findings.

    Then....

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan:
    [​IMG]

    On completion of the scan click "Save log", save it to your desktop and post in your next reply:
    [​IMG]

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

    ===================================================================

    Please download ComboFix from Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    4. Double click on combofix.exe & follow the prompts.
    5. When finished, it will produce a report for you.
    6. Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.



    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try one of the following:

    1. Run Combofix from Safe Mode (How to...)

    2. Delete Combofix file, download fresh one, but rename combofix.exe to yourname.exe BEFORE saving it to your desktop.
    Do NOT run it yet.

    Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

    There are 4 different versions. If one of them won't run then download and try to run the other one.

    Vista and Win7 users need to right click Rkill and choose Run as Administrator

    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    Rkill.com
    Rkill.scr
    Rkill.exe

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    If normal mode still doesn't work, run BOTH tools from safe mode.

    In case #2, please post BOTH logs, rKill and Combofix.

    DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
  3. Shydoe

    Shydoe Newcomer, in training Topic Starter

    Avast full scan found nothing.

    ComboFix 11-10-29.06 - $ean- 10/29/2011 18:35:52.3.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7443 [GMT -7:00]
    Running from: c:\users\$ean-\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 )))))))))))))))))))))))))))))))
    .
    .
    2011-10-30 02:05 . 2011-10-30 02:05 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-10-30 02:05 . 2011-10-30 02:05 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-10-29 18:27 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-10-29 18:27 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-10-29 18:27 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-10-29 18:27 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-29 18:27 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-10-29 18:27 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-10-29 18:27 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-29 18:27 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-29 18:27 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-10-29 18:27 . 2011-10-29 18:27 -------- d-----w- c:\programdata\AVAST Software
    2011-10-29 18:27 . 2011-10-29 18:27 -------- d-----w- c:\program files\AVAST Software
    2011-10-29 05:21 . 2011-10-29 05:21 -------- d-----w- c:\users\$ean-\AppData\Local\G DATA
    2011-10-29 02:57 . 2011-10-30 02:09 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{589F25AC-2FE5-48C0-B06B-78012C39A2BF}\offreg.dll
    2011-10-29 02:57 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{589F25AC-2FE5-48C0-B06B-78012C39A2BF}\mpengine.dll
    2011-10-28 14:40 . 2011-10-28 14:40 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-10-27 04:57 . 2011-10-27 04:57 -------- d-----w- c:\program files\CCleaner
    2011-10-27 04:44 . 2011-10-27 04:44 -------- d-----w- C:\_OTL
    2011-10-27 04:33 . 2011-10-27 04:33 -------- d-----w- c:\program files (x86)\SecurityXploded
    2011-10-27 03:06 . 2011-10-27 03:06 -------- d-----w- C:\$WINDOWS.~LS
    2011-10-15 17:34 . 2011-10-07 10:32 39870 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Updater.exe
    2011-10-15 17:34 . 2011-10-07 10:32 36864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Enigma Item Changer.exe
    2011-10-15 14:54 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-15 14:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-15 14:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-15 14:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-15 14:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-15 14:52 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-15 14:52 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-15 14:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-15 14:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    2011-10-04 05:14 . 2011-10-15 07:19 -------- d-----w- c:\users\$ean-\.frostwire5
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 14:07 . 2011-05-14 16:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 12:06 . 2010-07-16 15:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-28 02:39 . 2008-06-19 23:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-09-28 02:39 . 2008-06-19 23:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    2011-08-03 11:50 . 2011-08-11 00:22 7254632 ----a-w- c:\windows\system32\nvcuda.dll
    2011-08-03 11:50 . 2011-08-11 00:22 67176 ----a-w- c:\windows\system32\OpenCL.dll
    2011-08-03 11:50 . 2011-08-11 00:22 6613096 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
    2011-08-03 11:50 . 2011-08-11 00:22 57960 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2011-08-03 11:50 . 2011-08-11 00:22 5404776 ----a-w- c:\windows\SysWow64\nvcuda.dll
    2011-08-03 11:50 . 2011-08-11 00:22 2532456 ----a-w- c:\windows\system32\nvcuvid.dll
    2011-08-03 11:50 . 2011-08-11 00:22 24692840 ----a-w- c:\windows\system32\nvcompiler.dll
    2011-08-03 11:50 . 2011-08-11 00:22 2391656 ----a-w- c:\windows\SysWow64\nvcuvid.dll
    2011-08-03 11:50 . 2011-08-11 00:22 22470248 ----a-w- c:\windows\system32\nvoglv64.dll
    2011-08-03 11:50 . 2011-08-11 00:22 2222184 ----a-w- c:\windows\system32\nvcuvenc.dll
    2011-08-03 11:50 . 2011-08-11 00:22 2090088 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
    2011-08-03 11:50 . 2011-08-11 00:22 17193576 ----a-w- c:\windows\SysWow64\nvcompiler.dll
    2011-08-03 11:50 . 2011-08-11 00:22 16595560 ----a-w- c:\windows\SysWow64\nvoglv32.dll
    2011-08-03 11:50 . 2011-08-11 00:22 1519720 ----a-w- c:\windows\system32\nvdispco64.dll
    2011-08-03 11:50 . 2011-08-11 00:22 1453160 ----a-w- c:\windows\system32\nvgenco64.dll
    2011-08-03 11:50 . 2011-08-11 00:22 12909672 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2011-08-03 11:50 . 2011-08-01 02:26 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
    2011-08-03 11:50 . 2011-08-01 02:26 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
    2011-08-03 11:50 . 2011-04-08 06:19 117864 ----a-w- c:\windows\system32\nvmctray.dll
    2011-08-03 11:50 . 2011-04-08 06:19 980072 ----a-w- c:\windows\system32\nvvsvc.exe
    2011-08-03 11:50 . 2011-04-08 06:19 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
    2011-08-03 11:50 . 2011-04-08 06:19 6136936 ----a-w- c:\windows\system32\nvcpl.dll
    2011-08-03 11:50 . 2011-04-08 06:19 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
    2011-08-03 11:50 . 2009-07-15 08:54 2758760 ----a-w- c:\windows\system32\nvapi64.dll
    2011-08-03 11:50 . 2009-07-14 21:08 61544 ----a-w- c:\windows\system32\nvshext.dll
    2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
    2011-08-03 11:50 . 2009-07-13 21:59 15064168 ----a-w- c:\windows\system32\nvd3dumx.dll
    2011-08-03 10:31 . 2011-08-03 10:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-10-16_18.36.37 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2011-10-27 04:09 . 2011-10-27 04:09 76800 c:\windows\SysWOW64\SetIEInstalledDate.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 74752 c:\windows\SysWOW64\RegisterIEPKEYs.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 54272 c:\windows\SysWOW64\pngfilt.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 48640 c:\windows\SysWOW64\mshtmler.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 72704 c:\windows\SysWOW64\mshtmled.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 11776 c:\windows\SysWOW64\mshta.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 10752 c:\windows\SysWOW64\msfeedssync.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 41472 c:\windows\SysWOW64\msfeedsbs.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 66048 c:\windows\SysWOW64\migration\WininetPlugin.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 23552 c:\windows\SysWOW64\licmgr10.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 65024 c:\windows\SysWOW64\jsproxy.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 78848 c:\windows\SysWOW64\inseng.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 35840 c:\windows\SysWOW64\imgutil.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 86528 c:\windows\SysWOW64\iesysprep.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 74752 c:\windows\SysWOW64\iesetup.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 31744 c:\windows\SysWOW64\iernonce.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 74240 c:\windows\SysWOW64\ie4uinit.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 66048 c:\windows\SysWOW64\icardie.dll
    + 2009-07-14 04:54 . 2011-10-30 02:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-08-30 05:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-10-30 02:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-30 05:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-30 02:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-08-30 05:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-17 17:36 . 2011-10-30 02:09 50698 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-10-30 02:09 36430 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-16 15:24 . 2011-10-30 02:09 17944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42986055-3233748428-2578529128-1001_UserData.bin
    + 2011-10-27 04:09 . 2011-10-27 04:09 91648 c:\windows\system32\SetIEInstalledDate.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 89088 c:\windows\system32\RegisterIEPKEYs.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 65024 c:\windows\system32\pngfilt.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 48640 c:\windows\system32\mshtmler.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 96256 c:\windows\system32\mshtmled.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 12288 c:\windows\system32\mshta.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 10752 c:\windows\system32\msfeedssync.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 55296 c:\windows\system32\msfeedsbs.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 86528 c:\windows\system32\migration\WininetPlugin.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 30720 c:\windows\system32\licmgr10.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 85504 c:\windows\system32\jsproxy.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 49664 c:\windows\system32\imgutil.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 85504 c:\windows\system32\iesetup.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 39936 c:\windows\system32\iernonce.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 89088 c:\windows\system32\ie4uinit.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 82432 c:\windows\system32\icardie.dll
    - 2010-07-16 06:28 . 2011-10-15 21:23 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-16 06:28 . 2011-10-28 03:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-16 06:28 . 2011-10-28 03:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-07-16 06:28 . 2011-10-15 21:23 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-15 21:23 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-10-28 03:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-16 15:24 . 2011-10-27 04:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-16 15:24 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:46 . 2011-10-28 14:24 93232 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-10-15 05:52 . 2011-10-27 04:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-15 05:52 . 2011-10-16 18:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
    - 2011-10-15 05:52 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    + 2011-10-15 05:52 . 2011-10-27 04:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
    - 2011-10-15 05:52 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    + 2011-10-15 05:52 . 2011-10-27 04:03 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
    - 2010-07-16 15:24 . 2011-10-16 18:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-16 15:24 . 2011-10-27 04:03 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-16 15:24 . 2011-10-27 04:02 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-16 15:24 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-16 15:24 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-16 15:24 . 2011-10-27 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-16 15:24 . 2011-10-27 04:07 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-07-16 15:24 . 2011-10-16 18:35 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-09-21 07:07 . 2010-09-21 07:07 70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobeextractfiles.dll
    + 2011-10-30 02:07 . 2011-10-30 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-10-16 18:35 . 2011-10-16 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-10-30 02:07 . 2011-10-30 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-16 18:35 . 2011-10-16 18:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2011-10-27 04:09 . 2011-10-27 04:09 152064 c:\windows\SysWOW64\wextract.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 203776 c:\windows\SysWOW64\webcheck.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 420864 c:\windows\SysWOW64\vbscript.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 231936 c:\windows\SysWOW64\url.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 123392 c:\windows\SysWOW64\occache.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 162304 c:\windows\SysWOW64\msrating.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 161792 c:\windows\SysWOW64\msls31.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 580608 c:\windows\SysWOW64\msfeeds.dll
    + 2011-10-18 14:07 . 2011-10-18 14:07 247968 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe
    + 2011-10-18 14:07 . 2011-10-18 14:07 335520 c:\windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.dll
    - 2011-04-15 22:36 . 2011-02-18 05:41 716800 c:\windows\SysWOW64\jscript.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 716800 c:\windows\SysWOW64\jscript.dll
    + 2011-10-28 14:40 . 2011-10-03 12:06 157472 c:\windows\SysWOW64\javaws.exe
    - 2010-12-25 15:01 . 2010-11-13 02:53 157472 c:\windows\SysWOW64\javaws.exe
    - 2010-12-25 15:01 . 2010-11-13 02:53 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-10-28 14:40 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\javaw.exe
    + 2011-10-28 14:40 . 2011-10-03 12:06 145184 c:\windows\SysWOW64\java.exe
    - 2010-12-25 15:01 . 2010-11-13 02:53 145184 c:\windows\SysWOW64\java.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 150528 c:\windows\SysWOW64\iexpress.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 142848 c:\windows\SysWOW64\ieUnatt.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 176640 c:\windows\SysWOW64\ieui.dll
    - 2011-10-15 14:54 . 2011-08-20 04:26 176640 c:\windows\SysWOW64\ieui.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 118784 c:\windows\SysWOW64\iepeers.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 353584 c:\windows\SysWOW64\iedkcs32.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 434176 c:\windows\SysWOW64\ieapfltr.dll
    - 2009-07-13 23:42 . 2009-07-14 01:05 163840 c:\windows\SysWOW64\ieakui.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 163840 c:\windows\SysWOW64\ieakui.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 227840 c:\windows\SysWOW64\ieaksie.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 130560 c:\windows\SysWOW64\ieakeng.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 110592 c:\windows\SysWOW64\IEAdvpack.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 223232 c:\windows\SysWOW64\dxtrans.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 353792 c:\windows\SysWOW64\dxtmsft.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 101888 c:\windows\SysWOW64\admparse.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 160256 c:\windows\system32\wextract.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 249344 c:\windows\system32\webcheck.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 603648 c:\windows\system32\vbscript.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 237056 c:\windows\system32\url.dll
    + 2009-07-14 02:36 . 2011-10-29 22:42 660280 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-10-29 22:42 121208 c:\windows\system32\perfc009.dat
    + 2011-10-27 04:09 . 2011-10-27 04:09 149504 c:\windows\system32\occache.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 197120 c:\windows\system32\msrating.dll
    - 2009-07-13 23:39 . 2009-07-14 01:41 222208 c:\windows\system32\msls31.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 222208 c:\windows\system32\msls31.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 697344 c:\windows\system32\msfeeds.dll
    + 2010-07-16 15:16 . 2011-05-25 02:14 270720 c:\windows\system32\MpSigStub.exe
    - 2010-07-16 15:16 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 818176 c:\windows\system32\jscript.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 103936 c:\windows\system32\inseng.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 165888 c:\windows\system32\iexpress.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 173056 c:\windows\system32\ieUnatt.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 248320 c:\windows\system32\ieui.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 111616 c:\windows\system32\iesysprep.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 145920 c:\windows\system32\iepeers.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 403248 c:\windows\system32\iedkcs32.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 534528 c:\windows\system32\ieapfltr.dll
    - 2009-07-13 23:58 . 2009-07-14 01:27 163840 c:\windows\system32\ieakui.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 163840 c:\windows\system32\ieakui.dll
    - 2009-07-13 23:58 . 2009-07-14 01:41 267776 c:\windows\system32\ieaksie.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 267776 c:\windows\system32\ieaksie.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 160256 c:\windows\system32\ieakeng.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 135168 c:\windows\system32\IEAdvpack.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 282112 c:\windows\system32\dxtrans.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 452608 c:\windows\system32\dxtmsft.dll
    + 2009-07-14 05:12 . 2011-10-27 00:32 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    - 2009-07-14 05:12 . 2011-05-10 18:38 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
    + 2011-10-27 04:09 . 2011-10-27 04:09 114176 c:\windows\system32\admparse.dll
    - 2009-07-14 05:01 . 2011-10-16 18:34 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 05:01 . 2011-10-30 02:06 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2011-10-28 14:40 . 2011-10-28 14:40 207360 c:\windows\Installer\13aa0c.msi
    + 2010-09-21 07:07 . 2010-09-21 07:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\readerupdater.exe
    + 2010-09-21 07:07 . 2010-09-21 07:07 932288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\adobearm.exe
    + 2010-09-21 07:07 . 2010-09-21 07:07 338856 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0400000010\9.4.0\acrobatupdater.exe
    + 2011-10-27 04:09 . 2011-10-27 04:09 1126912 c:\windows\SysWOW64\wininet.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 1102848 c:\windows\SysWOW64\urlmon.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 1798144 c:\windows\SysWOW64\jscript9.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 1791488 c:\windows\SysWOW64\iertutil.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 9704960 c:\windows\SysWOW64\ieframe.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 3695416 c:\windows\SysWOW64\ieapfltr.dat
    + 2011-10-27 04:09 . 2011-10-27 04:09 1389056 c:\windows\system32\wininet.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 1344512 c:\windows\system32\urlmon.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 2309120 c:\windows\system32\jscript9.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 2143744 c:\windows\system32\iertutil.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 3695416 c:\windows\system32\ieapfltr.dat
    - 2009-07-14 04:45 . 2011-10-15 19:03 7148836 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2009-07-14 04:45 . 2011-10-27 14:20 7148836 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
    + 2010-07-25 06:47 . 2011-10-30 02:06 2193792 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-42986055-3233748428-2578529128-1001-12288.dat
    + 2011-09-07 23:36 . 2011-09-07 23:36 6069248 c:\windows\Installer\1ad2c7.msp
    + 2011-10-27 04:09 . 2011-10-27 04:09 12275200 c:\windows\SysWOW64\mshtml.dll
    + 2009-07-14 02:34 . 2011-10-27 04:11 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    - 2009-07-14 02:34 . 2011-10-15 18:59 10485760 c:\windows\system32\SMI\Store\Machine\schema.dat
    + 2011-10-27 04:09 . 2011-10-27 04:09 17781760 c:\windows\system32\mshtml.dll
    + 2011-10-27 04:09 . 2011-10-27 04:09 10886144 c:\windows\system32\ieframe.dll
    + 2011-06-08 04:39 . 2011-06-08 04:39 19798016 c:\windows\Installer\1ad2c8.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-09-28 273528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 ALSysIO;ALSysIO;c:\users\$ean-\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
    "Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 1366064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.free-tv-video-online.me/internet/the_big_bang_theory/index.html
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath -
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\users\$ean-\Desktop\TaskAssign.exe
    .
    **************************************************************************
    .
    Completion time: 2011-10-29 19:30:30 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-10-30 02:30
    .
    Pre-Run: 681,845,997,568 bytes free
    Post-Run: 681,543,606,272 bytes free
    .
    - - End Of File - - 8FF105802E07777DBC0D01FB6E74055D


    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-10-29 13:29:38
    -----------------------------
    13:29:38.909 OS Version: Windows x64 6.1.7601 Service Pack 1
    13:29:38.909 Number of processors: 8 586 0x1A05
    13:29:38.909 ComputerName: MALFEAS UserName: $ean-
    13:29:43.433 Initialize success
    13:29:43.695 AVAST engine defs: 11102901
    13:30:08.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    13:30:08.019 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
    13:30:08.040 Disk 0 MBR read successfully
    13:30:08.043 Disk 0 MBR scan
    13:30:08.050 Disk 0 MBR:Alureon-I [Rtk]
    13:30:08.052 Disk 0 TDL4@MBR code has been found
    13:30:08.054 Disk 0 Windows 7 default MBR code found via API
    13:30:08.057 Disk 0 MBR hidden
    13:30:08.059 Disk 0 MBR [TDL4] **ROOTKIT**
    13:30:08.062 Disk 0 trace - called modules:
    13:30:08.074 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8009611254]<<
    13:30:08.077 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009514790]
    13:30:08.080 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80086f7050]
    13:30:08.085 \Driver\iaStor[0xfffffa80086c6e70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8009611254
    13:30:10.362 AVAST engine scan C:\Windows
    13:30:49.847 AVAST engine scan C:\Windows\system32
    13:34:11.316 AVAST engine scan C:\Windows\system32\drivers
    13:34:58.784 AVAST engine scan C:\Users\$ean-
    13:47:14.153 AVAST engine scan C:\ProgramData
    13:47:56.174 Scan finished successfully
    13:48:35.970 Disk 0 MBR has been saved successfully to "C:\Users\$ean-\Desktop\MBR.dat"
    13:48:35.973 The log file has been saved successfully to "C:\Users\$ean-\Desktop\aswMBR.txt"
  4. Shydoe

    Shydoe Newcomer, in training Topic Starter

    posted logs are both the most recent
  5. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Download TDSSKiller and save it to your desktop.
    • Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
    • If an infected file is detected, the default action will be Cure, click on Continue.
    • If a suspicious file is detected, the default action will be Skip, click on Continue.
    • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
    • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
    • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
  6. Shydoe

    Shydoe Newcomer, in training Topic Starter

    TDSS rootkit removing tool 2.6.15.0 Nov 3 2011 17:15:49
    20:46:36.0664 4236 ============================================================
    20:46:36.0664 4236 Current date / time: 2011/11/03 20:46:36.0664
    20:46:36.0664 4236 SystemInfo:
    20:46:36.0664 4236
    20:46:36.0664 4236 OS Version: 6.1.7601 ServicePack: 1.0
    20:46:36.0664 4236 Product type: Workstation
    20:46:36.0664 4236 ComputerName: MALFEAS
    20:46:36.0664 4236 UserName: $ean-
    20:46:36.0665 4236 Windows directory: C:\Windows
    20:46:36.0665 4236 System windows directory: C:\Windows
    20:46:36.0665 4236 Running under WOW64
    20:46:36.0665 4236 Processor architecture: Intel x64
    20:46:36.0665 4236 Number of processors: 8
    20:46:36.0665 4236 Page size: 0x1000
    20:46:36.0665 4236 Boot type: Normal boot
    20:46:36.0665 4236 ============================================================
    20:46:36.0916 4236 Initialize success
    20:46:40.0451 6096 ============================================================
    20:46:40.0451 6096 Scan started
    20:46:40.0451 6096 Mode: Manual;
    20:46:40.0451 6096 ============================================================
    20:46:41.0519 6096 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
    20:46:41.0522 6096 1394ohci - ok
    20:46:41.0561 6096 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
    20:46:41.0565 6096 ACPI - ok
    20:46:41.0580 6096 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
    20:46:41.0581 6096 AcpiPmi - ok
    20:46:41.0633 6096 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    20:46:41.0639 6096 adp94xx - ok
    20:46:41.0725 6096 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    20:46:41.0729 6096 adpahci - ok
    20:46:41.0755 6096 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    20:46:41.0757 6096 adpu320 - ok
    20:46:41.0806 6096 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
    20:46:41.0811 6096 AFD - ok
    20:46:41.0940 6096 AGERESoftModem (ddf52c4c92d831a4cdb7788b37585e36) C:\Windows\system32\DRIVERS\agrsm64.sys
    20:46:41.0953 6096 AGERESoftModem - ok
    20:46:42.0020 6096 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
    20:46:42.0022 6096 agp440 - ok
    20:46:42.0113 6096 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
    20:46:42.0115 6096 aliide - ok
    20:46:42.0173 6096 ALSysIO - ok
    20:46:42.0253 6096 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
    20:46:42.0254 6096 amdide - ok
    20:46:42.0303 6096 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    20:46:42.0305 6096 AmdK8 - ok
    20:46:42.0323 6096 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    20:46:42.0325 6096 AmdPPM - ok
    20:46:42.0365 6096 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
    20:46:42.0367 6096 amdsata - ok
    20:46:42.0420 6096 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    20:46:42.0422 6096 amdsbs - ok
    20:46:42.0441 6096 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
    20:46:42.0442 6096 amdxata - ok
    20:46:42.0480 6096 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
    20:46:42.0481 6096 AppID - ok
    20:46:42.0585 6096 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    20:46:42.0587 6096 arc - ok
    20:46:42.0614 6096 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    20:46:42.0616 6096 arcsas - ok
    20:46:42.0689 6096 aswFsBlk (5a68b880c16ad5a6aa20b49a47ffff24) C:\Windows\system32\drivers\aswFsBlk.sys
    20:46:42.0689 6096 aswFsBlk - ok
    20:46:42.0762 6096 aswMonFlt (230613be2d3da8053879be5ed2848f2d) C:\Windows\system32\drivers\aswMonFlt.sys
    20:46:42.0763 6096 aswMonFlt - ok
    20:46:42.0815 6096 aswRdr (0dc1996ae4178d7d14744ef6b3082313) C:\Windows\system32\drivers\aswRdr.sys
    20:46:42.0815 6096 aswRdr - ok
    20:46:42.0873 6096 aswSnx (b6ff911c23775cdfdd49612d92637af4) C:\Windows\system32\drivers\aswSnx.sys
    20:46:42.0876 6096 aswSnx - ok
    20:46:42.0897 6096 aswSP (5a590d8516376aed1829fc07d3bdaa4b) C:\Windows\system32\drivers\aswSP.sys
    20:46:42.0899 6096 aswSP - ok
    20:46:42.0946 6096 aswTdi (3239c0082fb0c1c4ee323730b85690a5) C:\Windows\system32\drivers\aswTdi.sys
    20:46:42.0946 6096 aswTdi - ok
    20:46:43.0032 6096 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    20:46:43.0033 6096 AsyncMac - ok
    20:46:43.0075 6096 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
    20:46:43.0075 6096 atapi - ok
    20:46:43.0161 6096 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    20:46:43.0166 6096 b06bdrv - ok
    20:46:43.0213 6096 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    20:46:43.0217 6096 b57nd60a - ok
    20:46:43.0259 6096 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    20:46:43.0260 6096 Beep - ok
    20:46:43.0301 6096 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    20:46:43.0302 6096 blbdrive - ok
    20:46:43.0351 6096 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
    20:46:43.0352 6096 bowser - ok
    20:46:43.0404 6096 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    20:46:43.0405 6096 BrFiltLo - ok
    20:46:43.0431 6096 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    20:46:43.0432 6096 BrFiltUp - ok
    20:46:43.0460 6096 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    20:46:43.0462 6096 Brserid - ok
    20:46:43.0487 6096 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    20:46:43.0489 6096 BrSerWdm - ok
    20:46:43.0526 6096 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    20:46:43.0527 6096 BrUsbMdm - ok
    20:46:43.0563 6096 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    20:46:43.0564 6096 BrUsbSer - ok
    20:46:43.0594 6096 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    20:46:43.0595 6096 BTHMODEM - ok
    20:46:43.0659 6096 catchme - ok
    20:46:43.0721 6096 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    20:46:43.0723 6096 cdfs - ok
    20:46:43.0792 6096 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
    20:46:43.0794 6096 cdrom - ok
    20:46:43.0860 6096 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    20:46:43.0861 6096 circlass - ok
    20:46:43.0912 6096 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    20:46:43.0917 6096 CLFS - ok
    20:46:44.0017 6096 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    20:46:44.0018 6096 CmBatt - ok
    20:46:44.0061 6096 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
    20:46:44.0062 6096 cmdide - ok
    20:46:44.0111 6096 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
    20:46:44.0116 6096 CNG - ok
    20:46:44.0191 6096 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    20:46:44.0193 6096 Compbatt - ok
    20:46:44.0235 6096 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
    20:46:44.0237 6096 CompositeBus - ok
    20:46:44.0269 6096 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    20:46:44.0271 6096 crcdisk - ok
    20:46:44.0372 6096 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
    20:46:44.0373 6096 DfsC - ok
    20:46:44.0417 6096 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    20:46:44.0418 6096 discache - ok
    20:46:44.0460 6096 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    20:46:44.0461 6096 Disk - ok
    20:46:44.0530 6096 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    20:46:44.0531 6096 drmkaud - ok
    20:46:44.0576 6096 dump_wmimmc - ok
    20:46:44.0636 6096 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
    20:46:44.0644 6096 DXGKrnl - ok
    20:46:44.0734 6096 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
    20:46:44.0737 6096 e1yexpress - ok
    20:46:44.0785 6096 EagleX64 - ok
    20:46:44.0881 6096 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    20:46:44.0915 6096 ebdrv - ok
    20:46:45.0035 6096 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    20:46:45.0042 6096 elxstor - ok
    20:46:45.0098 6096 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
    20:46:45.0099 6096 ErrDev - ok
    20:46:45.0148 6096 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    20:46:45.0151 6096 exfat - ok
    20:46:45.0200 6096 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    20:46:45.0202 6096 fastfat - ok
    20:46:45.0286 6096 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    20:46:45.0288 6096 fdc - ok
    20:46:45.0378 6096 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    20:46:45.0380 6096 FileInfo - ok
    20:46:45.0423 6096 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    20:46:45.0425 6096 Filetrace - ok
    20:46:45.0464 6096 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    20:46:45.0466 6096 flpydisk - ok
    20:46:45.0530 6096 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
    20:46:45.0533 6096 FltMgr - ok
    20:46:45.0604 6096 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    20:46:45.0605 6096 FsDepends - ok
    20:46:45.0623 6096 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    20:46:45.0624 6096 Fs_Rec - ok
    20:46:45.0641 6096 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
    20:46:45.0644 6096 fvevol - ok
    20:46:45.0695 6096 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    20:46:45.0697 6096 gagp30kx - ok
    20:46:45.0739 6096 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    20:46:45.0740 6096 GEARAspiWDM - ok
    20:46:45.0804 6096 gwfilt64 (215dcb833b0747fbad8ae28c85b5381c) C:\Windows\system32\drivers\gwfilt64.sys
    20:46:45.0805 6096 gwfilt64 - ok
    20:46:45.0881 6096 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    20:46:45.0882 6096 hcw85cir - ok
    20:46:45.0928 6096 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
    20:46:45.0933 6096 HdAudAddService - ok
    20:46:46.0018 6096 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
    20:46:46.0020 6096 HDAudBus - ok
    20:46:46.0068 6096 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    20:46:46.0069 6096 HidBatt - ok
    20:46:46.0113 6096 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    20:46:46.0115 6096 HidBth - ok
    20:46:46.0153 6096 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    20:46:46.0155 6096 HidIr - ok
    20:46:46.0234 6096 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
    20:46:46.0235 6096 HidUsb - ok
    20:46:46.0288 6096 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
    20:46:46.0290 6096 HpSAMD - ok
    20:46:46.0353 6096 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
    20:46:46.0360 6096 HTTP - ok
    20:46:46.0451 6096 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
    20:46:46.0452 6096 hwpolicy - ok
    20:46:46.0512 6096 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
    20:46:46.0513 6096 i8042prt - ok
    20:46:46.0556 6096 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    20:46:46.0558 6096 iaStor - ok
    20:46:46.0613 6096 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
    20:46:46.0618 6096 iaStorV - ok
    20:46:46.0669 6096 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    20:46:46.0671 6096 iirsp - ok
    20:46:46.0777 6096 IntcAzAudAddService (d8bce8176cb1084c6f5830c019d47166) C:\Windows\system32\drivers\RTKVHD64.sys
    20:46:46.0790 6096 IntcAzAudAddService - ok
    20:46:46.0868 6096 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
    20:46:46.0870 6096 intelide - ok
    20:46:46.0909 6096 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    20:46:46.0911 6096 intelppm - ok
    20:46:46.0967 6096 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    20:46:46.0969 6096 IpFilterDriver - ok
    20:46:47.0040 6096 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
    20:46:47.0042 6096 IPMIDRV - ok
    20:46:47.0080 6096 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    20:46:47.0082 6096 IPNAT - ok
    20:46:47.0163 6096 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    20:46:47.0165 6096 IRENUM - ok
    20:46:47.0208 6096 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
    20:46:47.0209 6096 isapnp - ok
    20:46:47.0265 6096 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
    20:46:47.0269 6096 iScsiPrt - ok
    20:46:47.0332 6096 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
    20:46:47.0333 6096 kbdclass - ok
    20:46:47.0402 6096 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
    20:46:47.0404 6096 kbdhid - ok
    20:46:47.0505 6096 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
    20:46:47.0507 6096 KSecDD - ok
    20:46:47.0584 6096 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
    20:46:47.0585 6096 KSecPkg - ok
    20:46:47.0651 6096 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    20:46:47.0652 6096 ksthunk - ok
    20:46:47.0757 6096 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    20:46:47.0758 6096 lltdio - ok
    20:46:47.0792 6096 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    20:46:47.0794 6096 LSI_FC - ok
    20:46:47.0815 6096 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    20:46:47.0817 6096 LSI_SAS - ok
    20:46:47.0839 6096 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    20:46:47.0841 6096 LSI_SAS2 - ok
    20:46:47.0905 6096 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    20:46:47.0907 6096 LSI_SCSI - ok
    20:46:47.0933 6096 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    20:46:47.0934 6096 luafv - ok
    20:46:47.0969 6096 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    20:46:47.0970 6096 megasas - ok
    20:46:47.0987 6096 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    20:46:47.0990 6096 MegaSR - ok
    20:46:48.0039 6096 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    20:46:48.0040 6096 Modem - ok
    20:46:48.0083 6096 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    20:46:48.0084 6096 monitor - ok
    20:46:48.0123 6096 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    20:46:48.0124 6096 mouclass - ok
    20:46:48.0184 6096 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    20:46:48.0185 6096 mouhid - ok
    20:46:48.0256 6096 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
    20:46:48.0258 6096 mountmgr - ok
    20:46:48.0292 6096 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
    20:46:48.0294 6096 mpio - ok
    20:46:48.0309 6096 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    20:46:48.0311 6096 mpsdrv - ok
    20:46:48.0350 6096 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
    20:46:48.0353 6096 MRxDAV - ok
    20:46:48.0420 6096 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
    20:46:48.0422 6096 mrxsmb - ok
    20:46:48.0487 6096 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    20:46:48.0490 6096 mrxsmb10 - ok
    20:46:48.0512 6096 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    20:46:48.0515 6096 mrxsmb20 - ok
    20:46:48.0575 6096 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
    20:46:48.0576 6096 msahci - ok
    20:46:48.0630 6096 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
    20:46:48.0632 6096 msdsm - ok
    20:46:48.0695 6096 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    20:46:48.0696 6096 Msfs - ok
    20:46:48.0719 6096 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    20:46:48.0720 6096 mshidkmdf - ok
    20:46:48.0785 6096 MSHUSBVideo (55218f924e55fd2786ed40edf4ed79c3) C:\Windows\system32\Drivers\nx6000.sys
    20:46:48.0785 6096 MSHUSBVideo - ok
    20:46:48.0827 6096 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
    20:46:48.0828 6096 msisadrv - ok
    20:46:48.0891 6096 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    20:46:48.0892 6096 MSKSSRV - ok
    20:46:48.0908 6096 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    20:46:48.0909 6096 MSPCLOCK - ok
    20:46:48.0925 6096 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    20:46:48.0926 6096 MSPQM - ok
    20:46:48.0978 6096 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
    20:46:48.0982 6096 MsRPC - ok
    20:46:49.0042 6096 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
    20:46:49.0042 6096 mssmbios - ok
    20:46:49.0088 6096 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    20:46:49.0090 6096 MSTEE - ok
    20:46:49.0116 6096 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    20:46:49.0117 6096 MTConfig - ok
    20:46:49.0131 6096 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    20:46:49.0132 6096 Mup - ok
    20:46:49.0202 6096 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    20:46:49.0205 6096 NativeWifiP - ok
    20:46:49.0283 6096 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
    20:46:49.0294 6096 NDIS - ok
    20:46:49.0355 6096 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    20:46:49.0357 6096 NdisCap - ok
    20:46:49.0392 6096 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    20:46:49.0394 6096 NdisTapi - ok
    20:46:49.0438 6096 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
    20:46:49.0439 6096 Ndisuio - ok
    20:46:49.0500 6096 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
    20:46:49.0503 6096 NdisWan - ok
    20:46:49.0562 6096 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
    20:46:49.0564 6096 NDProxy - ok
    20:46:49.0602 6096 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    20:46:49.0603 6096 NetBIOS - ok
    20:46:49.0656 6096 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
    20:46:49.0659 6096 NetBT - ok
    20:46:49.0760 6096 netr28ux (26672f93749ac9fd28da1b0f94efa78d) C:\Windows\system32\DRIVERS\netr28ux.sys
    20:46:49.0770 6096 netr28ux - ok
    20:46:49.0828 6096 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    20:46:49.0830 6096 nfrd960 - ok
    20:46:49.0870 6096 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    20:46:49.0872 6096 Npfs - ok
    20:46:49.0912 6096 NPPTNT2 - ok
    20:46:49.0974 6096 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    20:46:49.0975 6096 nsiproxy - ok
    20:46:50.0034 6096 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
    20:46:50.0052 6096 Ntfs - ok
    20:46:50.0094 6096 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    20:46:50.0095 6096 Null - ok
    20:46:50.0377 6096 nvlddmkm (cc1efea1f0ab17e59bd4b5baff3e5cb0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    20:46:50.0426 6096 nvlddmkm - ok
    20:46:50.0501 6096 NVR0Dev (edfa69e9132a56778d6363cd41843893) C:\Windows\nvoclk64.sys
    20:46:50.0501 6096 NVR0Dev - ok
    20:46:50.0528 6096 NVR0FLASHDev (b8a584d0f362db4d922aa8c90326c20a) C:\Windows\nvflsh64.sys
    20:46:50.0529 6096 NVR0FLASHDev - ok
    20:46:50.0600 6096 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
    20:46:50.0603 6096 nvraid - ok
    20:46:50.0646 6096 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
    20:46:50.0648 6096 nvstor - ok
    20:46:50.0726 6096 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
    20:46:50.0728 6096 nv_agp - ok
    20:46:50.0745 6096 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
    20:46:50.0747 6096 ohci1394 - ok
    20:46:50.0807 6096 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    20:46:50.0809 6096 Parport - ok
    20:46:50.0847 6096 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
    20:46:50.0848 6096 partmgr - ok
    20:46:50.0912 6096 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
    20:46:50.0914 6096 pci - ok
    20:46:50.0959 6096 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
    20:46:50.0960 6096 pciide - ok
    20:46:51.0000 6096 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    20:46:51.0003 6096 pcmcia - ok
    20:46:51.0031 6096 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    20:46:51.0032 6096 pcw - ok
    20:46:51.0050 6096 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    20:46:51.0056 6096 PEAUTH - ok
    20:46:51.0136 6096 pnarp (4ff73a83a25d0eead4f5e6c841bb6704) C:\Windows\system32\DRIVERS\pnarp.sys
    20:46:51.0136 6096 pnarp - ok
    20:46:51.0203 6096 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
    20:46:51.0205 6096 PptpMiniport - ok
    20:46:51.0236 6096 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    20:46:51.0237 6096 Processor - ok
    20:46:51.0311 6096 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
    20:46:51.0313 6096 Psched - ok
    20:46:51.0365 6096 purendis (9a68a89f10f283a23afee2a1bfe4bffb) C:\Windows\system32\DRIVERS\purendis.sys
    20:46:51.0366 6096 purendis - ok
    20:46:51.0423 6096 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    20:46:51.0440 6096 ql2300 - ok
    20:46:51.0485 6096 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    20:46:51.0487 6096 ql40xx - ok
    20:46:51.0523 6096 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    20:46:51.0524 6096 QWAVEdrv - ok
    20:46:51.0570 6096 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    20:46:51.0571 6096 RasAcd - ok
    20:46:51.0631 6096 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    20:46:51.0633 6096 RasAgileVpn - ok
    20:46:51.0668 6096 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
    20:46:51.0670 6096 Rasl2tp - ok
    20:46:51.0700 6096 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    20:46:51.0701 6096 RasPppoe - ok
    20:46:51.0778 6096 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    20:46:51.0780 6096 RasSstp - ok
    20:46:51.0838 6096 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
    20:46:51.0841 6096 rdbss - ok
    20:46:51.0870 6096 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    20:46:51.0872 6096 rdpbus - ok
    20:46:51.0932 6096 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    20:46:51.0932 6096 RDPCDD - ok
    20:46:51.0969 6096 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    20:46:51.0970 6096 RDPENCDD - ok
    20:46:51.0980 6096 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    20:46:51.0981 6096 RDPREFMP - ok
    20:46:52.0025 6096 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
    20:46:52.0028 6096 RDPWD - ok
    20:46:52.0097 6096 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
    20:46:52.0100 6096 rdyboost - ok
    20:46:52.0161 6096 RimUsb (7b04c9843921ab1f695fb395422c5360) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
    20:46:52.0163 6096 RimUsb - ok
    20:46:52.0204 6096 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    20:46:52.0206 6096 rspndr - ok
    20:46:52.0267 6096 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
    20:46:52.0269 6096 sbp2port - ok
    20:46:52.0315 6096 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
    20:46:52.0317 6096 scfilter - ok
    20:46:52.0389 6096 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    20:46:52.0391 6096 secdrv - ok
    20:46:52.0470 6096 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    20:46:52.0471 6096 Serenum - ok
    20:46:52.0514 6096 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    20:46:52.0516 6096 Serial - ok
    20:46:52.0568 6096 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    20:46:52.0570 6096 sermouse - ok
    20:46:52.0603 6096 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
    20:46:52.0605 6096 sffdisk - ok
    20:46:52.0630 6096 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
    20:46:52.0631 6096 sffp_mmc - ok
    20:46:52.0659 6096 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
    20:46:52.0659 6096 sffp_sd - ok
    20:46:52.0699 6096 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    20:46:52.0700 6096 sfloppy - ok
    20:46:52.0744 6096 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    20:46:52.0746 6096 SiSRaid2 - ok
    20:46:52.0771 6096 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    20:46:52.0773 6096 SiSRaid4 - ok
    20:46:52.0817 6096 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    20:46:52.0819 6096 Smb - ok
    20:46:52.0867 6096 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    20:46:52.0868 6096 spldr - ok
    20:46:52.0925 6096 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
    20:46:52.0931 6096 srv - ok
    20:46:52.0953 6096 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
    20:46:52.0957 6096 srv2 - ok
    20:46:52.0993 6096 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
    20:46:52.0995 6096 srvnet - ok
    20:46:53.0078 6096 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    20:46:53.0079 6096 stexstor - ok
    20:46:53.0145 6096 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
    20:46:53.0146 6096 swenum - ok
    20:46:53.0222 6096 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
    20:46:53.0241 6096 Tcpip - ok
    20:46:53.0290 6096 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
    20:46:53.0299 6096 TCPIP6 - ok
    20:46:53.0346 6096 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
    20:46:53.0348 6096 tcpipreg - ok
    20:46:53.0390 6096 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    20:46:53.0391 6096 TDPIPE - ok
    20:46:53.0417 6096 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    20:46:53.0419 6096 TDTCP - ok
    20:46:53.0487 6096 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
    20:46:53.0489 6096 tdx - ok
    20:46:53.0553 6096 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
    20:46:53.0554 6096 TermDD - ok
    20:46:53.0607 6096 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
    20:46:53.0608 6096 tssecsrv - ok
    20:46:53.0668 6096 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
    20:46:53.0670 6096 TsUsbFlt - ok
    20:46:53.0737 6096 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
    20:46:53.0739 6096 tunnel - ok
    20:46:53.0777 6096 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    20:46:53.0779 6096 uagp35 - ok
    20:46:53.0835 6096 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
    20:46:53.0838 6096 udfs - ok
    20:46:53.0877 6096 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
    20:46:53.0879 6096 uliagpkx - ok
    20:46:53.0923 6096 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
    20:46:53.0924 6096 umbus - ok
    20:46:53.0965 6096 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    20:46:53.0967 6096 UmPass - ok
    20:46:54.0038 6096 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
    20:46:54.0039 6096 USBAAPL64 - ok
    20:46:54.0099 6096 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
    20:46:54.0101 6096 usbaudio - ok
    20:46:54.0155 6096 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
    20:46:54.0157 6096 usbccgp - ok
    20:46:54.0216 6096 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
    20:46:54.0218 6096 usbcir - ok
    20:46:54.0268 6096 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
    20:46:54.0270 6096 usbehci - ok
    20:46:54.0330 6096 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
    20:46:54.0335 6096 usbhub - ok
    20:46:54.0379 6096 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    20:46:54.0381 6096 usbohci - ok
    20:46:54.0411 6096 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    20:46:54.0412 6096 usbprint - ok
    20:46:54.0467 6096 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    20:46:54.0468 6096 USBSTOR - ok
    20:46:54.0520 6096 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
    20:46:54.0521 6096 usbuhci - ok
    20:46:54.0587 6096 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
    20:46:54.0590 6096 usbvideo - ok
    20:46:54.0641 6096 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
    20:46:54.0642 6096 vdrvroot - ok
    20:46:54.0705 6096 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    20:46:54.0706 6096 vga - ok
    20:46:54.0745 6096 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    20:46:54.0746 6096 VgaSave - ok
    20:46:54.0781 6096 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
    20:46:54.0785 6096 vhdmp - ok
    20:46:54.0820 6096 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
    20:46:54.0821 6096 viaide - ok
    20:46:54.0854 6096 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
    20:46:54.0856 6096 volmgr - ok
    20:46:54.0902 6096 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
    20:46:54.0905 6096 volmgrx - ok
    20:46:54.0941 6096 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
    20:46:54.0943 6096 volsnap - ok
    20:46:54.0981 6096 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    20:46:54.0983 6096 vsmraid - ok
    20:46:55.0037 6096 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
    20:46:55.0038 6096 vwifibus - ok
    20:46:55.0068 6096 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    20:46:55.0069 6096 WacomPen - ok
    20:46:55.0114 6096 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    20:46:55.0115 6096 WANARP - ok
    20:46:55.0119 6096 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
    20:46:55.0120 6096 Wanarpv6 - ok
    20:46:55.0202 6096 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    20:46:55.0203 6096 Wd - ok
    20:46:55.0229 6096 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    20:46:55.0235 6096 Wdf01000 - ok
    20:46:55.0268 6096 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    20:46:55.0269 6096 WfpLwf - ok
    20:46:55.0338 6096 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    20:46:55.0339 6096 WIMMount - ok
    20:46:55.0403 6096 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
    20:46:55.0404 6096 WmiAcpi - ok
    20:46:55.0486 6096 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    20:46:55.0488 6096 ws2ifsl - ok
    20:46:55.0533 6096 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
    20:46:55.0536 6096 WudfPf - ok
    20:46:55.0568 6096 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
    20:46:55.0571 6096 WUDFRd - ok
    20:46:55.0675 6096 xusb21 (38f55d07b1d3391065c40ec065f984e2) C:\Windows\system32\DRIVERS\xusb21.sys
    20:46:55.0677 6096 xusb21 - ok
    20:46:55.0703 6096 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
    20:46:55.0719 6096 \Device\Harddisk0\DR0 - ok
    20:46:55.0722 6096 Boot (0x1200) (96552e9bbfb605801208950e00c474a7) \Device\Harddisk0\DR0\Partition0
    20:46:55.0724 6096 \Device\Harddisk0\DR0\Partition0 - ok
    20:46:55.0724 6096 ============================================================
    20:46:55.0724 6096 Scan finished
    20:46:55.0724 6096 ============================================================
    20:46:55.0730 5312 Detected object count: 0
    20:46:55.0730 5312 Actual detected object count: 0
  7. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Your MBR is infected with TDL rootkit.
    We need to reset MBR.

    Please Boot to the System Recovery Options
    If you have Windows 7 installation disc, just insert a DVD to the drive, restart computer and it should load automatically (option two presented in the article).
    It's possible also that your computer has a pre-installed recovery partition instead - in such a case use a method one (by pressing F8 before Windows starts loading)...

    On the System Recovery Options menu you will get the following options:

    • Startup Repair
    • System Restore
    • Windows Complete PC Restore
    • Windows Memory Diagnostic Tool
    • Command Prompt

    Choose Command Prompt
    You should see X:\SOURCES>...

    Execute the following commands in bold.
    Press Enter after every one of them.

    bootrec /fixmbr (<--- there is a "space" after "bootrec")

    exit

    Restart computer.

    Post new aswMBR log.
  8. Shydoe

    Shydoe Newcomer, in training Topic Starter

    aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
    Run date: 2011-11-04 22:46:15
    -----------------------------
    22:46:15.645 OS Version: Windows x64 6.1.7601 Service Pack 1
    22:46:15.645 Number of processors: 8 586 0x1A05
    22:46:15.646 ComputerName: MALFEAS UserName: $ean-
    22:46:17.906 Initialize success
    22:46:17.973 AVAST engine defs: 11110500
    22:46:21.755 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
    22:46:21.757 Disk 0 Vendor: Hitachi_ ST6O Size: 953869MB BusType: 3
    22:46:21.767 Disk 0 MBR read successfully
    22:46:21.769 Disk 0 MBR scan
    22:46:22.060 Disk 0 Windows 7 default MBR code
    22:46:22.064 Service scanning
    22:46:24.756 Modules scanning
    22:46:24.759 Disk 0 trace - called modules:
    22:46:24.782 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
    22:46:24.785 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8009514790]
    22:46:24.787 3 CLASSPNP.SYS[fffff8800181743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8008701050]
    22:46:26.521 AVAST engine scan C:\Windows
    22:46:32.779 AVAST engine scan C:\Windows\system32
    22:47:58.932 AVAST engine scan C:\Windows\system32\drivers
    22:48:07.197 AVAST engine scan C:\Users\$ean-
    22:55:31.509 AVAST engine scan C:\ProgramData
    22:56:34.402 Scan finished successfully
    23:05:42.647 Disk 0 MBR has been saved successfully to "C:\Users\$ean-\Desktop\MBR.dat"
    23:05:42.651 The log file has been saved successfully to "C:\Users\$ean-\Desktop\aswMBR2.txt"
  9. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Good job :)

    How is computer doing?

    Please post fresh Combofix log.
  10. Shydoe

    Shydoe Newcomer, in training Topic Starter

    ComboFix 11-11-05.02 - $ean- 11/05/2011 12:11:36.4.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.9207.7100 [GMT -7:00]
    Running from: c:\users\$ean-\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-05 to 2011-11-05 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-05 19:17 . 2011-11-05 19:17 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2011-11-05 19:17 . 2011-11-05 19:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-04 14:27 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F80878C2-0879-4097-B244-64DD4216833F}\mpengine.dll
    2011-11-04 03:46 . 2011-11-04 03:46 111408 ----a-w- c:\windows\system32\drivers\73380235.sys
    2011-10-30 23:45 . 2011-10-30 23:45 -------- d-----w- c:\program files (x86)\AutoHotkey
    2011-10-29 18:27 . 2011-09-06 20:36 24408 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2011-10-29 18:27 . 2011-09-06 20:38 301912 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2011-10-29 18:27 . 2011-09-06 20:45 254400 ----a-w- c:\windows\system32\aswBoot.exe
    2011-10-29 18:27 . 2011-09-06 20:38 601944 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2011-10-29 18:27 . 2011-09-06 20:36 58200 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2011-10-29 18:27 . 2011-09-06 20:36 42328 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2011-10-29 18:27 . 2011-09-06 20:36 65368 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2011-10-29 18:27 . 2011-09-06 20:45 41184 ----a-w- c:\windows\avastSS.scr
    2011-10-29 18:27 . 2011-09-06 20:45 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
    2011-10-29 18:27 . 2011-10-29 18:27 -------- d-----w- c:\programdata\AVAST Software
    2011-10-29 18:27 . 2011-10-29 18:27 -------- d-----w- c:\program files\AVAST Software
    2011-10-29 05:21 . 2011-10-29 05:21 -------- d-----w- c:\users\$ean-\AppData\Local\G DATA
    2011-10-28 14:40 . 2011-10-28 14:40 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-10-27 04:57 . 2011-10-27 04:57 -------- d-----w- c:\program files\CCleaner
    2011-10-27 04:44 . 2011-10-27 04:44 -------- d-----w- C:\_OTL
    2011-10-27 04:33 . 2011-10-27 04:33 -------- d-----w- c:\program files (x86)\SecurityXploded
    2011-10-27 03:06 . 2011-10-27 03:06 -------- d-----w- C:\$WINDOWS.~LS
    2011-10-15 17:34 . 2011-10-07 10:32 39870 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Updater.exe
    2011-10-15 17:34 . 2011-10-07 10:32 36864 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Riot Games\League of Legends\Enigma Item Changer.exe
    2011-10-15 14:54 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
    2011-10-15 14:53 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-15 14:53 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
    2011-10-15 14:53 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
    2011-10-15 14:53 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-15 14:52 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-15 14:52 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-15 14:52 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
    2011-10-15 14:52 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-10-18 14:07 . 2011-05-14 16:05 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-03 12:06 . 2010-07-16 15:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-09-28 02:39 . 2008-06-19 23:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
    2011-09-28 02:39 . 2008-06-19 23:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
    .
    .
    ((((((((((((((((((((((((((((( SnapShot_2011-10-30_02.13.32 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-10-30 02:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-11-05 16:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-10-30 02:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-05 16:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-05 16:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-30 02:07 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-07-17 17:36 . 2011-11-05 19:21 51806 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-11-05 16:11 36798 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2010-07-16 15:24 . 2011-11-05 16:11 18262 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42986055-3233748428-2578529128-1001_UserData.bin
    - 2010-07-16 06:28 . 2011-10-28 03:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-07-16 06:28 . 2011-11-02 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-07-16 06:28 . 2011-10-28 03:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-07-16 06:28 . 2011-11-02 14:45 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-11-02 14:45 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-10-28 03:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:46 . 2011-11-05 05:41 94352 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
    + 2011-11-01 03:05 . 2011-11-01 03:05 9560 c:\windows\system32\NetworkList\Icons\{DFA74A7E-C101-49BB-8CC5-9B3DDA20C17F}_48.bin
    + 2011-11-01 03:05 . 2011-11-01 03:05 4280 c:\windows\system32\NetworkList\Icons\{DFA74A7E-C101-49BB-8CC5-9B3DDA20C17F}_32.bin
    + 2011-11-01 03:05 . 2011-11-01 03:05 2456 c:\windows\system32\NetworkList\Icons\{DFA74A7E-C101-49BB-8CC5-9B3DDA20C17F}_24.bin
    - 2011-10-30 02:07 . 2011-10-30 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-05 19:19 . 2011-11-05 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-11-05 19:19 . 2011-11-05 19:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-10-30 02:07 . 2011-10-30 02:07 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2009-07-14 02:36 . 2011-10-29 22:42 660280 c:\windows\system32\perfh009.dat
    + 2009-07-14 02:36 . 2011-11-05 16:16 660280 c:\windows\system32\perfh009.dat
    - 2009-07-14 02:36 . 2011-10-29 22:42 121208 c:\windows\system32\perfc009.dat
    + 2009-07-14 02:36 . 2011-11-05 16:16 121208 c:\windows\system32\perfc009.dat
    + 2009-07-14 05:01 . 2011-11-05 19:17 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-10-30 02:06 228720 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2010-07-25 06:47 . 2011-11-05 19:17 3237536 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-42986055-3233748428-2578529128-1001-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
    "nmctxth"="c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-06-18 647216]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-08 421160]
    "LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
    "TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2011-09-28 273528]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-09-06 3722416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 dump_wmimmc;dump_wmimmc;c:\gpotato\IrisOnline\GameGuard\dump_wmimmc.sys [x]
    R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
    R3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28ux.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
    S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
    S3 ALSysIO;ALSysIO;c:\users\$ean-\AppData\Local\Temp\ALSysIO64.sys [x]
    S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [x]
    S3 gwfilt64;gwfilt64;c:\windows\system32\drivers\gwfilt64.sys [x]
    S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - ALSYSIO
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2011-09-06 20:45 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-06 7940128]
    "Linksys Wireless Manager"="c:\program files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe" [2009-07-09 1366064]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.free-tv-video-online.me/internet/the_big_bang_theory/index.html
    mLocal Page = c:\windows\SysWOW64\blank.htm
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath -
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    "MSCurrentCountry"=dword:000000b5
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    c:\users\$ean-\Desktop\TaskAssign.exe
    .
    **************************************************************************
    .
    Completion time: 2011-11-05 12:24:28 - machine was rebooted
    ComboFix-quarantined-files.txt 2011-11-05 19:24
    ComboFix2.txt 2011-10-30 02:30
    .
    Pre-Run: 680,273,670,144 bytes free
    Post-Run: 684,026,769,408 bytes free
    .
    - - End Of File - - 8A38260512BB1C933D09EDCD4408D58C
  11. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    You didn't say:
     
  12. Shydoe

    Shydoe Newcomer, in training Topic Starter

    it appears the iexploer.exe is gone and from quick testing redirects are also gone
  13. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Good news :)

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
  14. Shydoe

    Shydoe Newcomer, in training Topic Starter

    OTL logfile created on: 11/6/2011 10:22:45 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\$ean-\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.99 Gb Total Physical Memory | 7.15 Gb Available Physical Memory | 79.57% Memory free
    17.98 Gb Paging File | 16.03 Gb Available in Paging File | 89.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.86 Gb Total Space | 635.72 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

    Computer Name: MALFEAS | User Name: $ean- | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2011/10/26 20:41:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\$ean-\Desktop\OTL.exe
    PRC - [2011/09/29 06:06:06 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    PRC - [2011/09/27 18:39:18 | 000,273,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    PRC - [2011/09/06 12:45:30 | 003,722,416 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
    PRC - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    PRC - [2011/08/09 21:10:44 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
    PRC - [2011/08/03 03:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    PRC - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    PRC - [2009/09/25 10:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
    PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
    PRC - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
    PRC - [2004/05/12 17:56:40 | 000,226,304 | ---- | M] (TG Publishing AG, Tom's Hardware Guide) -- C:\Users\$ean-\Desktop\TaskAssign.exe


    ========== Modules (No Company Name) ==========

    MOD - [2011/11/05 08:22:47 | 014,410,024 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
    MOD - [2011/11/05 08:22:47 | 000,914,216 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-52.dll
    MOD - [2011/11/05 08:22:47 | 000,194,344 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.dll
    MOD - [2011/11/05 08:22:47 | 000,155,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-52.dll
    MOD - [2011/11/05 08:22:47 | 000,091,432 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-50.dll
    MOD - [2011/10/04 06:32:41 | 006,277,280 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    MOD - [2011/09/29 06:06:06 | 001,015,256 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\js3250.dll
    MOD - [2010/08/09 23:01:06 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
    MOD - [2009/09/25 10:57:38 | 000,245,248 | ---- | M] () -- C:\Program Files (x86)\AutoHotkey\AutoHotkey.exe
    MOD - [2009/05/13 14:53:24 | 000,394,752 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
    MOD - [2009/05/13 14:53:24 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFirewallCOM.dll


    ========== Win32 Services (SafeList) ==========

    SRV:64bit: - [2011/09/06 12:45:28 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
    SRV:64bit: - [2010/05/20 14:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
    SRV:64bit: - [2009/12/03 20:27:24 | 000,028,672 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agr64svc.exe -- (AgereModemAudio)
    SRV:64bit: - [2009/07/13 17:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2011/10/18 18:25:47 | 003,552,856 | ---- | M] () [Auto | Running] -- c:\Program Files (x86)\Common Files\Akamai\netsession_win_807ba95.dll -- (Akamai)
    SRV - [2011/08/03 03:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
    SRV - [2011/08/03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
    SRV - [2010/07/21 20:16:01 | 000,407,336 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
    SRV - [2010/04/26 15:44:00 | 003,735,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWow64\GameMon.des -- (npggsvc)
    SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
    SRV - [2009/06/18 15:41:50 | 000,647,216 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe -- (nmservice)
    SRV - [2009/06/10 13:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
    SRV - [2008/08/18 08:02:00 | 000,222,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)
    SRV - [2008/08/01 10:11:20 | 000,158,208 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)


    ========== Driver Services (SafeList) ==========

    DRV:64bit: - [2011/09/06 12:38:18 | 000,601,944 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
    DRV:64bit: - [2011/09/06 12:38:16 | 000,301,912 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
    DRV:64bit: - [2011/09/06 12:36:41 | 000,058,200 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
    DRV:64bit: - [2011/09/06 12:36:41 | 000,042,328 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr.sys -- (aswRdr)
    DRV:64bit: - [2011/09/06 12:36:30 | 000,065,368 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
    DRV:64bit: - [2011/09/06 12:36:14 | 000,024,408 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
    DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
    DRV:64bit: - [2011/03/10 22:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
    DRV:64bit: - [2010/11/20 05:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
    DRV:64bit: - [2010/11/20 03:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
    DRV:64bit: - [2010/05/20 14:26:28 | 000,036,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nx6000.sys -- (MSHUSBVideo)
    DRV:64bit: - [2010/01/26 17:52:22 | 001,212,416 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AGERESoftModem)
    DRV:64bit: - [2009/08/05 13:59:48 | 000,987,648 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
    DRV:64bit: - [2009/07/13 17:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
    DRV:64bit: - [2009/07/13 17:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
    DRV:64bit: - [2009/07/13 17:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
    DRV:64bit: - [2009/06/10 12:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R)
    DRV:64bit: - [2009/06/10 12:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
    DRV:64bit: - [2009/06/10 12:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
    DRV:64bit: - [2009/06/10 12:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
    DRV:64bit: - [2009/06/10 12:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
    DRV:64bit: - [2009/06/04 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
    DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
    DRV:64bit: - [2009/05/13 14:47:44 | 000,033,072 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\purendis.sys -- (purendis)
    DRV:64bit: - [2009/05/13 14:47:42 | 000,031,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\pnarp.sys -- (pnarp)
    DRV:64bit: - [2009/04/08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
    DRV:64bit: - [2008/09/23 01:19:04 | 000,034,840 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gwfilt64.sys -- (gwfilt64)
    DRV:64bit: - [2007/05/14 16:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
    DRV - [2009/07/13 17:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
    DRV - [2008/08/18 08:04:02 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclk64.sys -- (NVR0Dev)
    DRV - [2008/08/01 10:08:28 | 000,040,480 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflsh64.sys -- (NVR0FLASHDev)
    DRV - [2005/01/03 16:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.free-tv-video-online.me/internet/the_big_bang_theory/index.html
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 51 1D 22 EC 3A 8D CB 01 [binary data]
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.startup.homepage: "http://bl156w.blu156.mail.live.com/default.aspx?wa=wsignin1.0"
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
    FF - prefs.js..extensions.enabledItems: wrc@avast.com:6.0.1289
    FF - prefs.js..network.proxy.type: 0


    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
    FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
    FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.666: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.666: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
    FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/10/29 10:27:20 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/10/26 20:54:36 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.23\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/17 06:34:28 | 000,000,000 | ---D | M]

    [2010/07/16 07:14:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\$ean-\AppData\Roaming\Mozilla\Extensions
    [2011/10/26 20:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\$ean-\AppData\Roaming\Mozilla\Firefox\Profiles\n69au8mn.default\extensions
    [2011/11/06 08:32:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
    [2011/10/14 23:19:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    [2011/10/14 23:19:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
    [2011/10/28 06:40:35 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
    [2011/10/29 10:27:20 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
    [2011/10/03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

    O1 HOSTS File: ([2011/11/05 11:19:48 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
    O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
    O4:64bit: - HKLM..\Run: [Linksys Wireless Manager] C:\Program Files (x86)\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (Cisco Systems, Inc.)
    O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
    O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
    O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
    O4 - HKLM..\Run: [LifeCam] C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
    O4 - HKLM..\Run: [nmctxth] C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Cisco Systems, Inc.)
    O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
    O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43925531-C801-4D0D-81C4-EFF1E6227543}: DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46C0B5B8-D6E1-41DA-B196-FFCB61822923}: DhcpNameServer = 192.168.1.1 68.87.76.182 68.87.78.134
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B3367B7-F7B6-424D-9A05-643E0AD7EC39}: DhcpNameServer = 192.168.1.1
    O18:64bit: - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)
    O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)
    O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
    O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
    O32 - HKLM CDRom: AutoRun - 1
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35:64bit: - HKLM\..comfile [open] -- "%1" %*
    O35:64bit: - HKLM\..exefile [open] -- "%1" %*
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
    O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*


    Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.bdmpeg - C:\Windows\SysWow64\bdmpega.acm ()
    Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
    Drivers32: vidc.mpeg - C:\Windows\SysWow64\bdmpegv.dll ()

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point

    ========== Files/Folders - Created Within 30 Days ==========

    [2011/11/05 11:24:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
    [2011/11/05 11:19:53 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
    [2011/11/03 19:46:36 | 000,111,408 | ---- | C] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\73380235.sys
    [2011/10/30 15:45:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AutoHotkey
    [2011/10/30 15:45:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AutoHotkey
    [2011/10/29 10:27:37 | 000,024,408 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
    [2011/10/29 10:27:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
    [2011/10/29 10:27:36 | 000,301,912 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
    [2011/10/29 10:27:29 | 000,601,944 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
    [2011/10/29 10:27:29 | 000,254,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
    [2011/10/29 10:27:29 | 000,065,368 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
    [2011/10/29 10:27:29 | 000,058,200 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
    [2011/10/29 10:27:29 | 000,042,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
    [2011/10/29 10:27:13 | 000,199,304 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
    [2011/10/29 10:27:13 | 000,041,184 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
    [2011/10/29 10:27:08 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
    [2011/10/29 10:27:08 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
    [2011/10/28 21:51:56 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\$ean-\Desktop\dds.scr
    [2011/10/28 21:43:07 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Users\$ean-\Desktop\aswMBR.exe
    [2011/10/28 21:21:12 | 000,000,000 | ---D | C] -- C:\Users\$ean-\AppData\Local\G DATA
    [2011/10/28 20:56:59 | 004,283,735 | R--- | C] (Swearware) -- C:\Users\$ean-\Desktop\ComboFix.exe
    [2011/10/28 06:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
    [2011/10/26 20:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    [2011/10/26 20:57:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
    [2011/10/26 20:44:38 | 000,000,000 | ---D | C] -- C:\_OTL
    [2011/10/26 20:41:40 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\$ean-\Desktop\OTL.exe
    [2011/10/26 20:33:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SecurityXploded
    [2011/10/26 19:06:03 | 000,000,000 | ---D | C] -- C:\$WINDOWS.~LS
    [2011/10/16 09:16:11 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2011/10/16 09:16:11 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2011/10/16 09:16:11 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2011/10/16 09:15:08 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
    [2011/10/16 09:14:05 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2011/10/15 08:11:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

    ========== Files - Modified Within 30 Days ==========

    [2011/11/06 08:29:36 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2011/11/06 08:29:36 | 000,010,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2011/11/06 08:28:18 | 000,779,266 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
    [2011/11/06 08:28:18 | 000,660,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
    [2011/11/06 08:28:18 | 000,121,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
    [2011/11/06 08:22:34 | 000,001,256 | ---- | M] () -- C:\Users\$ean-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/11/06 08:22:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2011/11/06 08:22:16 | 2945,847,295 | -HS- | M] () -- C:\hiberfil.sys
    [2011/11/05 11:19:48 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
    [2011/11/05 10:53:03 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\$ean-\Desktop\ComboFix.exe
    [2011/11/04 22:05:42 | 000,000,512 | ---- | M] () -- C:\Users\$ean-\Desktop\MBR.dat
    [2011/11/03 19:46:36 | 000,111,408 | ---- | M] (Kaspersky Lab, GERT) -- C:\Windows\SysNative\drivers\73380235.sys
    [2011/10/30 16:12:22 | 000,006,465 | ---- | M] () -- C:\Users\$ean-\Desktop\DD Auto.ahk
    [2011/10/29 14:34:45 | 575,884,116 | ---- | M] () -- C:\Windows\MEMORY.DMP
    [2011/10/29 10:27:37 | 000,001,843 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/10/29 10:27:29 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
    [2011/10/28 21:51:58 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\$ean-\Desktop\dds.scr
    [2011/10/28 21:49:24 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/28 21:43:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\$ean-\Desktop\aswMBR.exe
    [2011/10/28 21:10:02 | 000,302,592 | ---- | M] () -- C:\Users\$ean-\Desktop\8igsdzwt.exe
    [2011/10/26 21:16:27 | 000,001,945 | ---- | M] () -- C:\Windows\epplauncher.mif
    [2011/10/26 20:41:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\$ean-\Desktop\OTL.exe
    [2011/10/26 20:09:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/10/26 20:09:56 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/10/26 19:11:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/10/16 10:39:18 | 000,000,353 | ---- | M] () -- C:\Users\$ean-\Desktop\TaskAssign.ini
    [2011/10/16 08:32:51 | 000,796,360 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2011/10/15 11:01:09 | 000,274,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
    [2011/10/14 21:53:58 | 000,000,296 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/14 21:53:58 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/14 21:53:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk

    ========== Files Created - No Company Name ==========

    [2011/11/05 16:32:31 | 000,001,411 | ---- | C] () -- C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
    [2011/11/05 16:32:31 | 000,001,262 | ---- | C] () -- C:\Users\$ean-\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    [2011/11/05 16:32:31 | 000,001,256 | ---- | C] () -- C:\Users\$ean-\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
    [2011/10/30 15:46:02 | 000,006,465 | ---- | C] () -- C:\Users\$ean-\Desktop\DD Auto.ahk
    [2011/10/29 12:52:53 | 575,884,116 | ---- | C] () -- C:\Windows\MEMORY.DMP
    [2011/10/29 12:48:35 | 000,000,512 | ---- | C] () -- C:\Users\$ean-\Desktop\MBR.dat
    [2011/10/29 10:27:37 | 000,001,843 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
    [2011/10/29 10:27:29 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
    [2011/10/28 21:49:24 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
    [2011/10/28 21:10:00 | 000,302,592 | ---- | C] () -- C:\Users\$ean-\Desktop\8igsdzwt.exe
    [2011/10/26 20:09:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
    [2011/10/26 20:09:56 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
    [2011/10/26 20:01:50 | 2945,847,295 | -HS- | C] () -- C:\hiberfil.sys
    [2011/10/16 09:16:11 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2011/10/16 09:16:11 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2011/10/16 09:16:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2011/10/16 09:16:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2011/10/16 09:16:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2011/10/15 08:09:01 | 000,001,945 | ---- | C] () -- C:\Windows\epplauncher.mif
    [2011/10/14 21:53:58 | 000,000,296 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/14 21:53:58 | 000,000,216 | ---- | C] () -- C:\ProgramData\~6DSS92c31Apgjkr
    [2011/10/14 21:53:51 | 000,000,336 | ---- | C] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/08/11 17:32:16 | 000,109,016 | ---- | C] () -- C:\Windows\SysWow64\mlfcache.dat
    [2011/08/03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
    [2011/04/09 17:55:28 | 000,179,261 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
    [2011/04/09 06:33:46 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
    [2011/02/27 20:26:47 | 000,796,360 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
    [2010/10/14 12:20:02 | 000,044,544 | ---- | C] () -- C:\Windows\SysWow64\GIF89.DLL
    [2010/10/14 12:20:01 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
    [2010/09/11 19:00:55 | 000,000,262 | ---- | C] () -- C:\Windows\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}_WiseFW.ini
    [2010/08/12 21:29:30 | 000,000,378 | ---- | C] () -- C:\Windows\SysWow64\tempoutput_01232FFB.dat
    [2010/08/12 10:05:39 | 000,000,378 | ---- | C] () -- C:\Windows\SysWow64\tempoutput_00A40C23.dat
    [2010/07/24 16:42:25 | 000,007,604 | ---- | C] () -- C:\Users\$ean-\AppData\Local\Resmon.ResmonCfg
    [2010/07/16 07:07:21 | 000,146,432 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
    [2010/07/16 07:07:21 | 000,072,704 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
    [2009/07/13 21:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
    [2009/07/13 18:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
    [2009/07/13 18:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
    [2009/07/13 16:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
    [2009/07/13 15:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
    [2009/07/13 13:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
    [2009/07/08 17:03:02 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\bdmpegv.dll
    [2009/06/10 13:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

    ========== LOP Check ==========

    [2011/08/14 13:02:43 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\DarksporeData
    [2010/08/19 17:50:29 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\DragonicaSCB
    [2011/10/14 23:19:13 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\FreeBurner
    [2011/10/26 20:59:47 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\FrostWire
    [2011/10/14 23:19:17 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\GetRightToGo
    [2011/10/14 23:19:17 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\Hi-Rez Studios
    [2010/08/07 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\LolClient
    [2011/10/14 23:13:28 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\runic games
    [2011/10/30 13:43:23 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\Spotify
    [2011/10/14 23:19:18 | 000,000,000 | ---D | M] -- C:\Users\$ean-\AppData\Roaming\SystemRequirementsLab
    [2011/09/16 06:37:14 | 000,032,550 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/11/20 04:40:07 | 000,383,786 | RHS- | M] () -- C:\bootmgr
    [2011/10/26 19:11:35 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK
    [2011/11/05 11:24:28 | 000,018,039 | ---- | M] () -- C:\ComboFix.txt
    [2010/10/18 20:03:30 | 000,000,084 | ---- | M] () -- C:\DVDPATH.TXT
    [2008/04/11 09:07:18 | 000,003,820 | ---- | M] () -- C:\eula.1028.txt
    [2008/04/11 09:07:18 | 000,015,428 | ---- | M] () -- C:\eula.1031.txt
    [2008/04/11 09:07:18 | 000,010,058 | ---- | M] () -- C:\eula.1033.txt
    [2008/04/11 09:07:18 | 000,012,246 | ---- | M] () -- C:\eula.1036.txt
    [2008/04/11 09:07:18 | 000,013,912 | ---- | M] () -- C:\eula.1040.txt
    [2008/04/11 09:07:18 | 000,005,868 | ---- | M] () -- C:\eula.1041.txt
    [2008/04/11 09:07:18 | 000,005,970 | ---- | M] () -- C:\eula.1042.txt
    [2008/04/11 09:07:18 | 000,010,134 | ---- | M] () -- C:\eula.1049.txt
    [2008/04/11 09:07:18 | 000,003,814 | ---- | M] () -- C:\eula.2052.txt
    [2008/04/11 09:07:18 | 000,012,936 | ---- | M] () -- C:\eula.3082.txt
    [2008/04/11 09:07:18 | 000,001,110 | ---- | M] () -- C:\globdata.ini
    [2011/11/06 08:22:16 | 2945,847,295 | -HS- | M] () -- C:\hiberfil.sys
    [2008/04/11 09:07:18 | 000,000,843 | ---- | M] () -- C:\install.ini
    [2008/04/11 07:03:48 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
    [2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
    [2008/04/11 07:03:48 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
    [2008/04/11 07:03:48 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
    [2008/04/11 07:03:48 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
    [2008/04/11 07:03:48 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
    [2008/04/11 07:03:48 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
    [2008/04/11 09:09:24 | 000,093,200 | ---- | M] (Microsoft Corporation) -- C:\install.res.1049.dll
    [2008/04/11 07:03:48 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
    [2008/04/11 07:03:48 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
    [2011/10/26 17:06:11 | 000,001,263 | ---- | M] () -- C:\netfxlog.txt
    [2011/11/06 08:22:18 | 1064,484,862 | -HS- | M] () -- C:\pagefile.sys
    [2010/07/16 07:07:20 | 000,003,002 | ---- | M] () -- C:\RHDSetup.log
    [2011/10/15 08:13:49 | 000,000,626 | ---- | M] () -- C:\rkill.log
    [2011/08/29 21:10:58 | 000,032,085 | ---- | M] () -- C:\scramble.log
    [2011/11/03 19:47:56 | 000,075,444 | ---- | M] () -- C:\TDSSKiller.2.6.15.0_03.11.2011_20.46.36_log.txt
    [2011/10/15 07:47:53 | 000,145,476 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_15.10.2011_08.46.55_log.txt
    [2011/10/16 09:11:15 | 000,074,526 | ---- | M] () -- C:\TDSSKiller.2.6.9.0_16.10.2011_10.10.53_log.txt
    [2008/04/11 09:07:18 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
    [2008/04/11 09:09:38 | 003,797,292 | ---- | M] () -- C:\VC_RED.cab
    [2008/04/11 09:11:40 | 000,233,472 | ---- | M] () -- C:\VC_RED.MSI

    < %systemroot%\Fonts\*.com >
    [2009/07/13 21:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
    [2009/07/13 21:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
    [2009/07/13 21:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/06/10 12:49:50 | 000,000,065 | ---- | M] () -- C:\Windows\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >
    [2011/09/06 12:45:29 | 000,041,184 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >
    [2009/07/13 20:54:24 | 000,000,174 | -HS- | M] () -- C:\Program Files (x86)\desktop.ini

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2011/11/06 08:22:34 | 000,000,221 | -HS- | M] () -- C:\Users\$ean-\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.ini

    < %USERPROFILE%\Desktop\*.exe >
    [2011/10/28 21:10:02 | 000,302,592 | ---- | M] () -- C:\Users\$ean-\Desktop\8igsdzwt.exe
    [2011/10/28 21:43:19 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Users\$ean-\Desktop\aswMBR.exe
    [2011/11/05 10:53:03 | 004,283,735 | R--- | M] (Swearware) -- C:\Users\$ean-\Desktop\ComboFix.exe
    [2010/03/31 16:09:20 | 000,291,840 | ---- | M] (Notausgang) -- C:\Users\$ean-\Desktop\HoN_ModMan.exe
    [2011/10/26 20:41:42 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\$ean-\Desktop\OTL.exe
    [2004/05/12 17:56:40 | 000,226,304 | ---- | M] (TG Publishing AG, Tom's Hardware Guide) -- C:\Users\$ean-\Desktop\TaskAssign.exe
    [2010/03/03 00:52:48 | 004,455,424 | ---- | M] () -- C:\Users\$ean-\Desktop\torchleech.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2009/06/10 13:20:04 | 000,000,802 | ---- | M] () -- C:\Windows\ADDINS\FXSEXT.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >
    [2011/08/10 16:23:43 | 000,008,192 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.chk
    [2011/08/10 16:23:43 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edb.log
    [2010/07/17 15:21:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00001.jrs
    [2010/07/17 15:21:26 | 001,048,576 | ---- | M] () -- C:\Windows\SECURITY\Database\edbres00002.jrs
    [2011/08/10 16:23:43 | 001,056,768 | ---- | M] () -- C:\Windows\SECURITY\Database\tmp.edb

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2011/04/30 01:53:49 | 000,000,402 | -HS- | M] () -- C:\Users\$ean-\Favorites\desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >
    [2011/10/14 21:53:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
    [2011/10/14 21:53:58 | 000,000,296 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
    [2011/10/14 21:53:58 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BEB15613

    < End of report >
  15. Shydoe

    Shydoe Newcomer, in training Topic Starter

    OTL Extras logfile created on: 11/6/2011 10:22:45 AM - Run 1
    OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\$ean-\Desktop
    64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
    Internet Explorer (Version = 9.0.8112.16421)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    8.99 Gb Total Physical Memory | 7.15 Gb Available Physical Memory | 79.57% Memory free
    17.98 Gb Paging File | 16.03 Gb Available in Paging File | 89.16% Paging File free
    Paging file location(s): ?:\pagefile.sys [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
    Drive C: | 916.86 Gb Total Space | 635.72 Gb Free Space | 69.34% Space Free | Partition Type: NTFS

    Computer Name: MALFEAS | User Name: $ean- | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
    .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = htmlfile] -- Reg Error: Key error. File not found

    ========== Shell Spawning ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
    InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
    InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
    exefile [open] -- "%1" %*
    helpfile [open] -- Reg Error: Key error.
    htmlfile [edit] -- Reg Error: Key error.
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Folder [explore] -- Reg Error: Value error.
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "cval" = 1
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
    "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
    "AntiVirusOverride" = 0
    "AntiSpywareOverride" = 0
    "FirewallOverride" = 0

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirewallDisableNotify" = 0
    "AntiVirusDisableNotify" = 0
    "UpdatesDisableNotify" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    ========== Firewall Settings ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
    "DisableNotifications" = 0
    "EnableFirewall" = 1

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{086D343F-8E78-4AFC-81AC-D6D414AFD8AC}_is1" = Core Temp version 0.99.7
    "{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
    "{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
    "{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
    "{6965A8D2-465D-4F98-9FAA-0E9E2348F329}" = Microsoft LifeCam
    "{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
    "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
    "{9C5A08BF-BB99-4998-81BD-F6CC32483B34}" = Microsoft Corporation
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 280.26
    "{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller Driver 280.19
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.10.0514
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
    "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
    "{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}" = Ventrilo Client for Windows x64
    "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
    "CCleaner" = CCleaner
    "Linksys Wireless Manager" = Linksys Wireless Manager
    "LSI Soft Modem" = LSI PCI-SV92EX Soft Modem
    "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
    "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
    "NVIDIA Drivers" = NVIDIA Drivers

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
    "{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
    "{1D0FDD6D-3C5E-4588-8ED0-02DC88014BF2}" = Upgrade Kit
    "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 29
    "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
    "{52592821-F0CA-4131-8958-BCAE6E50B523}" = Pure Networks Platform
    "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
    "{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    "{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
    "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
    "{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
    "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
    "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    "{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
    "{A0284E02-8114-4D23-B7C7-C2C4FAD2C355}" = Dragon Saga
    "{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
    "{AB8AADDB-E980-492D-B8F0-E7C52E9B20CC}" = EverQuest: Escape to Norrath
    "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
    "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
    "{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
    "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
    "{B9CA59A0-3B70-48F8-9054-67595DE6E72B}" = League of Legends
    "{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
    "{C6579A65-9CAE-4B31-8B6B-3306E0630A66}" = Apple Software Update
    "{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "{EA2DB6E0-72C5-4ef9-A3A0-E6705F4A6A9E}" = Nexon Game Manager
    "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
    "{F2508213-9989-4E85-A078-72BE483917EF}" = Microsoft Games for Windows - LIVE Redistributable
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Akamai" = Akamai NetSession Interface
    "AutoHotkey" = AutoHotkey 1.0.48.05
    "avast" = avast! Free Antivirus
    "BandiMPEG1" = Bandisoft MPEG-1 Decoder
    "DragonNest" = DragonNest
    "Free Easy Burner_is1" = Free Easy Burner V 4.1
    "Guild Wars" = Guild Wars
    "hon" = Heroes of Newerth
    "InstallShield_{6F69C969-2942-4E7B-B594-75B37664B8BA}" = NVIDIA System Update
    "InstallShield_{7C7F30F4-94E7-4AA8-8941-90C4A80C68BF}" = NVIDIA Performance
    "InstallShield_{E9CFBE78-ED91-4FCF-9E6F-210E477E527D}" = NVIDIA System Monitor
    "jZip" = jZip
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
    "Mozilla Firefox (3.6.23)" = Mozilla Firefox (3.6.23)
    "NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
    "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
    "RealPlayer 12.0" = RealPlayer
    "Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
    "Steam App 17020" = Global Agenda
    "Steam App 20570" = Warhammer® 40,000™: Dawn of War® II – Chaos Rising™
    "Steam App 2760" = Neverwinter Nights 2: Platinum
    "Steam App 41500" = Torchlight
    "Steam App 550" = Left 4 Dead 2
    "Steam App 65800" = Dungeon Defenders
    "Steam App 73050" = Magicka - Demo
    "SystemRequirementsLab" = System Requirements Lab
    "VLC media player" = VideoLAN VLC media player 0.8.6f
    "World of Warcraft" = World of Warcraft

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "090215de958f1060" = Curse Client
    "SOE-EverQuest II Streaming" = EverQuest II
    "Spotify" = Spotify

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 11/6/2011 2:23:48 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:32:54 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:33:11 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:33:11 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    Error - 11/6/2011 2:33:11 PM | Computer Name = Malfeas | Source = Microsoft-Windows-CAPI2 | ID = 4107
    Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
    with error: A required certificate is not within its validity period when verifying
    against the current system clock or the timestamp in the signed file. .

    [ System Events ]
    Error - 11/5/2011 1:34:12 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7001
    Description = The SMB MiniRedirector Wrapper and Engine service depends on the Redirected
    Buffering Sub Sysytem service which failed to start because of the following error:
    %%31

    Error - 11/5/2011 1:34:12 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7001
    Description = The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector
    Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error - 11/5/2011 1:34:12 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7001
    Description = The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector
    Wrapper and Engine service which failed to start because of the following error:
    %%1068

    Error - 11/5/2011 1:34:12 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7001
    Description = The Network Connections service depends on the Network Store Interface
    Service service which failed to start because of the following error: %%1068

    Error - 11/5/2011 1:34:12 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7001
    Description = The Network Location Awareness service depends on the Network Store
    Interface Service service which failed to start because of the following error:
    %%1068

    Error - 11/5/2011 1:34:13 AM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7026
    Description = The following boot-start or system-start driver(s) failed to load:
    AFD aswRdr aswSnx aswSP aswTdi DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6
    WfpLwf

    Error - 11/5/2011 2:51:24 PM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 11/5/2011 3:10:39 PM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7031
    Description = The Akamai NetSession Interface service terminated unexpectedly.
    It has done this 1 time(s). The following corrective action will be taken in 1000
    milliseconds: Restart the service.

    Error - 11/5/2011 3:15:44 PM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.

    Error - 11/5/2011 3:17:44 PM | Computer Name = Malfeas | Source = Service Control Manager | ID = 7030
    Description = The PEVSystemStart service is marked as an interactive service. However,
    the system is configured to not allow interactive services. This service may not
    function properly.


    < End of report >
  16. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
      [2011/10/14 21:53:58 | 000,000,296 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjk
      [2011/10/14 21:53:58 | 000,000,216 | ---- | M] () -- C:\ProgramData\~6DSS92c31Apgjkr
      [2011/10/14 21:53:51 | 000,000,336 | ---- | M] () -- C:\ProgramData\6DSS92c31Apgjk
      @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:BEB15613
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.

    ===================================================================

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


    2. Download Temp File Cleaner (TFC)
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    3. Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • Accept any security warnings from your browser.
    • Check Scan archives
    • Click Start
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click on List of found threats
    • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • NOTE. If Eset won't find any threats, it won't produce any log.
  17. Shydoe

    Shydoe Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
    C:\Windows\Downloaded Program Files\gp.inf not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
    C:\ProgramData\~6DSS92c31Apgjk moved successfully.
    C:\ProgramData\~6DSS92c31Apgjkr moved successfully.
    C:\ProgramData\6DSS92c31Apgjk moved successfully.
    ADS C:\ProgramData\TEMP:BEB15613 deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: $ean-
    ->Temp folder emptied: 480056 bytes
    ->Temporary Internet Files folder emptied: 7163813 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 89884253 bytes
    ->Flash cache emptied: 15988 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 10028 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 93.00 mb


    [EMPTYFLASH]

    User: $ean-
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb


    OTL by OldTimer - Version 3.2.31.0 log created on 11092011_171836

    Files\Folders moved on Reboot...

    Results of screen317's Security Check version 0.99.24
    Windows 7 x64 (UAC is disabled!)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    avast! Free Antivirus
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Malwarebytes' Anti-Malware
    Java(TM) 6 Update 29
    Adobe Flash Player ( 10.3.183.10) Flash Player Out of Date!
    Mozilla Firefox (3.6.23) Firefox Out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    ``````````End of Log````````````

    C:\Users\$ean-\Documents\My Games\SoulMaster_Setup.exe a variant of Win32/Packed.Themida application deleted - quarantined
    C:\Windows.old\Documents and Settings\$ean-\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\1cdec414-5095a87a Java/TrojanDownloader.Agent.NBC trojan deleted - quarantined
  18. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Your computer is clean [​IMG]

    1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

    Run OTL

    • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    Code:
    :OTL
    :Commands
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • Post resulting log.

    2. Now, we'll remove all tools, we used during our cleaning process

    Clean up with OTL:

    • Double-click OTL.exe to start the program.
    • Close all other programs apart from OTL as this step will require a reboot
    • On the OTL main screen, press the CLEANUP button
    • Say Yes to the prompt and then allow the program to reboot your computer.

    If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

    3. Make sure, Windows Updates are current.

    4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC) weekly.

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. (Windows XP only) Run defrag at your convenience.

    11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

    13. Please, let me know, how your computer is doing.
  19. Shydoe

    Shydoe Newcomer, in training Topic Starter

    All processes killed
    ========== OTL ==========
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: $ean-
    ->Temp folder emptied: 5081 bytes
    ->Temporary Internet Files folder emptied: 34034 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 54185281 bytes
    ->Flash cache emptied: 1366 bytes

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: UpdatusUser
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 52.00 mb


    [EMPTYFLASH]

    User: $ean-
    ->Flash cache emptied: 0 bytes

    User: All Users

    User: Default
    ->Flash cache emptied: 0 bytes

    User: Default User
    ->Flash cache emptied: 0 bytes

    User: Public

    User: UpdatusUser
    ->Flash cache emptied: 0 bytes

    Total Flash Files Cleaned = 0.00 mb

    Error creating restore point.

    OTL by OldTimer - Version 3.2.31.0 log created on 11102011_081019

    Files\Folders moved on Reboot...
    C:\Users\$ean-\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

    Registry entries deleted on Reboot...
  20. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Whenever ready...
  21. Shydoe

    Shydoe Newcomer, in training Topic Starter

    been operating great, still no iexplore.exe when its not open and no more redirects. thanks a bunch
  22. Broni

    Broni Malware Annihilator Posts: 46,479   +252

    Yes!! [​IMG]
    Good luck and stay safe :)


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.